From b5dfdb3a2efdb6254a71b6a2a4c52d1e28262e79 Mon Sep 17 00:00:00 2001 From: Jason McIntyre Date: Thu, 7 Sep 2006 09:57:03 +0000 Subject: move all the auth/enc/group stuff into one definitive section; help from ho hshoexer --- sbin/ipsecctl/ipsec.conf.5 | 215 ++++++++++++++++++--------------------------- 1 file changed, 85 insertions(+), 130 deletions(-) (limited to 'sbin/ipsecctl') diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5 index 37dbad3cfe4..a9def68c2ce 100644 --- a/sbin/ipsecctl/ipsec.conf.5 +++ b/sbin/ipsecctl/ipsec.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsec.conf.5,v 1.85 2006/09/06 11:40:33 jmc Exp $ +.\" $OpenBSD: ipsec.conf.5,v 1.86 2006/09/07 09:57:02 jmc Exp $ .\" .\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved. .\" @@ -264,99 +264,51 @@ specification can be left out. .Ic enc Ar algorithm .Ic group Ar group .Xc -These parameters define the cryptographic transforms to be used for main mode. +These parameters define the cryptographic transforms to be used for +main mode. Possible values for -.Ic auth -are -.Ar hmac-md5 , -.Ar hmac-sha1 , -.Ar hmac-sha2-256 , -.Ar hmac-sha2-384 , +.Ic auth , +.Ic enc , and -.Ar hmac-sha2-512 . -For -.Ic enc -the values -.Ar des , -.Ar 3des , -.Ar aes , -.Ar blowfish , -and -.Ar cast -are allowed. -For .Ic group -the values -.Ar modp768 , -.Ar modp1024 , -.Ar modp1536 , -.Ar modp2048 , -.Ar modp3072 , -.Ar modp4096 , -.Ar modp6144 , -and -.Ar modp8192 -are allowed. +are described below in +.Sx CRYPTO TRANSFORMS . +.Pp If omitted, .Xr ipsecctl 8 will use the default values .Ar hmac-sha1 , .Ar aes , -and group +and .Ar modp1024 . .It Xo .Ic quick auth Ar algorithm .Ic enc Ar algorithm .Ic group Ar group .Xc -Similar to -.Ic main , -.Ic quick -defines the transforms to be used for quick mode. -However, the possible values for -.Ic auth -are -.Ar hmac-md5 , -.Ar hmac-sha1 , -.Ar hmac-ripemd160 , -.Ar hmac-sha2-256 , -.Ar hmac-sha2-384 , -and -.Ar hmac-sha2-512 . -For -.Ic enc -valid values are -.Ar des , -.Ar 3des , -.Ar aes , -.Ar aesctr , -.Ar blowfish , +These parameters define the cryptographic transforms to be used for +quick mode. +Possible values for +.Ic auth , +.Ic enc , and -.Ar cast . -For .Ic group -the values -.Ar modp768 , -.Ar modp1024 , -.Ar modp1536 , -.Ar modp2048 , -.Ar modp3072 , -.Ar modp4096 , -.Ar modp6144 , -.Ar modp8192 , -and -.Ar none -are allowed. -When a group is specified perfect forward security (PFS) will be used. -When the value +are described below in +.Sx CRYPTO TRANSFORMS . +If +.Ic group +is specified, +Perfect Forward Security (PFS) is used. +If the value .Ar none -is used, PFS will be disabled. -If no quick mode transforms are specified, -the default values +is used, PFS is disabled. +.Pp +If omitted, +.Xr ipsecctl 8 +will use the default values .Ar hmac-sha2-256 and -.Ar aes -are used; +.Ar aes ; PFS will only be used if the remote side requests it. .It Ic srcid Ar string Ic dstid Ar string .Ic srcid @@ -548,12 +500,9 @@ Enter a TCP MD5 SA. The commands are as follows: .Bl -tag -width xxxx .It Ar mode -For -.Ic esp -and -.Ic ah , +For ESP and AH .\".Ic ipcomp -the encapsulation mode to be used can be specified. +the encapsulation mode can be specified. Possible modes are .Ar tunnel and @@ -575,19 +524,11 @@ The SPI identifies a specific SA. .Ar number is a 32-bit value and needs to be unique. .It Ic auth Ar algorithm -For both -.Ic esp -and -.Ic ah +For ESP and AH an authentication algorithm can be specified. -Possible algorithms are -.Ar hmac-md5 , -.Ar hmac-ripemd160 , -.Ar hmac-sha1 , -.Ar hmac-sha2-256 , -.Ar hmac-sha2-384 , -and -.Ar hmac-sha2-512 . +Possible values +are described below in +.Sx CRYPTO TRANSFORMS . .Pp If no algorithm is specified, .Xr ipsecctl 8 @@ -609,19 +550,11 @@ by default. .\".Xr hifn 4 .\"because of the patent held by Hifn, Inc. .It Ic enc Ar algorithm -For -.Ic esp -an encryption algorithm needs to be specified. -Possible algorithms are -.Ar 3des-cbc , -.Ar des-cbc , -.Ar aes , -.Ar aesctr , -.Ar blowfish , -.Ar cast128 , -.Ar null , -and -.Ar skipjack . +For ESP +an encryption algorithm can be specified. +Possible values +are described below in +.Sx CRYPTO TRANSFORMS . .Pp If no algorithm is specified, .Xr ipsecctl 8 @@ -668,17 +601,42 @@ The mechanism of protecting .Xr tcp 4 sessions using MD5 is described in RFC 2385. .El -.Sh CRYPTO KEY SIZE -Different cipher types may require different sized keys: +.Sh CRYPTO TRANSFORMS +It is very important that keys are not guessable. +One practical way of generating keys is to use +.Xr openssl 1 . +The following generates a 160-bit (20-byte) key: +.Bd -literal -offset indent +$ openssl rand 20 | hexdump -e '20/1 "%02x"' +.Ed +.Pp +The following authentication types are permitted with the +.Ic auth +keyword: +.Pp +.Bl -column "authenticationXX" "Key Length" -offset indent -compact +.It Em Authentication Key Length +.It Li hmac-md5 Ta "128 bits" +.It Li hmac-ripemd160 Ta "160 bits" Ta "[quick mode only]" +.It Li hmac-sha1 Ta "160 bits" +.It Li hmac-sha2-256 Ta "256 bits" +.It Li hmac-sha2-384 Ta "384 bits" +.It Li hmac-sha2-512 Ta "512 bits" +.El +.Pp +The following cipher types are permitted with the +.Ic enc +keyword: .Pp -.Bl -column "CipherXX" "Key Length" -offset indent -compact +.Bl -column "authenticationXX" "Key Length" -offset indent -compact .It Em Cipher Key Length -.It Li DES Ta "56 bits" -.It Li 3DES Ta "168 bits" -.It Li AES Ta "variable (128 bits recommended)" -.It Li Blowfish Ta "variable (160 bits recommended)" -.It Li CAST Ta "variable (128 bits maximum and recommended)" -.It Li Skipjack Ta "80 bits" +.It Li des Ta "56 bits" +.It Li 3des Ta "168 bits" +.It Li aes Ta "128 bits" +.It Li aesctr Ta "160 bits" Ta "[quick mode only]" +.It Li blowfish Ta "160 bits" +.It Li cast Ta "128 bits" +.It Li skipjack Ta "80 bits" .El .Pp Use of DES or Skipjack as an encryption algorithm is not recommended @@ -690,25 +648,22 @@ Note that DES requires 8 bytes to form a 56-bit key and 3DES requires 24 bytes to form its 168-bit key. This is because the most significant bit of each byte is used for parity. .Pp -Different authentication types may also require different sized keys: +The following group types are permitted with the +.Ic group +keyword: .Pp .Bl -column "authenticationXX" "Key Length" -offset indent -compact -.It Em Authentication Key Length -.It Li HMAC-MD5 Ta "128 bits" -.It Li HMAC-RIPEMD160 Ta "160 bits" -.It Li HMAC-SHA1 Ta "160 bits" -.It Li HMAC-SHA2-256 Ta "256 bits" -.It Li HMAC-SHA2-384 Ta "384 bits" -.It Li HMAC-SHA2-512 Ta "512 bits" +.It Em Group Size +.It Li modp768 Ta 768 +.It Li modp1024 Ta 1024 +.It Li modp1536 Ta 1536 +.It Li modp2048 Ta 2048 +.It Li modp3072 Ta 3072 +.It Li modp4096 Ta 4096 +.It Li modp6144 Ta 6144 +.It Li modp8192 Ta 8192 +.It Li none Ta 0 Ta [quick mode only] .El -.Pp -It is very important that keys are not guessable. -One practical way of generating keys is to use -.Xr openssl 1 . -The following generates a 160-bit (20-byte) key: -.Bd -literal -offset indent -$ openssl rand 20 | hexdump -e '20/1 "%02x"' -.Ed .Sh SEE ALSO .Xr openssl 1 , .\".Xr ipcomp 4 , -- cgit v1.2.3