Clarify "aes" will accept keys which length is in 128:256 bits. Also

correct "cast" in ipsec.conf.5 to "cast128", add missing
"chacha20-poly1305", and sync iked.conf.5 and ipsec.conf.5 some
places.

ok jmc sthen

1 files changed, 23 insertions, 7 deletions

diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5
index f948af81228..98acad6a4ff 100644
--- a/sbin/ipsecctl/ipsec.conf.5
+++ b/sbin/ipsecctl/ipsec.conf.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ipsec.conf.5,v 1.160 2021/10/22 12:30:54 bluhm Exp $
+.\"	$OpenBSD: ipsec.conf.5,v 1.161 2021/11/04 03:53:57 yasuoka Exp $
 .\"
 .\" Copyright (c) 2004 Mathieu Sauve-Frankel  All rights reserved.
 .\"
@@ -22,7 +22,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 22 2021 $
+.Dd $Mdocdate: November 4 2021 $
 .Dt IPSEC.CONF 5
 .Os
 .Sh NAME
@@ -637,10 +637,10 @@ keyword:
 The following cipher types are permitted with the
 .Ic enc
 keyword:
-.Bl -column "aes-128-gmac" "Key Length" "Description" -offset indent
+.Bl -column "chacha20-poly1305" "128-256 bits" "Description" -offset indent
 .It Em "Cipher" Ta Em "Key Length" Ta ""
 .It Li 3des Ta "168 bits" Ta ""
-.It Li aes Ta "128 bits" Ta ""
+.It Li aes Ta "128-256 bits" Ta ""
 .It Li aes-128 Ta "128 bits" Ta ""
 .It Li aes-192 Ta "192 bits" Ta ""
 .It Li aes-256 Ta "256 bits" Ta ""
@@ -651,21 +651,37 @@ keyword:
 .It Li aes-128-gcm Ta "160 bits" Ta "[phase 2 only, IKE only]"
 .It Li aes-192-gcm Ta "224 bits" Ta "[phase 2 only, IKE only]"
 .It Li aes-256-gcm Ta "288 bits" Ta "[phase 2 only, IKE only]"
+.It Li blowfish Ta "160 bits" Ta ""
+.It Li cast128 Ta "128 bits" Ta ""
+.It Li chacha20-poly1305 Ta "288 bits" Ta ""
+.El
+.Pp
+The following cipher types provide only authentication, not encryption:
+.Bl -column "chacha20-poly1305" "128-256 bits" "Description" -offset indent
 .It Li aes-128-gmac Ta "160 bits" Ta "[phase 2 only, IKE only]"
 .It Li aes-192-gmac Ta "224 bits" Ta "[phase 2 only, IKE only]"
 .It Li aes-256-gmac Ta "288 bits" Ta "[phase 2 only, IKE only]"
-.It Li blowfish Ta "160 bits" Ta ""
-.It Li cast Ta "128 bits" Ta ""
 .It Li null Ta "(none)" Ta "[phase 2 only]"
 .El
 .Pp
+Transforms followed by
+.Bq IKE only
+can only be used with the
+.Ic ike
+keyword, transforms with
+.Bq phase 2 only
+can only be used with the
+.Ic quick
+keyword.
+.Pp
 3DES requires 24 bytes to form its 168-bit key.
 This is because the most significant bit of each byte is used for parity.
 .Pp
 The keysize of AES-CTR can be 128, 192, or 256 bits.
 However as well as the key, a 32-bit nonce has to be supplied.
 Thus 160, 224, or 288 bits of key material, respectively, have to be supplied.
-The same applies to AES-GCM and AES-GMAC.
+The same applies to AES-GCM, AES-GMAC and Chacha20-Poly1305,
+however in the latter case the keysize is 256 bit.
 .Pp
 Using AES-GMAC or NULL with ESP will only provide authentication.
 This is useful in setups where AH cannot be used, e.g. when NAT is involved.