Latest news

EAP-IKEv2: New release 0.2.1 available!

Sun, 03 Sep 2006 20:56:57 GMT

New version of libeap-ikev2 has been released. This version adds support for fast rekeying protocol run. All major requirements of 11 draft version has been met.

Along with library patches for wpa_supplicant 0.5.5 and FreeRADIUS 1.1.3 has been released.

View more news...

Introduction

Aim of this project is to develop an implementation of the EAP-IKEv2 authentication method (as specified in http://www.ietf.org/internet-drafts/draft-tschofenig-eap-ikev2-12.txt) for wpa_supplicant and freeRADIUS software.

Current implementation conform to the rules described in draft-tschofenig-eap-ikev2-11.txt.

EAP-IKEv2 is an EAP authentication method based on the Internet Key Exchange Protocol version 2 (IKEv2). It provides mutual authentication and session key establishment between an EAP peer and an EAP server. It supports authentication techniques that are based on the following types of credentials:

Asymmetric key pairs - public/private key pairs where the public key is embedded into a digital certificate, and the corresponding private key is known only to a single party.
Passwords - low-entropy bit strings that are known to both the server and the peer.
Symmetric keys - high-entropy bit strings that known to both the server and the peer.

It is possible to use a different authentication credential (and thereby technique) in each direction. For example that the EAP server authenticates itself using public/private key pair and the EAP client using symmetric key. In particular, the following combinations are expected to be used in practice:

EAP server EAP peer

asym. key pair asym. key pair

asym. key pair symmetric key

asym. key pair password

symmetric key symmetric key

Currently project consists of three main parts:

The libeap-ikev2 library with core functionality implementation of EAP-IKEv2 authentication method.
The patch for wpa_supplicant that provides interface between original wpa_supplicant code and libeap-ikev2 library. This patch allows to deploy EAP-IKEv2 method on the client side.
The patch for freeRADIUS server that provides interface between original freeRADIUS code and libeap-ikev2 library. This patch allows to delploy EAP-IKEv2 method on the server side.

Elements of authentication architecture

Project architecture

Features

support for all mentioned earlier authentication schema's,
support for fast reconnect,
support for RSA and DSA certificates,
wide range of supported cipher suite algorithms:
- encryption algorithms:
  - Null,
  - 3des,
  - aes_128_cbc,
  - aes_192_cbc,
  - aes_256_cbc,
  - idea,
  - blowfish,
  - cast,
- MAC algorithms:
  - hmac_md5_96,
  - hmac_sha1_96,
  - des_mac,
- pseudo random functions:
  - hmac_md5,
  - hmac_sha1,
  - hmac_tiger,
support for preshared key (SK{IDr} payload in initial exchange),
client software able to compile and run under Linux and Windows operating systems,
support for CERT REQ payload

Plans

support for channel binding,
support for more cryptographic algorithms.

[Back to top]

Download

Old releases are available here

Daily snapshots

Last uploaded: Tue, 04 Dec 2007 03:33:12 +0100

[Back to top]

Installation instructions

libeap-ikev2

Requirements

OpenSSL v.0.9.7 with header files

Linux simple installation

If you do not need to modify the default configuration, take the following steps to build and install the library:

$ ./configure
$ make
$ make install

As a result library will be located in: /usr/local/lib/
And library header files will be located in: /usr/local/include/EAPIKEv2/

Windows simple installation

To install and compile under Windows you need install MinGW/MSYS software. Detailed instruction about MinGW/MSYS installation available on MinGW project page

Run MSYS terminal, and go to directory with library sources. Then take the following steps to install the library:

$ ./configure --prefix=/mingw/
$ make
$ make install

As a result library will be located in: /mingw/lib/
And library header files will be located in: /mingw/include/EAPIKEv2/

Custom installation (Linux and Windows)

By default, make install will install the package's files in /usr/local/bin, /usr/local/man, etc. You can specify an installation prefix other than /usr/local by giving configure the option --prefix=PATH.

If you have your OpenSSL installation in some non standard location, then you can use --with-openssl-includes=DIR to specify their location.

If you want use features for developer use --enable-developer. This option will turn on super-duper-extra-compile-warnings when using gcc and adds debugging symbols to result library.

freeRADIUS with EAP-IKEv2 support

We are assuming that libeap-ikev2 is already configured and installed in your system.
As a first step you must download freeRADIUS v1.1.3 sources, from freeRADIUS project page, and unpack to working directory.
```
$ wget ftp://ftp.freeradius.org/pub/radius/freeradius-1.1.3.tar.gz  
$ tar -xzf freeradius-1.1.3.tar.gz
```

Now you have to download EAP-IKEv2 patch for freeRADIUS from here, and then apply this patch to previously downloaded freeRADIUS sources.

$ tar -xzf freeradius-1.1.3-eapikev2-0.2.1.tar.gz
$ cd freeradius-1.1.3 
$ patch -p1 < ../freeradius-1.1.3-eapikev2-0.2.1/freeradius-1.1.3-eapikev2-0.2.1.diff
$ cd ..
$ mv freeradius-1.1.3 freeradius-1.1.3-patched
$ cd freeradius-1.1.3-patched

If libeap-ikev2 is installed in some standard system wide location, then just follow instructions in freeradius-1.1.3-patched/INSTALL file.
If libeap-ikev2 is in some non-standard location then you can pass library and header files location into ./configure script using following options:
- --with-eap-ikev2-includes Directory to look for EAPIKEv2 include file
- --with-eap-ikev2-libraries Directory to look for EAPIKEv2 library file

wpa_supplicant with EAP-IKEv2 support

Linux installation

We are assuming that libeap-ikev2 is already configured and installed in your system.
As a first step you must download wpa_supplicant v0.5.5 sources, from wpa_supplicant project page, and unpack to working directory.
```
$ wget http://hostap.epitest.fi/releases/wpa_supplicant-0.5.5.tar.gz 
$ tar -xzf wpa_supplicant-0.5.5.tar.gz
```

Now you have to download EAP-IKEv2 patch for wpa_supplicant from here, and then apply this patch to previously downloaded wpa_supplicant sources.

$ tar -xzf wpa_supplicant-0.5.5-eapikev2-0.2.1.tar.gz
$ cd wpa_supplicant-0.5.5$ patch -p1 < ../wpa_supplicant-0.5.5-eapikev2-0.5.5/wpa_supplicant-0.5.5-eapikev2-0.2.1.diff
$ cd ..
$ mv wpa_supplicant-0.5.5 wpa_supplicant-0.5.5-patched
$ cd wpa_supplicant-0.5.5-patched

After preparing sources you must create .config file for wpa_supplicant compilation. Below is examplary content for this file.
```
CONFIG_CTRL_IFACE=y
CONFIG_IEEE8021X_EAPOL=y
CONFIG_EAP_IKEV2=y
CONFIG_EAP_MD5=y
CONFIG_EAP_MSCHAPV2=y
CONFIG_EAP_TLS=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_GTC=y
CONFIG_EAP_OTP=y
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_PSK=y
CONFIG_EAP_PAX=y
CONFIG_EAP_LEAP=y

CONFIG_WIRELESS_EXTENSION=y
CONFIG_DRIVER_WEXT=y
```
where CONFIG_DRIVER_WEXT is a proper driver for wifi card (if You're using centrino based card please use this driver instead CONFIG_DRIVER_IPW). More details (kernel module requirements) in wpa_supplicant/README file.
If you have libeap-ikev2 installed in some non-standard location please add to your .config file following options to point directories with appropriate library and header files.
- LIB_EAP_IKEV2_INCLUDES - path to libeap-ikev2 includes
- LIB_EAP_IKEV2_LIBRARIES - path to libeap-ikev2 library
```
LIB_EAP_IKEV2_INCLUDES=/some/path/to/includes
LIB_EAP_IKEV2_LIBRARIES=/some/path/to/library
```
Now compile and install wpa_supplicant.
```
$ make
$ su
# make install
```

Windows installation

To install and compile under Windows you need install MinGW/MSYS software. Detailed instruction about MinGW/MSYS installation available on MinGW project page
Additional requirements:
- configure and install OpenSSL (at least version 0.9.7)
- WinPcap auto-installer (driver +DLLs)
- WinPcap Developer's pack. Unzip developer pack archive, copy files from lib sub-directory to /mingw/lib directory, and copy files from include subdirectory to /mingw/include directory.
- configure and install libeap-ikev2
Prepare patched wpa_supplicant sources following previous instructions.

Create .config file in main directory of wpa_supplicant

CONFIG_CTRL_IFACE=y
CONFIG_NATIVE_WINDOWS=y

CONFIG_IEEE8021X_EAPOL=y
CONFIG_EAP_IKEV2=y
CONFIG_EAP_MD5=y
CONFIG_EAP_MSCHAPV2=y
CONFIG_EAP_TLS=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_GTC=y
CONFIG_EAP_OTP=y
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_PSK=y
CONFIG_EAP_PAX=y
CONFIG_EAP_LEAP=y

CONFIG_DRIVER_NDIS=y

Run MSYS terminal, and go to directory with wpa_supplicant sources. Please run the following commands to compile windows binaries.
```
$ make windows-bin      
```
More detailed description available in README-Windows.txt file supplied with wpa_supplicant.

[Back to top]

Configuration

EAP-IKEv2 method for freeRADIUS configuration

Insert following subsection into eap section in /usr/local/etc/raddb/eap.conf file.

# Sample configuration for EAP-IKEV2 method
ikev2 {

    # Server auth type 
    # Allowed values are:
    #  cert   - for certificate based server authentication,
    #           other required settings for this type are 'private_key_file' and 'certificate_file'
    #  secret - for shared secret based server authentication, 
    #           other required settings for this type is 'id'
    # Default value of this option is 'secret'
#     server_authtype=cert

    # Allowed default client auth types
    # Allowed values are:
    #   secret - for shared secret based client authentication
    #   cert   - for certificate based client authentication
    #   both   - shared secret and certificate is allowed
    #   none   - authentication will always fail
    # Default value for this option is 'both'. This option could be overwritten
    # within 'usersfile' file by EAP-IKEv2-Auth option. 
#   default_authtype = both

    # path to trusted CA certificate file
    CA_file="/path/to/CA/cacert.pem"

    # path to CRL file, if not set, then there will be no checks against CRL
#   crl_file="/path/to/crl.pem"

    # path to file with user settings 
    # default ${confdir}/users  (/usr/local/etc/raddb/users)
#   usersfile=${confdir}/users

    # path to  file with server private key
    private_key_file="/path/to/srv-private-key.pem"
    
    # password to private key file
    private_key_password="passwd"

    # path to file with server certificate
    certificate_file="/path/to/srv-cert.pem"

    # server identity string
    id="deMaio"

    # Server identity type. Allowed values are:
    # IPV4_ADDR, FQDN, RFC822_ADDR, IPV6_ADDR, ASN1_DN, ASN1_GN, KEY_ID 
    # Default value is: KEY_ID
#   id_type = KEY_ID


    # MTU (default: 1398)
#   fragment_size = 1398
    
    # option which is used to control whenever send CERT REQ payload or not.
    # Allowed values for this option are "yes" or "no". Default values is "no".
#   certreq = "yes"

    # maximal allowed number of resends SA_INIT after receiving 'invalid KE'
    # notification (default 3)
#   DH_counter_max = 3

    # option which is used to control performing of DH exchange during fast
    # rekeying protocol run. Allowed values for this option are "yes" or "no".
    # Default value is "no"
#   fast_DH_exchange = "yes"

    # Option which is used to set up expiration time of inactive IKEv2 session.
    # After selected period of time (in seconds), inactive session data will be
    # deleted. Default value of this option is set to 900 seconds (15 minuets).
#   fast_timer_expire = 3600

    # list of server proposals of available cryptographic
    # suites
    proposals {

        # proposal number #1 
        proposal {

                # Supported transforms types: encryption,
                # prf, integrity, dhgroup. For multiple
                # transforms just simple repeat key (i.e.
                # integity).

                # encryption algorithm
                # supported algorithms:
                # null,3des,aes_128_cbc,aes_192_cbc,aes_256_cbc,idea
                # blowfish:n, where n range from 8 to 448 bits, step 8 bits
                # cast:n, where n range from 40 to 128 bits, step 8 bits 
                encryption = 3des

                # pseudo random function. Supported prf's:
                # hmac_md5, hmac_sha1, hmac_tiger
                prf = hmac_sha1
                
                # integrity algorithm. Supported algorithms:
                # hmac_md5_96, hmac_sha1_96,des_mac
                integrity = hmac_sha1_96
                integrity = hmac_md5_96

                # Diffie-Hellman groups:
                # modp768, modp1024, modp1536, modp2048, 
                # modp3072, modp4096, modp6144, modp8192
                dhgroup = modp2048 
        }
                
        # proposal number #2 
        proposal {
                encryption = 3des
                prf = hmac_md5
                integrity = hmac_md5_96
                dhgroup = modp1024
        }       

        # proposal number #3 
        proposal {
                encryption=3des
                prf=hmac_md5
                integrity=hmac_md5_96
                dhgroup=modp2048
        } 
    }
}

Insert following section into /usr/local/etc/raddb/users (or other file which is pointed by usersfile variable in eap.conf) file to configure clients credentials.

## Sample entry for EAP-IKEv2 exchange.
## Used attributes are defined in
## /usr/local/share/freeradius/dictionary.eap_ikev2 file.

username  EAP-IKEv2-IDType:=KEY_ID,  EAP-IKEv2-Secret:="tajne"

## where:
## username           - client user name from IKE-AUTH (IDr)  or CommonName from
##                      x509 certificate
## EAP-IKEv2-IDType   - ID Type - same as in expected IDType payload
##                      allowable attributes for EAP-IKEv2-IDType:
##                      IPV4_ADDR FQDN RFC822_ADDR IPV6_ADDR DER_ASN1_DN DER_ASN1_GN KEY_ID 
## EAP-IKEv2-Secret   - shared secret
## EAP-IKEv2-AuthType - optional parameter which defines expected client auth
##                      type. Allowed values are: secret,cert,both,none. For the meaning of this values 
##                      please read description of 'default_authtype' in eap.conf file. This attribute
##                      can overwrite 'default_authtype' value.

EAP-IKEv2 method for wpa_supplicant configuration

Prepare wpa_supplicant.conf file:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=root
eapol_version=1
ap_scan=1

network={
    ssid="ssid_name"
    key_mgmt=WPA-EAP

    eap=IKEV2
    anonymous_identity="fake_identity"
    
    identity="neo"
    password="anderson"
    #server_using_sk=1
    idtype="key_id"
    ike_proposal1="3des prf_hmac_sha1 hmac_sha1_96 hmac_md5_96 modp2048"
    ike_proposal2="3des prf_hmac_md5 hmac_md5_96 modp1024"
    ca_cert="/home/bobo/CA/demoCA/cacert.pem"
    private_key="/home/bobo/CA/some2.key"
    client_cert="/home/bobo/CA/some2.crt"

    ike_idi="neo"
    ike_iditype="key_id"
    #certreq=yes
    #fast_DH_exchange=yes	
    fragment_size=200
}

Where:

ssid_name - AP name
anonymous_identity - optional. If configured, EAP-Identity is set to this value, instead of 'identity' parameter value
identity - same identity as used in users.conf in freeradius configuration
password - optional password (have to be set if private_key or client_cert are not set. If private_key or client_cert are not set, supplicant will try to authenticate itself with shared secret)
server_using_sk=1 - have to be set if _both_ sides (responder and initiator) are using shared key authentication (SK{IDr} payload will be send)
certreq - option which control sending CERT REQ payload by respondent. Allowed values for this option are "yes" or "no". Default value is "no".
fast_DH_exchange - allow to make DH exchange in fast reconnect procedure. Allowed values for this option are "yes" or "no". Default value for this option is "no".
ike_proposal1 - proposals defined in one line. Up to 4 proposals could be set - (1,2,3,4). At least one encryption method, pseudo random function (prf), message authentication code function and DH group have to be chosen in a proposal.
Supported algorithms:
- encryption:
  - 3des
  - aes_128_cbc
  - aes_192_cbc
  - aes_256_cbc
- prf:
  - prf_hmac_md5
  - prf_hmac_sha1
- message authentication code function:
  - hmac_md5_96
  - hmac_sha1_96
- DH group:
  - modp768
  - modp1024
  - modp1536
  - modp2048
  - modp3072
  - modp4096
  - modp6144
  - modp8192
ca_cert - CA certificate, used to authenticate radius private_key, client_cert - optional certificate, used to authenticate to freeradius. If one of them is not set, password _have to_ be set.
ike_idi - identity used to authenticate radius server. If not set, every initiator(radius) identities (and CommonNames from optional radius cert) will be accepted
idtype, ike_iditype - type of identity or ike_idi, if not set default is used: "KEY_ID".
Possible types:
- "IPV4_ADDR"
- "FQDN"
- "RFC822_ADDR"
- "IPV6_ADDR"
- "ASN1_DN"
- "ASN1_GN"
- "KEY_ID"
fragment_size - optional, override default 1398 byte size

NOTICE: all id's and pwd's could be set in binary format like this:

    identity="0x6E656F"
    password="0x616E646572736F6E"
    #identity="neo"
    #password="anderson"

Hashed lines are equivalent to previous ones. After '0x' only 0-9 and A-F (uppercase) letters are allowed. If this condition is not met, string is treated as normal ASCII.

[Back to top]

Performance tests

FreeRADIUS was successfully tested using configuration where EAP-IKEv2 module was in use for scenario 1 and scenario 4. Scenario 1 (both sides use asymetric keys). Scenario 4 (both sides use symetric key). Using our environment thousands of connections were generated, but we could get only 8 simultaneously connections in maximium. It was about 2 connections/second in scenario 1 and 2.2 connections/second in scenario 4. What interesting is, there was no workload of the processor (CPU usgae) caused by FreeRADIUS process.

Results for scenario 1 (both sides use asymetric keys).

No concurent connections	conn/s	standard deviation
1	0,69881	0,00573
3	1,55941	0,00221
6	2,04151	0,02439
8	2,07501	0,00432

Results for scenario 4 (both sides use symetric key).

No concurent connections	conn/s	standard deviation
1	0,67087	0,03441
3	1,60987	0,03170
6	2,19026	0,00795
8	2,20058	0,00432

[Back to top]

References

RFC 3748 - Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., Levkowetz, H. Extensible Authentication Protocol (EAP)., 2004. url: http://www.ietf.org/rfc/rfc3748.txt.
RFC 3579 - Aboba, B., Calhoun, P. RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP). 2003. url: http://www.ietf.org/rfc/rfc3579.txt.
RFC 4306 - Kaufman, C. Internet Key Exchange (IKEv2) Protocol. , 2005. url: http://www.ietf.org/rfc/rfc4306.txt.
EAP-IKEv2 draft - Tschofenig, H., Kroeselberg, D., Pashalidis, A., Ohba, Y., Bersani, F. EAP IKEv2 Method, 2006. url: http://www.ietf.org/internet-drafts/draft-tschofenig-eap-ikev2-10.txt.

[Back to top]

Licensing

libeap-ikev2

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. See COPYING for more details.
EAP-IKEv2 patch for wpa_supplicant
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. See COPYING for more details.
Alternatively, this software may be distributed, used, and modified under the terms of BSD license.
EAP-IKEv2 patch for freeRADIUS
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. See COPYING for more details.