Home » Mailing list archives » openbsd-tech » 2010 » September » 5

Re: AES-GCM Part 3: isakmpd

Previous thread: uid_t fix for sa(8) by Matthew Dempsky on Monday, August 30, 2010 - 9:07 am. (1 message)

Next thread: AES-GCM Part 4: ipsecctl by Mike Belopuhov on Monday, August 30, 2010 - 1:27 pm. (5 messages)
[view original message]
From: Mike Belopuhov
Subject: AES-GCM Part 3: isakmpd
Date: Monday, August 30, 2010 - 1:27 pm

isakmpd part.  both initiator and responder modes work fine.
tested against strongswan/pluto and itself.

note that it defaults to AESGCM-256 (i did it this way because
linux picks largest key).

Index: conf.c
===================================================================
RCS file: /home/cvs/src/sbin/isakmpd/conf.c,v
retrieving revision 1.98
diff -u -p -r1.98 conf.c
--- conf.c	4 Aug 2010 18:09:45 -0000	1.98
+++ conf.c	30 Aug 2010 20:22:10 -0000
@@ -428,13 +428,21 @@ conf_load_defaults_qm(int tr, char *qme,
 	if (strcmp(qme ,"BLOWFISH") == 0)
 		conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_BLF_KEYLEN, 0,
 			 1);
-	else if (strcmp(qme_p ,"-AES-128") == 0)
+	else if (strcmp(qme_p ,"-AESGCM-128") == 0 ||
+	    strcmp(qme_p ,"-AESGMAC-128") == 0 ||
+	    strcmp(qme_p ,"-AES-128") == 0)
 		conf_set(tr, sect, "KEY_LENGTH", "128,128:128", 0, 1);
-	else if (strcmp(qme_p ,"-AES-192") == 0)
+	else if (strcmp(qme_p ,"-AESGCM-192") == 0 ||
+	    strcmp(qme_p ,"-AESGMAC-192") == 0 ||
+	    strcmp(qme_p ,"-AES-192") == 0)
 		conf_set(tr, sect, "KEY_LENGTH", "192,192:192", 0, 1);
-        else if (strcmp(qme_p ,"-AES-256") == 0)
-                conf_set(tr, sect, "KEY_LENGTH", "256,256:256", 0, 1);
-	else if (strcmp(qme ,"AES") == 0)
+	else if (strcmp(qme_p ,"-AESGCM-256") == 0 ||
+	    strcmp(qme_p ,"-AESGMAC-256") == 0 ||
+	    strcmp(qme_p ,"-AES-256") == 0)
+		conf_set(tr, sect, "KEY_LENGTH", "256,256:256", 0, 1);
+	else if (strcmp(qme ,"AESGCM") == 0 ||
+	    strcmp(qme ,"AESGMAC") == 0 ||
+	    strcmp(qme ,"AES") == 0)
 		conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_AES_KEYLEN, 0,
 			 1);
 
@@ -472,9 +480,13 @@ conf_load_defaults(int tr)
 	char	*dhgroup_p[] = {"", "-GRP1", "-GRP2", "-GRP5", "-GRP14",
 		    "-GRP15", 0};
 	char	*qm_enc[] = {"DES", "3DES", "CAST", "BLOWFISH", "AES",
-		    "AES", "AES", "AES", "AES_128_CTR", "NULL", "NONE", 0};
+		    "AES", "AES", "AES", "AES_128_CTR", "AES_GCM_16",
+		    "AES_GCM_16", "AES_GCM_16", "AES_GCM_16", ...
[ message continues ]
[view original message]
From: Christian Weisgerber
Subject: Re: AES-GCM Part 3: isakmpd
Date: Sunday, September 5, 2010 - 9:49 am

I don't understand that rationale.

A side effect of this is that you now get different key sizes if
you specify "aes-gcm" in a manual SA (128) or an IKE rule (256).

-- 
Christian "naddy" Weisgerber                          naddy@mips.inka.de


[ message continues ]
[view original message]
From: Mike Belopuhov
Subject: Re: AES-GCM Part 3: isakmpd
Date: Sunday, September 5, 2010 - 10:28 am

this is bad indeed.  i propose the following: isakmpd always defaults
to 256 if keylength is not specified.  ipsecctl looses "aes-gcm" and
"aes-gmac" specifications, so that you always have to specify key length.

does that sound good?


[ message continues ]
[view original message]
From: Mike Belopuhov
Subject: Re: AES-GCM Part 3: isakmpd
Date: Monday, September 6, 2010 - 7:50 am

ok, in fact isakmpd doesn't care what cipher it was told to use
in the quick mode by the ipsecctl and proceeds with whatever
client proposes, so there's no value in having these aliases.
i decided to remove them.

Index: conf.c
===================================================================
RCS file: /home/cvs/src/sbin/isakmpd/conf.c,v
retrieving revision 1.98
diff -u -p -r1.98 conf.c
--- conf.c	4 Aug 2010 18:09:45 -0000	1.98
+++ conf.c	6 Sep 2010 14:40:45 -0000
@@ -428,13 +428,19 @@ conf_load_defaults_qm(int tr, char *qme,
 	if (strcmp(qme ,"BLOWFISH") == 0)
 		conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_BLF_KEYLEN, 0,
 			 1);
-	else if (strcmp(qme_p ,"-AES-128") == 0)
+	else if (strcmp(qme_p, "-AESGCM-128") == 0 ||
+	    strcmp(qme_p, "-AESGMAC-128") == 0 ||
+	    strcmp(qme_p, "-AES-128") == 0)
 		conf_set(tr, sect, "KEY_LENGTH", "128,128:128", 0, 1);
-	else if (strcmp(qme_p ,"-AES-192") == 0)
+	else if (strcmp(qme_p, "-AESGCM-192") == 0 ||
+	    strcmp(qme_p, "-AESGMAC-192") == 0 ||
+	    strcmp(qme_p, "-AES-192") == 0)
 		conf_set(tr, sect, "KEY_LENGTH", "192,192:192", 0, 1);
-        else if (strcmp(qme_p ,"-AES-256") == 0)
-                conf_set(tr, sect, "KEY_LENGTH", "256,256:256", 0, 1);
-	else if (strcmp(qme ,"AES") == 0)
+	else if (strcmp(qme_p, "-AESGCM-256") == 0 ||
+	    strcmp(qme_p, "-AESGMAC-256") == 0 ||
+	    strcmp(qme_p, "-AES-256") == 0)
+		conf_set(tr, sect, "KEY_LENGTH", "256,256:256", 0, 1);
+	else if	(strcmp(qme, "AES") == 0)
 		conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_AES_KEYLEN, 0,
 			 1);
 
@@ -472,9 +478,13 @@ conf_load_defaults(int tr)
 	char	*dhgroup_p[] = {"", "-GRP1", "-GRP2", "-GRP5", "-GRP14",
 		    "-GRP15", 0};
 	char	*qm_enc[] = {"DES", "3DES", "CAST", "BLOWFISH", "AES",
-		    "AES", "AES", "AES", "AES_128_CTR", "NULL", "NONE", 0};
+		    "AES", "AES", "AES", "AES_128_CTR", "AES_GCM_16",
+		    "AES_GCM_16", "AES_GCM_16", "AES_GMAC", "AES_GMAC",
+		    "AES_GMAC", "NULL", "NONE", 0};
 	char	*qm_enc_p[] = ...
[ message continues ]
[view original message]
From: Mike Belopuhov
Subject: Re: AES-GCM Part 3: isakmpd
Date: Wednesday, September 8, 2010 - 10:29 am

changes:

made sure that we won't generate quick mode config strings
with gcm and other hashes (the very first hunk of the diff).
pointed out by naddy.

Index: conf.c
===================================================================
RCS file: /home/cvs/src/sbin/isakmpd/conf.c,v
retrieving revision 1.98
diff -u -p -r1.98 conf.c
--- conf.c	4 Aug 2010 18:09:45 -0000	1.98
+++ conf.c	8 Sep 2010 17:04:57 -0000
@@ -402,6 +402,11 @@ conf_load_defaults_qm(int tr, char *qme,
 	if (pfs == 0 && strcmp(dhg_p, ""))
 		return;
 
+	/* For GCM no additional authentication must be specified */
+	if (proto == 0 && strcmp(qmh, "NONE") != 0 &&
+	    (strcmp(qme, "AESGCM") == 0 || strcmp(qme, "AESGMAC") == 0))
+		return;
+
 	snprintf(tmp, sizeof tmp, "QM-%s%s%s%s%s%s", PROTO(proto),
 	    MODE_p(mode), qme_p, qmh_p, PFS(pfs), dhg_p);
 
@@ -428,13 +433,19 @@ conf_load_defaults_qm(int tr, char *qme,
 	if (strcmp(qme ,"BLOWFISH") == 0)
 		conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_BLF_KEYLEN, 0,
 			 1);
-	else if (strcmp(qme_p ,"-AES-128") == 0)
+	else if (strcmp(qme_p, "-AES-128") == 0 ||
+	    strcmp(qme_p, "-AESGCM-128") == 0 ||
+	    strcmp(qme_p, "-AESGMAC-128") == 0)
 		conf_set(tr, sect, "KEY_LENGTH", "128,128:128", 0, 1);
-	else if (strcmp(qme_p ,"-AES-192") == 0)
+	else if (strcmp(qme_p, "-AES-192") == 0 ||
+	    strcmp(qme_p, "-AESGCM-192") == 0 ||
+	    strcmp(qme_p, "-AESGMAC-192"))
 		conf_set(tr, sect, "KEY_LENGTH", "192,192:192", 0, 1);
-        else if (strcmp(qme_p ,"-AES-256") == 0)
-                conf_set(tr, sect, "KEY_LENGTH", "256,256:256", 0, 1);
-	else if (strcmp(qme ,"AES") == 0)
+	else if (strcmp(qme_p, "-AES-256") == 0 ||
+	    strcmp(qme_p, "-AESGCM-256") == 0 ||
+	    strcmp(qme_p, "-AESGMAC-256") == 0)
+		conf_set(tr, sect, "KEY_LENGTH", "256,256:256", 0, 1);
+	else if	(strcmp(qme, "AES") == 0)
 		conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_AES_KEYLEN, 0,
 			 1);
 
@@ -472,9 +483,13 @@ conf_load_defaults(int tr)
 	char	*dhgroup_p[] = {"", ...
[ message continues ]
[view original message]
From: Mike Belopuhov
Subject: Re: AES-GCM Part 3: isakmpd
Date: Thursday, September 9, 2010 - 3:30 am

proper diff this time.  spotted by naddy.

Index: conf.c
===================================================================
RCS file: /home/cvs/src/sbin/isakmpd/conf.c,v
retrieving revision 1.98
diff -u -p -r1.98 conf.c
--- conf.c	4 Aug 2010 18:09:45 -0000	1.98
+++ conf.c	9 Sep 2010 10:21:27 -0000
@@ -402,6 +402,11 @@ conf_load_defaults_qm(int tr, char *qme,
 	if (pfs == 0 && strcmp(dhg_p, ""))
 		return;
 
+	/* For GCM no additional authentication must be specified */
+	if (proto == 0 && strcmp(qmh, "NONE") != 0 &&
+	    (strcmp(qme, "AESGCM") == 0 || strcmp(qme, "AESGMAC") == 0))
+		return;
+
 	snprintf(tmp, sizeof tmp, "QM-%s%s%s%s%s%s", PROTO(proto),
 	    MODE_p(mode), qme_p, qmh_p, PFS(pfs), dhg_p);
 
@@ -428,13 +433,19 @@ conf_load_defaults_qm(int tr, char *qme,
 	if (strcmp(qme ,"BLOWFISH") == 0)
 		conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_BLF_KEYLEN, 0,
 			 1);
-	else if (strcmp(qme_p ,"-AES-128") == 0)
+	else if (strcmp(qme_p, "-AES-128") == 0 ||
+	    strcmp(qme_p, "-AESGCM-128") == 0 ||
+	    strcmp(qme_p, "-AESGMAC-128") == 0)
 		conf_set(tr, sect, "KEY_LENGTH", "128,128:128", 0, 1);
-	else if (strcmp(qme_p ,"-AES-192") == 0)
+	else if (strcmp(qme_p, "-AES-192") == 0 ||
+	    strcmp(qme_p, "-AESGCM-192") == 0 ||
+	    strcmp(qme_p, "-AESGMAC-192") == 0)
 		conf_set(tr, sect, "KEY_LENGTH", "192,192:192", 0, 1);
-        else if (strcmp(qme_p ,"-AES-256") == 0)
-                conf_set(tr, sect, "KEY_LENGTH", "256,256:256", 0, 1);
-	else if (strcmp(qme ,"AES") == 0)
+	else if (strcmp(qme_p, "-AES-256") == 0 ||
+	    strcmp(qme_p, "-AESGCM-256") == 0 ||
+	    strcmp(qme_p, "-AESGMAC-256") == 0)
+		conf_set(tr, sect, "KEY_LENGTH", "256,256:256", 0, 1);
+	else if	(strcmp(qme, "AES") == 0)
 		conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_AES_KEYLEN, 0,
 			 1);
 
@@ -472,9 +483,13 @@ conf_load_defaults(int tr)
 	char	*dhgroup_p[] = {"", "-GRP1", "-GRP2", "-GRP5", "-GRP14",
 		    "-GRP15", 0};
 	char	*qm_enc[] = {"DES", "3DES", "CAST", ...
[ message continues ]
[view original message]
From: Mike Belopuhov
Subject: Re: AES-GCM Part 3: isakmpd
Date: Thursday, September 9, 2010 - 4:08 am

even better.  sorry for spam.

Index: conf.c
===================================================================
RCS file: /home/cvs/src/sbin/isakmpd/conf.c,v
retrieving revision 1.98
diff -u -p -r1.98 conf.c
--- conf.c	4 Aug 2010 18:09:45 -0000	1.98
+++ conf.c	9 Sep 2010 11:05:22 -0000
@@ -402,6 +402,11 @@ conf_load_defaults_qm(int tr, char *qme,
 	if (pfs == 0 && strcmp(dhg_p, ""))
 		return;
 
+	/* For GCM no additional authentication must be specified */
+	if (proto == 0 && strcmp(qmh, "NONE") != 0 &&
+	    (strcmp(qme, "AES_GCM_16") == 0 || strcmp(qme, "AES_GMAC") == 0))
+		return;
+
 	snprintf(tmp, sizeof tmp, "QM-%s%s%s%s%s%s", PROTO(proto),
 	    MODE_p(mode), qme_p, qmh_p, PFS(pfs), dhg_p);
 
@@ -428,13 +433,19 @@ conf_load_defaults_qm(int tr, char *qme,
 	if (strcmp(qme ,"BLOWFISH") == 0)
 		conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_BLF_KEYLEN, 0,
 			 1);
-	else if (strcmp(qme_p ,"-AES-128") == 0)
+	else if (strcmp(qme_p, "-AES-128") == 0 ||
+	    strcmp(qme_p, "-AESGCM-128") == 0 ||
+	    strcmp(qme_p, "-AESGMAC-128") == 0)
 		conf_set(tr, sect, "KEY_LENGTH", "128,128:128", 0, 1);
-	else if (strcmp(qme_p ,"-AES-192") == 0)
+	else if (strcmp(qme_p, "-AES-192") == 0 ||
+	    strcmp(qme_p, "-AESGCM-192") == 0 ||
+	    strcmp(qme_p, "-AESGMAC-192") == 0)
 		conf_set(tr, sect, "KEY_LENGTH", "192,192:192", 0, 1);
-        else if (strcmp(qme_p ,"-AES-256") == 0)
-                conf_set(tr, sect, "KEY_LENGTH", "256,256:256", 0, 1);
-	else if (strcmp(qme ,"AES") == 0)
+	else if (strcmp(qme_p, "-AES-256") == 0 ||
+	    strcmp(qme_p, "-AESGCM-256") == 0 ||
+	    strcmp(qme_p, "-AESGMAC-256") == 0)
+		conf_set(tr, sect, "KEY_LENGTH", "256,256:256", 0, 1);
+	else if	(strcmp(qme, "AES") == 0)
 		conf_set(tr, sect, "KEY_LENGTH", CONF_DFLT_VAL_AES_KEYLEN, 0,
 			 1);
 
@@ -472,9 +483,13 @@ conf_load_defaults(int tr)
 	char	*dhgroup_p[] = {"", "-GRP1", "-GRP2", "-GRP5", "-GRP14",
 		    "-GRP15", 0};
 	char	*qm_enc[] = {"DES", "3DES", "CAST", "BLOWFISH", ...
[ message continues ]
Previous thread: uid_t fix for sa(8) by Matthew Dempsky on Monday, August 30, 2010 - 9:07 am. (1 message)

Next thread: AES-GCM Part 4: ipsecctl by Mike Belopuhov on Monday, August 30, 2010 - 1:27 pm. (5 messages)