src - OpenBSD base system

diff options


context:
space:
mode:

author	Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org>	2004-02-27 19:07:17 +0000
committer	Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org>	2004-02-27 19:07:17 +0000
commit	cb049b6a2ff73dc037900f5b66ca672bb9107219 (patch)
tree	f4f7d01a8ab67c4e58bdf6d0d6f3e4f3bbeb2fe3 /sbin/isakmpd
parent	b87c0c466568c6ab2c7197dca4afd243ffea29c0 (diff)

Add group 14 (modp2048) to predefined suites. Manpage also updated.

ok ho@

Diffstat (limited to 'sbin/isakmpd')

-rw-r--r--

sbin/isakmpd/conf.c

-rw-r--r--

sbin/isakmpd/isakmpd.conf.5

2 files changed, 9 insertions, 9 deletions

diff --git a/sbin/isakmpd/conf.c b/sbin/isakmpd/conf.c
index aed4ea6acf5..de4e2144579 100644
--- a/sbin/isakmpd/conf.c
+++ b/sbin/isakmpd/conf.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: conf.c,v 1.60 2004/01/06 00:22:48 hshoexer Exp $ */

+/* $OpenBSD: conf.c,v 1.61 2004/02/27 19:07:16 hshoexer Exp $ */

/* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $ */

@@ -322,14 +322,14 @@ conf_parse (int trans, char *buf, size_t sz)

* Resulting section names can be:

* For main mode:

- * {DES,BLF,3DES,CAST,AES}-{MD5,SHA}[-GRP{1,2,5}][-{DSS,RSA_SIG}]

+ * {DES,BLF,3DES,CAST,AES}-{MD5,SHA}[-GRP{1,2,5,14}][-{DSS,RSA_SIG}]

* For quick mode:

* QM-{proto}[-TRP]-{cipher}[-{hash}][-PFS[-{group}]]-SUITE

* where

* {proto} = ESP, AH

* {cipher} = DES, 3DES, CAST, BLF, AES

* {hash} = MD5, SHA, RIPEMD, SHA2-{-256,384,512}

- * {group} = GRP1, GRP2, GRP5

+ * {group} = GRP1, GRP2, GRP5, GRP14

* DH group defaults to MODP_1024.

@@ -392,7 +392,7 @@ conf_load_defaults (int tr)

char *mm_hash[] = { "MD5", "SHA", 0 };

char *mm_enc[] = { "DES_CBC", "BLOWFISH_CBC", "3DES_CBC",

"CAST_CBC", "AES_CBC", 0 };

- char *dh_group[] = { "MODP_768", "MODP_1024", "MODP_1536", 0 };

+ char *dh_group[] = { "MODP_768", "MODP_1024", "MODP_1536", "MODP_2048", 0 };

char *qm_enc[] = { "DES", "3DES", "CAST", "BLOWFISH", "AES", 0 };

char *qm_hash[] = { "HMAC_MD5", "HMAC_SHA", "HMAC_RIPEMD",

"HMAC_SHA2_256", "HMAC_SHA2_384", "HMAC_SHA2_512",

@@ -401,7 +401,7 @@ conf_load_defaults (int tr)

/* Abbreviations to make section names a bit shorter. */

char *mm_auth_p[] = { "", "-DSS", "-RSA_SIG", 0 };

char *mm_enc_p[] = { "DES", "BLF", "3DES", "CAST", "AES", 0 };

- char *dh_group_p[]= { "-GRP1", "-GRP2", "-GRP5", "", 0 };

+ char *dh_group_p[]= { "-GRP1", "-GRP2", "-GRP5", "-GRP14", "", 0 };

char *qm_enc_p[] = { "-DES", "-3DES", "-CAST", "-BLF", "-AES", 0 };

char *qm_hash_p[] = { "-MD5", "-SHA", "-RIPEMD",

"-SHA2-256", "-SHA2-384", "-SHA2-512",

diff --git a/sbin/isakmpd/isakmpd.conf.5 b/sbin/isakmpd/isakmpd.conf.5
index e08604dcef9..6ac09ac708e 100644
--- a/sbin/isakmpd/isakmpd.conf.5
+++ b/sbin/isakmpd/isakmpd.conf.5

@@ -1,4 +1,4 @@

-.\" $OpenBSD: isakmpd.conf.5,v 1.88 2004/02/26 05:52:16 jmc Exp $

+.\" $OpenBSD: isakmpd.conf.5,v 1.89 2004/02/27 19:07:16 hshoexer Exp $

.\" $EOM: isakmpd.conf.5,v 1.57 2000/12/21 14:43:17 ho Exp $

.\"

@@ -85,7 +85,7 @@ and transforms.

.Pp

For Main Mode:

.Bd -filled -compact

-.Ar {DES,BLF,3DES,CAST,AES}-{MD5,SHA}[-GRP{1,2,5}][-{DSS,RSA_SIG}]

+.Ar {DES,BLF,3DES,CAST,AES}-{MD5,SHA}[-GRP{1,2,5,14}][-{DSS,RSA_SIG}]

.Ed

.Pp

For Quick Mode:

@@ -97,7 +97,7 @@ For Quick Mode:

{proto} is either ESP or AH

{cipher} is either DES, 3DES, CAST, BLF or AES

{hash} is either MD5, SHA, RIPEMD, SHA2-{256,384,512}

- {group} is either GRP1, GRP2 or GRP5

+ {group} is either GRP1, GRP2, GRP5 or GRP14

.Ed

.Pp

For example, 3DES-SHA means: 3DES encryption, SHA hash, and authorization by

@@ -105,7 +105,7 @@ pre-shared keys.

Similarly, QM-ESP-3DES-SHA-PFS-SUITE means: ESP protocol, 3DES encryption,

SHA hash, and use Perfect Forward Secrecy.

.Pp

-Unless explicitly stated with -GRP1, 2 or 5, transforms and PFS suites

+Unless explicitly stated with -GRP1, 2, 5 or 14 transforms and PFS suites

use DH group 2.

There are currently no predefined ESP+AH Quick Mode suites.

.Pp