Hi, On Tue, 2 Nov 2021 07:03:43 +0000 Jason McIntyre <j...@kerhand.co.uk> wrote: > On Tue, Nov 02, 2021 at 12:02:07PM +0900, YASUOKA Masahiko wrote: >> I'd like to clarify "aes" in ipsec.conf accepts 128:256 bits. >> >> sbin/ipsecctl/ike.c: >> 201 case ENCXF_AES: >> 202 enc_alg = "AES"; >> 203 key_length = "128,128:256"; >> 204 break; >> >> >> ok? >> >> Clarify "aes" will accept keys which length is in 128:256 bits. >> > > i notice that the enc lists in ipsec.conf.5 and iked.conf.5 differ. > aren;t they supposed to be in sync? > > for example, iked.conf.5 doesn;t mention "aes" or "aesctr". also the > *-gmac and *-gcm-12 discrepancy.
As for "aes", *only isakmpd(8)* supports "aes" keyword or having a range for the key length. So there isn't need to sync it to iked.conf.5. Also I belive "aesctr" is to support 160:288 range for key length, but the implemention doesn't seem to be completed. I have another plan to handle this separately, then I'll update the man page. Other than the key length range, it seems there are some differences between iked.conf.5 and ipsec.conf.5. 1. "-gcm-12" missing this in ipsec.conf.5 is ok since isakmpd(8) doesn't support it yet. (It is actually an alias ID for "-gcm" though.) 2. "-gmac" and "null" iked.conf.5 has a separeted list for them to clarify they don't do encryption. Applied the same to isakmpd.conf.5. 3. "chacha20-poly1305" It is missing in ipsec.conf.5. 4. explanation of "[IKE only]" or "[phase 2]" It is missing in ipsec.conf.5. Copied the section from iked.conf and modified it. 5. explanation of "keysize" for AES-CTR and so on The explanation in ipsec.conf.5 is better. Copied that to iked.conf.5. 6. "cast" ipsecctl(8) program doesn't support "cast" keyword actually, it supports "cast128" instead. Correct "cast" to "cast128" ok? Index: sbin/iked/iked.conf.5 =================================================================== RCS file: /cvs/src/sbin/iked/iked.conf.5,v retrieving revision 1.87 diff -u -p -r1.87 iked.conf.5 --- sbin/iked/iked.conf.5 26 Oct 2021 17:31:22 -0000 1.87 +++ sbin/iked/iked.conf.5 3 Nov 2021 05:42:48 -0000 @@ -998,9 +998,9 @@ keyword. 3DES requires 24 bytes to form its 168-bit key. This is because the most significant bit of each byte is used for parity. .Pp -The keysize of AES-CTR is actually 128-bit. +The keysize of AES-CTR can be 128, 192, or 256 bits. However as well as the key, a 32-bit nonce has to be supplied. -Thus 160 bits of key material have to be supplied. +Thus 160, 224, or 288 bits of key material, respectively, have to be supplied. The same applies to AES-GCM, AES-GMAC and Chacha20-Poly1305, however in the latter case the keysize is 256 bit. .Pp Index: sbin/ipsecctl/ipsec.conf.5 =================================================================== RCS file: /cvs/src/sbin/ipsecctl/ipsec.conf.5,v retrieving revision 1.160 diff -u -p -r1.160 ipsec.conf.5 --- sbin/ipsecctl/ipsec.conf.5 22 Oct 2021 12:30:54 -0000 1.160 +++ sbin/ipsecctl/ipsec.conf.5 3 Nov 2021 05:42:49 -0000 @@ -637,10 +637,10 @@ keyword: The following cipher types are permitted with the .Ic enc keyword: -.Bl -column "aes-128-gmac" "Key Length" "Description" -offset indent +.Bl -column "chacha20-poly1305" "128-256 bits" "Description" -offset indent .It Em "Cipher" Ta Em "Key Length" Ta "" .It Li 3des Ta "168 bits" Ta "" -.It Li aes Ta "128 bits" Ta "" +.It Li aes Ta "128-256 bits" Ta "" .It Li aes-128 Ta "128 bits" Ta "" .It Li aes-192 Ta "192 bits" Ta "" .It Li aes-256 Ta "256 bits" Ta "" @@ -651,21 +651,37 @@ keyword: .It Li aes-128-gcm Ta "160 bits" Ta "[phase 2 only, IKE only]" .It Li aes-192-gcm Ta "224 bits" Ta "[phase 2 only, IKE only]" .It Li aes-256-gcm Ta "288 bits" Ta "[phase 2 only, IKE only]" +.It Li blowfish Ta "160 bits" Ta "" +.It Li cast128 Ta "128 bits" Ta "" +.It Li chacha20-poly1305 Ta "288 bits" Ta "" +.El +.Pp +The following cipher types provide only authentication, not encryption: +.Bl -column "chacha20-poly1305" "128-256 bits" "Description" -offset indent .It Li aes-128-gmac Ta "160 bits" Ta "[phase 2 only, IKE only]" .It Li aes-192-gmac Ta "224 bits" Ta "[phase 2 only, IKE only]" .It Li aes-256-gmac Ta "288 bits" Ta "[phase 2 only, IKE only]" -.It Li blowfish Ta "160 bits" Ta "" -.It Li cast Ta "128 bits" Ta "" .It Li null Ta "(none)" Ta "[phase 2 only]" .El .Pp +Transforms followed by +.Bq IKE only +can only be used with the +.Ic ike +keyword, transforms with +.Bq phase 2 only +can only be used with the +.Ic quick +keyword. +.Pp 3DES requires 24 bytes to form its 168-bit key. This is because the most significant bit of each byte is used for parity. .Pp The keysize of AES-CTR can be 128, 192, or 256 bits. However as well as the key, a 32-bit nonce has to be supplied. Thus 160, 224, or 288 bits of key material, respectively, have to be supplied. -The same applies to AES-GCM and AES-GMAC. +The same applies to AES-GCM, AES-GMAC and Chacha20-Poly1305, +however in the latter case the keysize is 256 bit. .Pp Using AES-GMAC or NULL with ESP will only provide authentication. This is useful in setups where AH cannot be used, e.g. when NAT is involved.
