On Wed, Nov 03, 2021 at 02:55:11PM +0900, YASUOKA Masahiko wrote: > Hi, > > On Tue, 2 Nov 2021 07:03:43 +0000 > Jason McIntyre <j...@kerhand.co.uk> wrote: > > On Tue, Nov 02, 2021 at 12:02:07PM +0900, YASUOKA Masahiko wrote: > >> I'd like to clarify "aes" in ipsec.conf accepts 128:256 bits. > >> > >> sbin/ipsecctl/ike.c: > >> 201 case ENCXF_AES: > >> 202 enc_alg = "AES"; > >> 203 key_length = "128,128:256"; > >> 204 break; > >> > >> > >> ok? > >> > >> Clarify "aes" will accept keys which length is in 128:256 bits. > >> > > > > i notice that the enc lists in ipsec.conf.5 and iked.conf.5 differ. > > aren;t they supposed to be in sync? > > > > for example, iked.conf.5 doesn;t mention "aes" or "aesctr". also the > > *-gmac and *-gcm-12 discrepancy. > > As for "aes", *only isakmpd(8)* supports "aes" keyword or having a > range for the key length. So there isn't need to sync it to > iked.conf.5. > > Also I belive "aesctr" is to support 160:288 range for key length, but > the implemention doesn't seem to be completed. I have another plan to > handle this separately, then I'll update the man page. > > > Other than the key length range, it seems there are some differences > between iked.conf.5 and ipsec.conf.5. > > 1. "-gcm-12" > missing this in ipsec.conf.5 is ok since isakmpd(8) doesn't support > it yet. (It is actually an alias ID for "-gcm" though.) > > 2. "-gmac" and "null" > iked.conf.5 has a separeted list for them to clarify they don't do > encryption. Applied the same to isakmpd.conf.5. > > 3. "chacha20-poly1305" > It is missing in ipsec.conf.5. > > 4. explanation of "[IKE only]" or "[phase 2]" > It is missing in ipsec.conf.5. Copied the section from iked.conf > and modified it. > > 5. explanation of "keysize" for AES-CTR and so on > The explanation in ipsec.conf.5 is better. Copied that to > iked.conf.5. > > 6. "cast" > ipsecctl(8) program doesn't support "cast" keyword actually, > it supports "cast128" instead. Correct "cast" to "cast128" > > > ok? > > +Transforms followed by > +.Bq IKE only > +can only be used with the > +.Ic ike > +keyword, transforms with
The ciphers that have [phase 2 only, IKE only] are all counter based AES modes that can only be safely used with a common unique IV per SA. This can not be done with manual SAs but can be negotiated as part of the IKE handshake. I interpret [IKE only] here as: can only be used with automatic keying/IKE. Otherwise it would also make little sense to have both for the same cipher.