On Fri, May 01, 2020 at 11:35:23PM +0200, Stephan Mending wrote: > Hi *, > > this diff removes SHA1 as default transform for integrity algorithms. > > It's been broken long enough. Let's at least get rid of it in iked's > defaults. > > SHA1 is officially broken since 2011 and there have been doubts about it > since 2005. > > Though using SHA1 in combination with HAMC as pseudorandom function is > perfectly fine as of today. > > > OK?
Thank you for the diff. It's not as if we haven't thought about removing this transform, but before doing so we need to do some testing to ensure we don't break existing setups. See this mail from yesterday: https://marc.info/?l=openbsd-tech&m=158828278120230&w=2 Also: the mentioned sha1 transform is also a HMAC construction and technically safe to use (for now), same as the PRF. > > > Index: parse.y > =================================================================== > RCS file: /cvs/src/sbin/iked/parse.y,v > retrieving revision 1.99 > diff -u -p -r1.99 parse.y > --- parse.y 30 Apr 2020 21:11:13 -0000 1.99 > +++ parse.y 1 May 2020 21:19:41 -0000 > @@ -144,7 +144,6 @@ struct iked_transform ikev2_default_ike_ > { IKEV2_XFORMTYPE_PRF, IKEV2_XFORMPRF_HMAC_SHA2_256 }, > { IKEV2_XFORMTYPE_PRF, IKEV2_XFORMPRF_HMAC_SHA1 }, > { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA2_256_128 }, > - { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA1_96 }, > { IKEV2_XFORMTYPE_DH, IKEV2_XFORMDH_CURVE25519 }, > { IKEV2_XFORMTYPE_DH, IKEV2_XFORMDH_ECP_521 }, > { IKEV2_XFORMTYPE_DH, IKEV2_XFORMDH_ECP_384 }, > @@ -164,7 +163,6 @@ struct iked_transform ikev2_default_esp_ > { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 192 }, > { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 128 }, > { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA2_256_128 }, > - { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA1_96 }, > { IKEV2_XFORMTYPE_ESN, IKEV2_XFORMESN_ESN }, > { IKEV2_XFORMTYPE_ESN, IKEV2_XFORMESN_NONE }, > { 0 } > > ndex: parse.y > =================================================================== > RCS file: /cvs/src/sbin/iked/parse.y,v > retrieving revision 1.99 > diff -u -p -r1.99 parse.y > --- parse.y 30 Apr 2020 21:11:13 -0000 1.99 > +++ parse.y 1 May 2020 21:19:41 -0000 > @@ -144,7 +144,6 @@ struct iked_transform ikev2_default_ike_ > { IKEV2_XFORMTYPE_PRF, IKEV2_XFORMPRF_HMAC_SHA2_256 }, > { IKEV2_XFORMTYPE_PRF, IKEV2_XFORMPRF_HMAC_SHA1 }, > { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA2_256_128 }, > - { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA1_96 }, > { IKEV2_XFORMTYPE_DH, IKEV2_XFORMDH_CURVE25519 }, > { IKEV2_XFORMTYPE_DH, IKEV2_XFORMDH_ECP_521 }, > { IKEV2_XFORMTYPE_DH, IKEV2_XFORMDH_ECP_384 }, > @@ -164,7 +163,6 @@ struct iked_transform ikev2_default_esp_ > { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 192 }, > { IKEV2_XFORMTYPE_ENCR, IKEV2_XFORMENCR_AES_CBC, 128 }, > { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA2_256_128 }, > - { IKEV2_XFORMTYPE_INTEGR, IKEV2_XFORMAUTH_HMAC_SHA1_96 }, > { IKEV2_XFORMTYPE_ESN, IKEV2_XFORMESN_ESN }, > { IKEV2_XFORMTYPE_ESN, IKEV2_XFORMESN_NONE }, > { 0 }
