From a06b39dddae68e415db32f86c5cd98e1138cc11e Mon Sep 17 00:00:00 2001 From: Mike Belopuhov Date: Wed, 4 Nov 2015 12:40:50 +0000 Subject: Support Chacha20-Poly1305 for Child SAs; ok reyk --- sbin/iked/iked.conf.5 | 12 +++++++----- sbin/iked/parse.y | 4 +++- sbin/iked/pfkey.c | 3 ++- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/sbin/iked/iked.conf.5 b/sbin/iked/iked.conf.5 index 04d1dcfd923..1e8e0bd5bd6 100644 --- a/sbin/iked/iked.conf.5 +++ b/sbin/iked/iked.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: iked.conf.5,v 1.42 2015/11/01 21:26:48 jmc Exp $ +.\" $OpenBSD: iked.conf.5,v 1.43 2015/11/04 12:40:49 mikeb Exp $ .\" .\" Copyright (c) 2010 - 2014 Reyk Floeter .\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved. @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: November 1 2015 $ +.Dd $Mdocdate: November 4 2015 $ .Dt IKED.CONF 5 .Os .Sh NAME @@ -755,7 +755,7 @@ keyword: The following cipher types are permitted with the .Ic enc keyword: -.Bl -column "aes-128-gmac" "Key Length" "[ESP only]" -offset indent +.Bl -column "chacha20-poly1305" "Key Length" "[ESP only]" -offset indent .It Em "Cipher" Ta Em "Key Length" Ta "" .It Li des Ta "56 bits" Ta "[ESP only]" .It Li 3des Ta "168 bits" Ta "" @@ -770,11 +770,12 @@ keyword: .It Li aes-256-gcm Ta "288 bits" Ta "[ESP only]" .It Li blowfish Ta "160 bits" Ta "[ESP only]" .It Li cast Ta "128 bits" Ta "[ESP only]" +.It Li chacha20-poly1305 Ta "288 bits" Ta "[ESP only]" .El .Pp The following cipher types provide only authentication, not encryption: -.Bl -column "aes-128-gmac" "Key Length" "[ESP only]" -offset indent +.Bl -column "chacha20-poly1305" "Key Length" "[ESP only]" -offset indent .It Li aes-128-gmac Ta "160 bits" Ta "[ESP only]" .It Li aes-192-gmac Ta "224 bits" Ta "[ESP only]" .It Li aes-256-gmac Ta "288 bits" Ta "[ESP only]" @@ -791,7 +792,8 @@ This is because the most significant bit of each byte is used for parity. The keysize of AES-CTR is actually 128-bit. However as well as the key, a 32-bit nonce has to be supplied. Thus 160 bits of key material have to be supplied. -The same applies to AES-GCM and AES-GMAC. +The same applies to AES-GCM, AES-GMAC and Chacha20-Poly1305, +however in the latter case the keysize is 256 bit. .Pp Using AES-GMAC or NULL with ESP will only provide authentication. This is useful in setups where AH cannot be used, e.g. when NAT is involved. diff --git a/sbin/iked/parse.y b/sbin/iked/parse.y index 5e66d6ef868..d525132ee7d 100644 --- a/sbin/iked/parse.y +++ b/sbin/iked/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.52 2015/10/31 19:28:19 naddy Exp $ */ +/* $OpenBSD: parse.y,v 1.53 2015/11/04 12:40:49 mikeb Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -194,6 +194,8 @@ const struct ipsec_xf ipsecencxfs[] = { { "aes-256-gmac", IKEV2_XFORMENCR_NULL_AES_GMAC, 32, 32, 4, 1 }, { "blowfish", IKEV2_XFORMENCR_BLOWFISH, 20, 20 }, { "cast", IKEV2_XFORMENCR_CAST, 16, 16 }, + { "chacha20-poly1305", IKEV2_XFORMENCR_CHACHA20_POLY1305, + 32, 32, 4, 1 }, { "null", IKEV2_XFORMENCR_NULL, 0, 0 }, { NULL } }; diff --git a/sbin/iked/pfkey.c b/sbin/iked/pfkey.c index b1a48b3d3ed..d04bbef4623 100644 --- a/sbin/iked/pfkey.c +++ b/sbin/iked/pfkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkey.c,v 1.46 2015/10/15 18:40:38 mmcc Exp $ */ +/* $OpenBSD: pfkey.c,v 1.47 2015/11/04 12:40:49 mikeb Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -84,6 +84,7 @@ static const struct pfkey_constmap pfkey_encr[] = { { SADB_X_EALG_AESCTR, IKEV2_XFORMENCR_AES_CTR }, { SADB_X_EALG_AESGCM16, IKEV2_XFORMENCR_AES_GCM_16 }, { SADB_X_EALG_AESGMAC, IKEV2_XFORMENCR_NULL_AES_GMAC }, + { SADB_X_EALG_CHACHA20POLY1305, IKEV2_XFORMENCR_CHACHA20_POLY1305 }, { 0 } }; -- cgit v1.2.3