diff options
| author | Christian Weisgerber <naddy@cvs.openbsd.org> | 2012-07-08 17:51:52 +0000 |
|---|---|---|
| committer | Christian Weisgerber <naddy@cvs.openbsd.org> | 2012-07-08 17:51:52 +0000 |
| commit | 0f08f11d6fb9ebc66ba30a94fe1f6d748f72a208 (patch) | |
| tree | 27a4d632195a149c7018c7a260573ae455015adb | |
| parent | df50ded746489291faeb0bfbad7a6c48b26dd5be (diff) | |
Disallow manual security associations that use AES-CTR, AES-GCM,
or AES-GMAC. These algorithms cannot be used safely with static
keys and RFCs 3686, 4106, and 4543 expressly forbid such configurations.
Also include a tweak (with jmc@) to the key size explanation, for
completeness sake.
ok mikeb@
| -rw-r--r-- | sbin/ipsecctl/ipsec.conf.5 | 28 | ||||
| -rw-r--r-- | sbin/ipsecctl/ipsecctl.h | 5 | ||||
| -rw-r--r-- | sbin/ipsecctl/parse.y | 51 |
3 files changed, 45 insertions, 39 deletions
diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5 index e5cc6eaf6a0..e08bd89853f 100644 --- a/sbin/ipsecctl/ipsec.conf.5 +++ b/sbin/ipsecctl/ipsec.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsec.conf.5,v 1.138 2012/06/30 14:51:31 naddy Exp $ +.\" $OpenBSD: ipsec.conf.5,v 1.139 2012/07/08 17:51:51 naddy Exp $ .\" .\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 30 2012 $ +.Dd $Mdocdate: July 8 2012 $ .Dt IPSEC.CONF 5 .Os .Sh NAME @@ -614,16 +614,16 @@ keyword: .It Li aes-128 Ta "128 bits" Ta "" .It Li aes-192 Ta "192 bits" Ta "" .It Li aes-256 Ta "256 bits" Ta "" -.It Li aesctr Ta "160 bits" Ta "[phase 2 only]" -.It Li aes-128-ctr Ta "160 bits" Ta "[phase 2 only]" -.It Li aes-192-ctr Ta "224 bits" Ta "[phase 2 only]" -.It Li aes-256-ctr Ta "288 bits" Ta "[phase 2 only]" -.It Li aes-128-gcm Ta "160 bits" Ta "[phase 2 only]" -.It Li aes-192-gcm Ta "224 bits" Ta "[phase 2 only]" -.It Li aes-256-gcm Ta "288 bits" Ta "[phase 2 only]" -.It Li aes-128-gmac Ta "160 bits" Ta "[phase 2 only]" -.It Li aes-192-gmac Ta "224 bits" Ta "[phase 2 only]" -.It Li aes-256-gmac Ta "288 bits" Ta "[phase 2 only]" +.It Li aesctr Ta "160 bits" Ta "[phase 2 only, IKE only]" +.It Li aes-128-ctr Ta "160 bits" Ta "[phase 2 only, IKE only]" +.It Li aes-192-ctr Ta "224 bits" Ta "[phase 2 only, IKE only]" +.It Li aes-256-ctr Ta "288 bits" Ta "[phase 2 only, IKE only]" +.It Li aes-128-gcm Ta "160 bits" Ta "[phase 2 only, IKE only]" +.It Li aes-192-gcm Ta "224 bits" Ta "[phase 2 only, IKE only]" +.It Li aes-256-gcm Ta "288 bits" Ta "[phase 2 only, IKE only]" +.It Li aes-128-gmac Ta "160 bits" Ta "[phase 2 only, IKE only]" +.It Li aes-192-gmac Ta "224 bits" Ta "[phase 2 only, IKE only]" +.It Li aes-256-gmac Ta "288 bits" Ta "[phase 2 only, IKE only]" .It Li blowfish Ta "160 bits" Ta "" .It Li cast Ta "128 bits" Ta "" .It Li null Ta "(none)" Ta "[phase 2 only]" @@ -636,9 +636,9 @@ DES requires 8 bytes to form a 56-bit key and 3DES requires 24 bytes to form its 168-bit key. This is because the most significant bit of each byte is used for parity. .Pp -The keysize of AES-CTR is actually 128-bit. +The keysize of AES-CTR can be 128, 192, or 256 bits. However as well as the key, a 32-bit nonce has to be supplied. -Thus 160 bits of key material have to be supplied. +Thus 160, 224, or 288 bits of key material, respectively, have to be supplied. The same applies to AES-GCM and AES-GMAC. .Pp Using AES-GMAC or NULL with ESP will only provide authentication. diff --git a/sbin/ipsecctl/ipsecctl.h b/sbin/ipsecctl/ipsecctl.h index 2f70ab330ac..91c4e5c3a75 100644 --- a/sbin/ipsecctl/ipsecctl.h +++ b/sbin/ipsecctl/ipsecctl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecctl.h,v 1.65 2012/07/05 09:02:20 mikeb Exp $ */ +/* $OpenBSD: ipsecctl.h,v 1.66 2012/07/08 17:51:51 naddy Exp $ */ /* * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -143,7 +143,8 @@ struct ipsec_xf { u_int16_t id; size_t keymin; size_t keymax; - int noauth; + u_int8_t noauth; + u_int8_t nostatic; }; struct ipsec_transforms { diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y index f7fe81f7480..e15c534682a 100644 --- a/sbin/ipsecctl/parse.y +++ b/sbin/ipsecctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.154 2012/07/07 20:29:23 naddy Exp $ */ +/* $OpenBSD: parse.y,v 1.155 2012/07/08 17:51:51 naddy Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -98,28 +98,28 @@ const struct ipsec_xf authxfs[] = { }; const struct ipsec_xf encxfs[] = { - { "unknown", ENCXF_UNKNOWN, 0, 0, 0 }, - { "none", ENCXF_NONE, 0, 0, 0 }, - { "3des-cbc", ENCXF_3DES_CBC, 24, 24, 0 }, - { "des-cbc", ENCXF_DES_CBC, 8, 8, 0 }, - { "aes", ENCXF_AES, 16, 32, 0 }, - { "aes-128", ENCXF_AES_128, 16, 16, 0 }, - { "aes-192", ENCXF_AES_192, 24, 24, 0 }, - { "aes-256", ENCXF_AES_256, 32, 32, 0 }, - { "aesctr", ENCXF_AESCTR, 16+4, 32+4, 0 }, - { "aes-128-ctr", ENCXF_AES_128_CTR, 16+4, 16+4, 0 }, - { "aes-192-ctr", ENCXF_AES_192_CTR, 24+4, 24+4, 0 }, - { "aes-256-ctr", ENCXF_AES_256_CTR, 32+4, 32+4, 0 }, - { "aes-128-gcm", ENCXF_AES_128_GCM, 16+4, 16+4, 1 }, - { "aes-192-gcm", ENCXF_AES_192_GCM, 24+4, 24+4, 1 }, - { "aes-256-gcm", ENCXF_AES_256_GCM, 32+4, 32+4, 1 }, - { "aes-128-gmac", ENCXF_AES_128_GMAC, 16+4, 16+4, 1 }, - { "aes-192-gmac", ENCXF_AES_192_GMAC, 24+4, 24+4, 1 }, - { "aes-256-gmac", ENCXF_AES_256_GMAC, 32+4, 32+4, 1 }, - { "blowfish", ENCXF_BLOWFISH, 5, 56, 0 }, - { "cast128", ENCXF_CAST128, 5, 16, 0 }, - { "null", ENCXF_NULL, 0, 0, 0 }, - { NULL, 0, 0, 0, 0 }, + { "unknown", ENCXF_UNKNOWN, 0, 0, 0, 0 }, + { "none", ENCXF_NONE, 0, 0, 0, 0 }, + { "3des-cbc", ENCXF_3DES_CBC, 24, 24, 0, 0 }, + { "des-cbc", ENCXF_DES_CBC, 8, 8, 0, 0 }, + { "aes", ENCXF_AES, 16, 32, 0, 0 }, + { "aes-128", ENCXF_AES_128, 16, 16, 0, 0 }, + { "aes-192", ENCXF_AES_192, 24, 24, 0, 0 }, + { "aes-256", ENCXF_AES_256, 32, 32, 0, 0 }, + { "aesctr", ENCXF_AESCTR, 16+4, 32+4, 0, 1 }, + { "aes-128-ctr", ENCXF_AES_128_CTR, 16+4, 16+4, 0, 1 }, + { "aes-192-ctr", ENCXF_AES_192_CTR, 24+4, 24+4, 0, 1 }, + { "aes-256-ctr", ENCXF_AES_256_CTR, 32+4, 32+4, 0, 1 }, + { "aes-128-gcm", ENCXF_AES_128_GCM, 16+4, 16+4, 1, 1 }, + { "aes-192-gcm", ENCXF_AES_192_GCM, 24+4, 24+4, 1, 1 }, + { "aes-256-gcm", ENCXF_AES_256_GCM, 32+4, 32+4, 1, 1 }, + { "aes-128-gmac", ENCXF_AES_128_GMAC, 16+4, 16+4, 1, 1 }, + { "aes-192-gmac", ENCXF_AES_192_GMAC, 24+4, 24+4, 1, 1 }, + { "aes-256-gmac", ENCXF_AES_256_GMAC, 32+4, 32+4, 1, 1 }, + { "blowfish", ENCXF_BLOWFISH, 5, 56, 0, 0 }, + { "cast128", ENCXF_CAST128, 5, 16, 0, 0 }, + { "null", ENCXF_NULL, 0, 0, 0, 0 }, + { NULL, 0, 0, 0, 0, 0 }, }; const struct ipsec_xf compxfs[] = { @@ -2219,6 +2219,11 @@ validate_sa(u_int32_t spi, u_int8_t satype, struct ipsec_transforms *xfs, } if (!xfs->encxf) xfs->encxf = &encxfs[ENCXF_AES]; + if (xfs->encxf->nostatic) { + yyerror("%s is disallowed with static keys", + xfs->encxf->name); + return 0; + } if (xfs->encxf->noauth && xfs->authxf) { yyerror("authentication is implicit for %s", xfs->encxf->name); |