On 2019/03/30 13:43, Theo de Raadt wrote:
> I think we should switch, waiting doesn't help.
>
> Reyk Floeter <[email protected]> wrote:
>
> > I like the idea of switching it to the proper ID.
> >
> > Reyk
> >
> > > Am 30.03.2019 um 20:31 schrieb Stuart Henderson <[email protected]>:
> > >
> > > curve25519 had a proper ID (31) assigned in 2016 but we still have
> > > the draft private-use ID in iked. Any thoughts on whether we can just
> > > cut across to the proper ID, or whether that will be too painful?
> > > Are many people using this already?
> > >
> >
>
Here's the cut-across diff. OK?
To transition, before updating, configure the responder to allow both
curve25519 and another PFS group e.g.
...
ikesa enc aes-256 prf hmac-sha2-256 auth hmac-sha2-256 group curve25519 \
ikesa enc aes-256 prf hmac-sha2-256 auth hmac-sha2-256 group brainpool512 \
...
Then switch the initiators to the other group, then upgrade and switch
back as wanted.
This doesn't affect the default iked configuration, and is unlikely to
affect non-OpenBSD devices as curve25519 with the draft ID does not seem
widely used elsewhere, so shouldn't trouble too many people.
Index: dh.c
===================================================================
RCS file: /cvs/src/sbin/iked/dh.c,v
retrieving revision 1.21
diff -u -p -r1.21 dh.c
--- dh.c 27 Oct 2017 14:26:35 -0000 1.21
+++ dh.c 1 Apr 2019 19:06:18 -0000
@@ -244,9 +244,7 @@ const struct group_id ike_groups[] = {
{ GROUP_ECP, 28, 256, NULL, NULL, NID_brainpoolP256r1 },
{ GROUP_ECP, 29, 384, NULL, NULL, NID_brainpoolP384r1 },
{ GROUP_ECP, 30, 512, NULL, NULL, NID_brainpoolP512r1 },
-
- /* "Private use" extensions */
- { GROUP_CURVE25519, 1034, CURVE25519_SIZE * 8 }
+ { GROUP_CURVE25519, 31, CURVE25519_SIZE * 8 }
};
void
Index: iked.conf.5
===================================================================
RCS file: /cvs/src/sbin/iked/iked.conf.5,v
retrieving revision 1.53
diff -u -p -r1.53 iked.conf.5
--- iked.conf.5 31 Jan 2018 13:25:55 -0000 1.53
+++ iked.conf.5 1 Apr 2019 19:06:18 -0000
@@ -883,7 +883,7 @@ The currently supported group types are
MODP (exponentiation groups modulo a prime),
EC2N (elliptic curve groups over GF[2^N]),
ECP (elliptic curve groups modulo a prime),
-or the non-standard Curve25519.
+or Curve25519.
Please note that the EC2N groups are considered as insecure and only
provided for backwards compatibility.
.Sh EXAMPLES
Index: ikev2.h
===================================================================
RCS file: /cvs/src/sbin/iked/ikev2.h,v
retrieving revision 1.28
diff -u -p -r1.28 ikev2.h
--- ikev2.h 27 Feb 2019 06:33:57 -0000 1.28
+++ ikev2.h 1 Apr 2019 19:06:18 -0000
@@ -231,16 +231,16 @@ extern struct iked_constmap ikev2_xforma
#define IKEV2_XFORMDH_MODP_4096 16 /* DH Group 16 */
#define IKEV2_XFORMDH_MODP_6144 17 /* DH Group 17 */
#define IKEV2_XFORMDH_MODP_8192 18 /* DH Group 18 */
-#define IKEV2_XFORMDH_ECP_256 19 /* DH Group 19 */
-#define IKEV2_XFORMDH_ECP_384 20 /* DH Group 20 */
-#define IKEV2_XFORMDH_ECP_521 21 /* DH Group 21 */
-#define IKEV2_XFORMDH_ECP_192 25 /* DH Group 25 */
-#define IKEV2_XFORMDH_ECP_224 26 /* DH Group 26 */
-#define IKEV2_XFORMDH_BRAINPOOL_P224R1 27 /* DH Group 27 */
-#define IKEV2_XFORMDH_BRAINPOOL_P256R1 28 /* DH Group 28 */
-#define IKEV2_XFORMDH_BRAINPOOL_P384R1 29 /* DH Group 29 */
-#define IKEV2_XFORMDH_BRAINPOOL_P512R1 30 /* DH Group 30 */
-#define IKEV2_XFORMDH_X_CURVE25519 1034 /*
draft-ietf-ipsecme-safecurves-00 */
+#define IKEV2_XFORMDH_ECP_256 19 /* RFC5114 */
+#define IKEV2_XFORMDH_ECP_384 20 /* RFC5114 */
+#define IKEV2_XFORMDH_ECP_521 21 /* RFC5114 */
+#define IKEV2_XFORMDH_ECP_192 25 /* RFC5114 */
+#define IKEV2_XFORMDH_ECP_224 26 /* RFC5114 */
+#define IKEV2_XFORMDH_BRAINPOOL_P224R1 27 /* RFC6954 */
+#define IKEV2_XFORMDH_BRAINPOOL_P256R1 28 /* RFC6954 */
+#define IKEV2_XFORMDH_BRAINPOOL_P384R1 29 /* RFC6954 */
+#define IKEV2_XFORMDH_BRAINPOOL_P512R1 30 /* RFC6954 */
+#define IKEV2_XFORMDH_CURVE25519 31 /* RFC8031 */
extern struct iked_constmap ikev2_xformdh_map[];
Index: parse.y
===================================================================
RCS file: /cvs/src/sbin/iked/parse.y,v
retrieving revision 1.78
diff -u -p -r1.78 parse.y
--- parse.y 13 Feb 2019 22:57:07 -0000 1.78
+++ parse.y 1 Apr 2019 19:06:18 -0000
@@ -253,7 +253,7 @@ const struct ipsec_xf groupxfs[] = {
{ "grp29", IKEV2_XFORMDH_BRAINPOOL_P384R1 },
{ "brainpool512", IKEV2_XFORMDH_BRAINPOOL_P512R1 },
{ "grp30", IKEV2_XFORMDH_BRAINPOOL_P512R1 },
- { "curve25519", IKEV2_XFORMDH_X_CURVE25519 },
+ { "curve25519", IKEV2_XFORMDH_CURVE25519 },
{ NULL }
};
