I think this is the right time to do this. Stuart Henderson <[email protected]> wrote:
> On 2019/03/30 13:43, Theo de Raadt wrote: > > I think we should switch, waiting doesn't help. > > > > Reyk Floeter <[email protected]> wrote: > > > > > I like the idea of switching it to the proper ID. > > > > > > Reyk > > > > > > > Am 30.03.2019 um 20:31 schrieb Stuart Henderson <[email protected]>: > > > > > > > > curve25519 had a proper ID (31) assigned in 2016 but we still have > > > > the draft private-use ID in iked. Any thoughts on whether we can just > > > > cut across to the proper ID, or whether that will be too painful? > > > > Are many people using this already? > > > > > > > > > > > Here's the cut-across diff. OK? > > To transition, before updating, configure the responder to allow both > curve25519 and another PFS group e.g. > > ... > ikesa enc aes-256 prf hmac-sha2-256 auth hmac-sha2-256 group curve25519 \ > ikesa enc aes-256 prf hmac-sha2-256 auth hmac-sha2-256 group brainpool512 \ > ... > > Then switch the initiators to the other group, then upgrade and switch > back as wanted. > > This doesn't affect the default iked configuration, and is unlikely to > affect non-OpenBSD devices as curve25519 with the draft ID does not seem > widely used elsewhere, so shouldn't trouble too many people. > > Index: dh.c > =================================================================== > RCS file: /cvs/src/sbin/iked/dh.c,v > retrieving revision 1.21 > diff -u -p -r1.21 dh.c > --- dh.c 27 Oct 2017 14:26:35 -0000 1.21 > +++ dh.c 1 Apr 2019 19:06:18 -0000 > @@ -244,9 +244,7 @@ const struct group_id ike_groups[] = { > { GROUP_ECP, 28, 256, NULL, NULL, NID_brainpoolP256r1 }, > { GROUP_ECP, 29, 384, NULL, NULL, NID_brainpoolP384r1 }, > { GROUP_ECP, 30, 512, NULL, NULL, NID_brainpoolP512r1 }, > - > - /* "Private use" extensions */ > - { GROUP_CURVE25519, 1034, CURVE25519_SIZE * 8 } > + { GROUP_CURVE25519, 31, CURVE25519_SIZE * 8 } > }; > > void > Index: iked.conf.5 > =================================================================== > RCS file: /cvs/src/sbin/iked/iked.conf.5,v > retrieving revision 1.53 > diff -u -p -r1.53 iked.conf.5 > --- iked.conf.5 31 Jan 2018 13:25:55 -0000 1.53 > +++ iked.conf.5 1 Apr 2019 19:06:18 -0000 > @@ -883,7 +883,7 @@ The currently supported group types are > MODP (exponentiation groups modulo a prime), > EC2N (elliptic curve groups over GF[2^N]), > ECP (elliptic curve groups modulo a prime), > -or the non-standard Curve25519. > +or Curve25519. > Please note that the EC2N groups are considered as insecure and only > provided for backwards compatibility. > .Sh EXAMPLES > Index: ikev2.h > =================================================================== > RCS file: /cvs/src/sbin/iked/ikev2.h,v > retrieving revision 1.28 > diff -u -p -r1.28 ikev2.h > --- ikev2.h 27 Feb 2019 06:33:57 -0000 1.28 > +++ ikev2.h 1 Apr 2019 19:06:18 -0000 > @@ -231,16 +231,16 @@ extern struct iked_constmap ikev2_xforma > #define IKEV2_XFORMDH_MODP_4096 16 /* DH Group 16 */ > #define IKEV2_XFORMDH_MODP_6144 17 /* DH Group 17 */ > #define IKEV2_XFORMDH_MODP_8192 18 /* DH Group 18 */ > -#define IKEV2_XFORMDH_ECP_256 19 /* DH Group 19 */ > -#define IKEV2_XFORMDH_ECP_384 20 /* DH Group 20 */ > -#define IKEV2_XFORMDH_ECP_521 21 /* DH Group 21 */ > -#define IKEV2_XFORMDH_ECP_192 25 /* DH Group 25 */ > -#define IKEV2_XFORMDH_ECP_224 26 /* DH Group 26 */ > -#define IKEV2_XFORMDH_BRAINPOOL_P224R1 27 /* DH Group 27 */ > -#define IKEV2_XFORMDH_BRAINPOOL_P256R1 28 /* DH Group 28 */ > -#define IKEV2_XFORMDH_BRAINPOOL_P384R1 29 /* DH Group 29 */ > -#define IKEV2_XFORMDH_BRAINPOOL_P512R1 30 /* DH Group 30 */ > -#define IKEV2_XFORMDH_X_CURVE25519 1034 /* > draft-ietf-ipsecme-safecurves-00 */ > +#define IKEV2_XFORMDH_ECP_256 19 /* RFC5114 */ > +#define IKEV2_XFORMDH_ECP_384 20 /* RFC5114 */ > +#define IKEV2_XFORMDH_ECP_521 21 /* RFC5114 */ > +#define IKEV2_XFORMDH_ECP_192 25 /* RFC5114 */ > +#define IKEV2_XFORMDH_ECP_224 26 /* RFC5114 */ > +#define IKEV2_XFORMDH_BRAINPOOL_P224R1 27 /* RFC6954 */ > +#define IKEV2_XFORMDH_BRAINPOOL_P256R1 28 /* RFC6954 */ > +#define IKEV2_XFORMDH_BRAINPOOL_P384R1 29 /* RFC6954 */ > +#define IKEV2_XFORMDH_BRAINPOOL_P512R1 30 /* RFC6954 */ > +#define IKEV2_XFORMDH_CURVE25519 31 /* RFC8031 */ > > extern struct iked_constmap ikev2_xformdh_map[]; > > Index: parse.y > =================================================================== > RCS file: /cvs/src/sbin/iked/parse.y,v > retrieving revision 1.78 > diff -u -p -r1.78 parse.y > --- parse.y 13 Feb 2019 22:57:07 -0000 1.78 > +++ parse.y 1 Apr 2019 19:06:18 -0000 > @@ -253,7 +253,7 @@ const struct ipsec_xf groupxfs[] = { > { "grp29", IKEV2_XFORMDH_BRAINPOOL_P384R1 }, > { "brainpool512", IKEV2_XFORMDH_BRAINPOOL_P512R1 }, > { "grp30", IKEV2_XFORMDH_BRAINPOOL_P512R1 }, > - { "curve25519", IKEV2_XFORMDH_X_CURVE25519 }, > + { "curve25519", IKEV2_XFORMDH_CURVE25519 }, > { NULL } > }; > >
