subject:"iked curve25519"

Re: iked curve25519

2019-04-02 Thread Theo de Raadt

I think this is the right time to do this.

Stuart Henderson  wrote:

> On 2019/03/30 13:43, Theo de Raadt wrote:
> > I think we should switch, waiting doesn't help.
> > 
> > Reyk Floeter  wrote:
> > 
> > > I like the idea of switching it to the proper ID.
> > > 
> > > Reyk
> > > 
> > > > Am 30.03.2019 um 20:31 schrieb Stuart Henderson :
> > > > 
> > > > curve25519 had a proper ID (31) assigned in 2016 but we still have
> > > > the draft private-use ID in iked. Any thoughts on whether we can just
> > > > cut across to the proper ID, or whether that will be too painful?
> > > > Are many people using this already?
> > > > 
> > > 
> > 
> 
> Here's the cut-across diff. OK?
> 
> To transition, before updating, configure the responder to allow both
> curve25519 and another PFS group e.g.
> 
> ...
>   ikesa enc aes-256 prf hmac-sha2-256 auth hmac-sha2-256 group curve25519 \
>   ikesa enc aes-256 prf hmac-sha2-256 auth hmac-sha2-256 group brainpool512 \
> ...
> 
> Then switch the initiators to the other group, then upgrade and switch
> back as wanted.
> 
> This doesn't affect the default iked configuration, and is unlikely to
> affect non-OpenBSD devices as curve25519 with the draft ID does not seem
> widely used elsewhere, so shouldn't trouble too many people.
> 
> Index: dh.c
> ===
> RCS file: /cvs/src/sbin/iked/dh.c,v
> retrieving revision 1.21
> diff -u -p -r1.21 dh.c
> --- dh.c  27 Oct 2017 14:26:35 -  1.21
> +++ dh.c  1 Apr 2019 19:06:18 -
> @@ -244,9 +244,7 @@ const struct group_id ike_groups[] = {
>   { GROUP_ECP, 28, 256, NULL, NULL, NID_brainpoolP256r1 },
>   { GROUP_ECP, 29, 384, NULL, NULL, NID_brainpoolP384r1 },
>   { GROUP_ECP, 30, 512, NULL, NULL, NID_brainpoolP512r1 },
> -
> - /* "Private use" extensions */
> - { GROUP_CURVE25519, 1034, CURVE25519_SIZE * 8 }
> + { GROUP_CURVE25519, 31, CURVE25519_SIZE * 8 }
>  };
>  
>  void
> Index: iked.conf.5
> ===
> RCS file: /cvs/src/sbin/iked/iked.conf.5,v
> retrieving revision 1.53
> diff -u -p -r1.53 iked.conf.5
> --- iked.conf.5   31 Jan 2018 13:25:55 -  1.53
> +++ iked.conf.5   1 Apr 2019 19:06:18 -
> @@ -883,7 +883,7 @@ The currently supported group types are 
>  MODP (exponentiation groups modulo a prime),
>  EC2N (elliptic curve groups over GF[2^N]),
>  ECP (elliptic curve groups modulo a prime),
> -or the non-standard Curve25519.
> +or Curve25519.
>  Please note that the EC2N groups are considered as insecure and only
>  provided for backwards compatibility.
>  .Sh EXAMPLES
> Index: ikev2.h
> ===
> RCS file: /cvs/src/sbin/iked/ikev2.h,v
> retrieving revision 1.28
> diff -u -p -r1.28 ikev2.h
> --- ikev2.h   27 Feb 2019 06:33:57 -  1.28
> +++ ikev2.h   1 Apr 2019 19:06:18 -
> @@ -231,16 +231,16 @@ extern struct iked_constmap ikev2_xforma
>  #define IKEV2_XFORMDH_MODP_4096  16  /* DH Group 16 */
>  #define IKEV2_XFORMDH_MODP_6144  17  /* DH Group 17 */
>  #define IKEV2_XFORMDH_MODP_8192  18  /* DH Group 18 */
> -#define IKEV2_XFORMDH_ECP_25619  /* DH Group 19 */
> -#define IKEV2_XFORMDH_ECP_38420  /* DH Group 20 */
> -#define IKEV2_XFORMDH_ECP_52121  /* DH Group 21 */
> -#define IKEV2_XFORMDH_ECP_19225  /* DH Group 25 */
> -#define IKEV2_XFORMDH_ECP_22426  /* DH Group 26 */
> -#define IKEV2_XFORMDH_BRAINPOOL_P224R1   27  /* DH Group 27 */
> -#define IKEV2_XFORMDH_BRAINPOOL_P256R1   28  /* DH Group 28 */
> -#define IKEV2_XFORMDH_BRAINPOOL_P384R1   29  /* DH Group 29 */
> -#define IKEV2_XFORMDH_BRAINPOOL_P512R1   30  /* DH Group 30 */
> -#define IKEV2_XFORMDH_X_CURVE25519   1034/* 
> draft-ietf-ipsecme-safecurves-00 */
> +#define IKEV2_XFORMDH_ECP_25619  /* RFC5114 */
> +#define IKEV2_XFORMDH_ECP_38420  /* RFC5114 */
> +#define IKEV2_XFORMDH_ECP_52121  /* RFC5114 */
> +#define IKEV2_XFORMDH_ECP_19225  /* RFC5114 */
> +#define IKEV2_XFORMDH_ECP_22426  /* RFC5114 */
> +#define IKEV2_XFORMDH_BRAINPOOL_P224R1   27  /* RFC6954 */
> +#define IKEV2_XFORMDH_BRAINPOOL_P256R1   28  /* RFC6954 */
> +#define IKEV2_XFORMDH_BRAINPOOL_P384R1   29  /* RFC6954 */
> +#define IKEV2_XFORMDH_BRAINPOOL_P512R1   30  /* RFC6954 */
> +#define IKEV2_XFORMDH_CURVE25519 31  /* RFC8031 */
>  
>  extern struct iked_constmap ikev2_xformdh_map[];
>  
> Index: parse.y
> ===
> RCS file: /cvs/src/sbin/iked/parse.y,v
> retrieving revision 1.78
> diff -u -p -r1.78 parse.y
> --- parse.y   13 Feb 2019 22:57:07 -  1.78
> +++ parse.y   1 Apr 201

Re: iked curve25519

2019-04-01 Thread Stuart Henderson

On 2019/03/30 13:43, Theo de Raadt wrote:
> I think we should switch, waiting doesn't help.
> 
> Reyk Floeter  wrote:
> 
> > I like the idea of switching it to the proper ID.
> > 
> > Reyk
> > 
> > > Am 30.03.2019 um 20:31 schrieb Stuart Henderson :
> > > 
> > > curve25519 had a proper ID (31) assigned in 2016 but we still have
> > > the draft private-use ID in iked. Any thoughts on whether we can just
> > > cut across to the proper ID, or whether that will be too painful?
> > > Are many people using this already?
> > > 
> > 
> 

Here's the cut-across diff. OK?

To transition, before updating, configure the responder to allow both
curve25519 and another PFS group e.g.

...
  ikesa enc aes-256 prf hmac-sha2-256 auth hmac-sha2-256 group curve25519 \
  ikesa enc aes-256 prf hmac-sha2-256 auth hmac-sha2-256 group brainpool512 \
...

Then switch the initiators to the other group, then upgrade and switch
back as wanted.

This doesn't affect the default iked configuration, and is unlikely to
affect non-OpenBSD devices as curve25519 with the draft ID does not seem
widely used elsewhere, so shouldn't trouble too many people.

Index: dh.c
===
RCS file: /cvs/src/sbin/iked/dh.c,v
retrieving revision 1.21
diff -u -p -r1.21 dh.c
--- dh.c27 Oct 2017 14:26:35 -  1.21
+++ dh.c1 Apr 2019 19:06:18 -
@@ -244,9 +244,7 @@ const struct group_id ike_groups[] = {
{ GROUP_ECP, 28, 256, NULL, NULL, NID_brainpoolP256r1 },
{ GROUP_ECP, 29, 384, NULL, NULL, NID_brainpoolP384r1 },
{ GROUP_ECP, 30, 512, NULL, NULL, NID_brainpoolP512r1 },
-
-   /* "Private use" extensions */
-   { GROUP_CURVE25519, 1034, CURVE25519_SIZE * 8 }
+   { GROUP_CURVE25519, 31, CURVE25519_SIZE * 8 }
 };
 
 void
Index: iked.conf.5
===
RCS file: /cvs/src/sbin/iked/iked.conf.5,v
retrieving revision 1.53
diff -u -p -r1.53 iked.conf.5
--- iked.conf.5 31 Jan 2018 13:25:55 -  1.53
+++ iked.conf.5 1 Apr 2019 19:06:18 -
@@ -883,7 +883,7 @@ The currently supported group types are 
 MODP (exponentiation groups modulo a prime),
 EC2N (elliptic curve groups over GF[2^N]),
 ECP (elliptic curve groups modulo a prime),
-or the non-standard Curve25519.
+or Curve25519.
 Please note that the EC2N groups are considered as insecure and only
 provided for backwards compatibility.
 .Sh EXAMPLES
Index: ikev2.h
===
RCS file: /cvs/src/sbin/iked/ikev2.h,v
retrieving revision 1.28
diff -u -p -r1.28 ikev2.h
--- ikev2.h 27 Feb 2019 06:33:57 -  1.28
+++ ikev2.h 1 Apr 2019 19:06:18 -
@@ -231,16 +231,16 @@ extern struct iked_constmap ikev2_xforma
 #define IKEV2_XFORMDH_MODP_409616  /* DH Group 16 */
 #define IKEV2_XFORMDH_MODP_614417  /* DH Group 17 */
 #define IKEV2_XFORMDH_MODP_819218  /* DH Group 18 */
-#define IKEV2_XFORMDH_ECP_256  19  /* DH Group 19 */
-#define IKEV2_XFORMDH_ECP_384  20  /* DH Group 20 */
-#define IKEV2_XFORMDH_ECP_521  21  /* DH Group 21 */
-#define IKEV2_XFORMDH_ECP_192  25  /* DH Group 25 */
-#define IKEV2_XFORMDH_ECP_224  26  /* DH Group 26 */
-#define IKEV2_XFORMDH_BRAINPOOL_P224R1 27  /* DH Group 27 */
-#define IKEV2_XFORMDH_BRAINPOOL_P256R1 28  /* DH Group 28 */
-#define IKEV2_XFORMDH_BRAINPOOL_P384R1 29  /* DH Group 29 */
-#define IKEV2_XFORMDH_BRAINPOOL_P512R1 30  /* DH Group 30 */
-#define IKEV2_XFORMDH_X_CURVE25519 1034/* 
draft-ietf-ipsecme-safecurves-00 */
+#define IKEV2_XFORMDH_ECP_256  19  /* RFC5114 */
+#define IKEV2_XFORMDH_ECP_384  20  /* RFC5114 */
+#define IKEV2_XFORMDH_ECP_521  21  /* RFC5114 */
+#define IKEV2_XFORMDH_ECP_192  25  /* RFC5114 */
+#define IKEV2_XFORMDH_ECP_224  26  /* RFC5114 */
+#define IKEV2_XFORMDH_BRAINPOOL_P224R1 27  /* RFC6954 */
+#define IKEV2_XFORMDH_BRAINPOOL_P256R1 28  /* RFC6954 */
+#define IKEV2_XFORMDH_BRAINPOOL_P384R1 29  /* RFC6954 */
+#define IKEV2_XFORMDH_BRAINPOOL_P512R1 30  /* RFC6954 */
+#define IKEV2_XFORMDH_CURVE25519   31  /* RFC8031 */
 
 extern struct iked_constmap ikev2_xformdh_map[];
 
Index: parse.y
===
RCS file: /cvs/src/sbin/iked/parse.y,v
retrieving revision 1.78
diff -u -p -r1.78 parse.y
--- parse.y 13 Feb 2019 22:57:07 -  1.78
+++ parse.y 1 Apr 2019 19:06:18 -
@@ -253,7 +253,7 @@ const struct ipsec_xf groupxfs[] = {
{ "grp29",  IKEV2_XFORMDH_BRAINPOOL_P384R1 },
{ "brainpool512",   IKEV2_XFORMDH_BRAINPOOL_P512R1 },
{ "grp30",  IKEV2_XFORMDH_BRAINPOOL_P512R1 },
-   { "curve25519", IKEV2_XFORMDH_X_CURVE25519 },
+   { "curve25519", IKEV2_XFORMDH_

Re: [EXTERNAL] Re: iked curve25519

2019-04-01 Thread Eichert, Diana

You didn't ask for an enduser opinion but you should go ahead but I suggest a 
hard change.

I can tell you people will continue to use the old method until it no longer 
works.

-Original Message-
From: owner-t...@openbsd.org  On Behalf Of Tobias Heider
Sent: Saturday, March 30, 2019 1:53 PM
To: tech@openbsd.org
Cc: r...@openbsd.org; s...@spacehopper.org
Subject: [EXTERNAL] Re: iked curve25519

+1 for adding ID 31

Maybe add the proper one but also keep the old to give people some time to 
update their stuff if this is a problem.
There should be more than enough reserved IDs.

On 3/30/19 8:35 PM, Reyk Floeter wrote:
> I like the idea of switching it to the proper ID.
> 
> Reyk
> 
>> Am 30.03.2019 um 20:31 schrieb Stuart Henderson :
>>
>> curve25519 had a proper ID (31) assigned in 2016 but we still have 
>> the draft private-use ID in iked. Any thoughts on whether we can just 
>> cut across to the proper ID, or whether that will be too painful?
>> Are many people using this already?
>>
>

Re: iked curve25519

2019-03-30 Thread Tobias Heider

+1 for adding ID 31

Maybe add the proper one but also keep the old to give people some time
to update their stuff if this is a problem.
There should be more than enough reserved IDs.

On 3/30/19 8:35 PM, Reyk Floeter wrote:
> I like the idea of switching it to the proper ID.
> 
> Reyk
> 
>> Am 30.03.2019 um 20:31 schrieb Stuart Henderson :
>>
>> curve25519 had a proper ID (31) assigned in 2016 but we still have
>> the draft private-use ID in iked. Any thoughts on whether we can just
>> cut across to the proper ID, or whether that will be too painful?
>> Are many people using this already?
>>
>

Re: iked curve25519

2019-03-30 Thread Theo de Raadt

I think we should switch, waiting doesn't help.

Reyk Floeter  wrote:

> I like the idea of switching it to the proper ID.
> 
> Reyk
> 
> > Am 30.03.2019 um 20:31 schrieb Stuart Henderson :
> > 
> > curve25519 had a proper ID (31) assigned in 2016 but we still have
> > the draft private-use ID in iked. Any thoughts on whether we can just
> > cut across to the proper ID, or whether that will be too painful?
> > Are many people using this already?
> > 
>

Re: iked curve25519

2019-03-30 Thread Reyk Floeter

I like the idea of switching it to the proper ID.

Reyk

> Am 30.03.2019 um 20:31 schrieb Stuart Henderson :
> 
> curve25519 had a proper ID (31) assigned in 2016 but we still have
> the draft private-use ID in iked. Any thoughts on whether we can just
> cut across to the proper ID, or whether that will be too painful?
> Are many people using this already?
>

iked curve25519

2019-03-30 Thread Stuart Henderson

curve25519 had a proper ID (31) assigned in 2016 but we still have
the draft private-use ID in iked. Any thoughts on whether we can just
cut across to the proper ID, or whether that will be too painful?
Are many people using this already?

Re: iked curve25519

Re: iked curve25519

Re: [EXTERNAL] Re: iked curve25519

Re: iked curve25519

Re: iked curve25519

Re: iked curve25519

iked curve25519

7 matches

Site Navigation

Mail list logo

Footer information