128 bit default security strength for IKE and ESP algorithms
The default ESP cipher suite is now
AES_CBC-128/HMAC_SHA2_256_128
and requires SHA-2 HMAC support in the Linux kernel (correctly implemented
since 2.6.33).
The default IKE cipher suite is now
AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
if the openssl plugin is loaded or
AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072
if ECC is not available.
The use of the SHA-1 hash algorithm and the MODP_2048 DH group has been
deprecated and ENCR_CHACHA20_POLY1305 has been added to the default
IKE AEAD algorithms.
This commit is contained in:
Andreas Steffen
parent
1c3aa9bfc8
commit
a78e1c3b11
|
|
@ -1,6 +1,7 @@
|
|||
/*
|
||||
* Copyright (C) 2008-2014 Tobias Brunner
|
||||
* Copyright (C) 2006-2010 Martin Willi
|
||||
* Copyright (C) 2013-2015 Andreas Steffen
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
|
|
@ -640,25 +641,46 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
|
|||
|
||||
if (aead)
|
||||
{
|
||||
/* Round 1 adds algorithms with at least 128 bit security strength */
|
||||
enumerator = lib->crypto->create_aead_enumerator(lib->crypto);
|
||||
while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
|
||||
{
|
||||
switch (encryption)
|
||||
{
|
||||
case ENCR_AES_CCM_ICV8:
|
||||
case ENCR_AES_CCM_ICV12:
|
||||
case ENCR_AES_CCM_ICV16:
|
||||
case ENCR_AES_GCM_ICV8:
|
||||
case ENCR_AES_GCM_ICV12:
|
||||
case ENCR_AES_GCM_ICV16:
|
||||
case ENCR_CAMELLIA_CCM_ICV8:
|
||||
case ENCR_CAMELLIA_CCM_ICV12:
|
||||
case ENCR_AES_CCM_ICV16:
|
||||
case ENCR_CAMELLIA_CCM_ICV16:
|
||||
/* we assume that we support all AES/Camellia sizes */
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128);
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
|
||||
break;
|
||||
case ENCR_CHACHA20_POLY1305:
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
/* Round 2 adds algorithms with less than 128 bit security strength */
|
||||
enumerator = lib->crypto->create_aead_enumerator(lib->crypto);
|
||||
while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
|
||||
{
|
||||
switch (encryption)
|
||||
{
|
||||
case ENCR_AES_GCM_ICV12:
|
||||
case ENCR_AES_GCM_ICV8:
|
||||
case ENCR_AES_CCM_ICV12:
|
||||
case ENCR_AES_CCM_ICV8:
|
||||
case ENCR_CAMELLIA_CCM_ICV12:
|
||||
case ENCR_CAMELLIA_CCM_ICV8:
|
||||
/* we assume that we support all AES/Camellia sizes */
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128);
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
|
@ -672,6 +694,7 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
|
|||
}
|
||||
else
|
||||
{
|
||||
/* Round 1 adds algorithms with at least 128 bit security strength */
|
||||
enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
|
||||
while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
|
||||
{
|
||||
|
|
@ -686,6 +709,18 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
|
|||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
/* Round 2 adds algorithms with less than 128 bit security strength */
|
||||
enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
|
||||
while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
|
||||
{
|
||||
switch (encryption)
|
||||
{
|
||||
case ENCR_3DES:
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 0);
|
||||
break;
|
||||
|
|
@ -703,18 +738,33 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
/* Round 1 adds algorithms with at least 128 bit security strength */
|
||||
enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
|
||||
while (enumerator->enumerate(enumerator, &integrity, &plugin_name))
|
||||
{
|
||||
switch (integrity)
|
||||
{
|
||||
case AUTH_HMAC_SHA1_96:
|
||||
case AUTH_HMAC_SHA2_256_128:
|
||||
case AUTH_HMAC_SHA2_384_192:
|
||||
case AUTH_HMAC_SHA2_512_256:
|
||||
case AUTH_HMAC_MD5_96:
|
||||
add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
/* Round 2 adds algorithms with less than 128 bit security strength */
|
||||
enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
|
||||
while (enumerator->enumerate(enumerator, &integrity, &plugin_name))
|
||||
{
|
||||
switch (integrity)
|
||||
{
|
||||
case AUTH_AES_XCBC_96:
|
||||
case AUTH_AES_CMAC_96:
|
||||
case AUTH_HMAC_SHA1_96:
|
||||
case AUTH_HMAC_MD5_96:
|
||||
add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0);
|
||||
break;
|
||||
default:
|
||||
|
|
@ -724,16 +774,15 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
|
|||
enumerator->destroy(enumerator);
|
||||
}
|
||||
|
||||
/* Round 1 adds algorithms with at least 128 bit security strength */
|
||||
enumerator = lib->crypto->create_prf_enumerator(lib->crypto);
|
||||
while (enumerator->enumerate(enumerator, &prf, &plugin_name))
|
||||
{
|
||||
switch (prf)
|
||||
{
|
||||
case PRF_HMAC_SHA1:
|
||||
case PRF_HMAC_SHA2_256:
|
||||
case PRF_HMAC_SHA2_384:
|
||||
case PRF_HMAC_SHA2_512:
|
||||
case PRF_HMAC_MD5:
|
||||
case PRF_AES128_XCBC:
|
||||
case PRF_AES128_CMAC:
|
||||
add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0);
|
||||
|
|
@ -744,6 +793,63 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
|
|||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
/* Round 2 adds algorithms with less than 128 bit security strength */
|
||||
enumerator = lib->crypto->create_prf_enumerator(lib->crypto);
|
||||
while (enumerator->enumerate(enumerator, &prf, &plugin_name))
|
||||
{
|
||||
switch (prf)
|
||||
{
|
||||
case PRF_HMAC_SHA1:
|
||||
case PRF_HMAC_MD5:
|
||||
add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
/* Round 1 adds ECC and NTRU algorithms with at least 128 bit security strength */
|
||||
enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
|
||||
while (enumerator->enumerate(enumerator, &group, &plugin_name))
|
||||
{
|
||||
switch (group)
|
||||
{
|
||||
case ECP_256_BIT:
|
||||
case ECP_384_BIT:
|
||||
case ECP_521_BIT:
|
||||
case ECP_256_BP:
|
||||
case ECP_384_BP:
|
||||
case ECP_512_BP:
|
||||
case NTRU_128_BIT:
|
||||
case NTRU_192_BIT:
|
||||
case NTRU_256_BIT:
|
||||
add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
/* Round 2 adds other algorithms with at least 128 bit security strength */
|
||||
enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
|
||||
while (enumerator->enumerate(enumerator, &group, &plugin_name))
|
||||
{
|
||||
switch (group)
|
||||
{
|
||||
case MODP_3072_BIT:
|
||||
case MODP_4096_BIT:
|
||||
case MODP_8192_BIT:
|
||||
add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
/* Round 3 adds algorithms with less than 128 bit security strength */
|
||||
enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
|
||||
while (enumerator->enumerate(enumerator, &group, &plugin_name))
|
||||
{
|
||||
|
|
@ -755,28 +861,16 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
|
|||
case MODP_768_BIT:
|
||||
/* weak */
|
||||
break;
|
||||
case MODP_1024_BIT:
|
||||
case MODP_1536_BIT:
|
||||
case MODP_2048_BIT:
|
||||
case MODP_3072_BIT:
|
||||
case MODP_4096_BIT:
|
||||
case MODP_8192_BIT:
|
||||
case ECP_256_BIT:
|
||||
case ECP_384_BIT:
|
||||
case ECP_521_BIT:
|
||||
case MODP_1024_160:
|
||||
case MODP_2048_224:
|
||||
case MODP_2048_256:
|
||||
case ECP_192_BIT:
|
||||
case MODP_2048_224:
|
||||
case MODP_1536_BIT:
|
||||
case MODP_1024_BIT:
|
||||
case MODP_1024_160:
|
||||
case ECP_224_BIT:
|
||||
case ECP_224_BP:
|
||||
case ECP_256_BP:
|
||||
case ECP_384_BP:
|
||||
case ECP_512_BP:
|
||||
case ECP_192_BIT:
|
||||
case NTRU_112_BIT:
|
||||
case NTRU_128_BIT:
|
||||
case NTRU_192_BIT:
|
||||
case NTRU_256_BIT:
|
||||
add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
|
||||
break;
|
||||
default:
|
||||
|
|
@ -805,21 +899,27 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
|
|||
}
|
||||
break;
|
||||
case PROTO_ESP:
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192);
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256);
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256);
|
||||
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
|
||||
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
|
||||
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
|
||||
add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192);
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256);
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256);
|
||||
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
|
||||
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
|
||||
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
|
||||
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
|
||||
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
|
||||
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
|
||||
add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
|
||||
break;
|
||||
case PROTO_AH:
|
||||
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
|
||||
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
|
||||
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
|
||||
add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
|
||||
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
|
||||
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
|
||||
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
|
||||
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
|
||||
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
|
||||
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
|
||||
add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
|
|
|
|||
|
|
@ -365,17 +365,30 @@ METHOD(plugin_t, get_features, int,
|
|||
#ifndef OPENSSL_NO_AES
|
||||
/* AES GCM */
|
||||
PLUGIN_REGISTER(AEAD, openssl_gcm_create),
|
||||
PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 16),
|
||||
PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 24),
|
||||
PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 32),
|
||||
PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 16),
|
||||
PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 24),
|
||||
PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 32),
|
||||
PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 16),
|
||||
PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 24),
|
||||
PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 32),
|
||||
PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 16),
|
||||
PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 24),
|
||||
PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 32),
|
||||
PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 16),
|
||||
PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 24),
|
||||
PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 32),
|
||||
#endif /* OPENSSL_NO_AES */
|
||||
#endif /* OPENSSL_VERSION_NUMBER */
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
/* EC DH groups */
|
||||
PLUGIN_REGISTER(DH, openssl_ec_diffie_hellman_create),
|
||||
PLUGIN_PROVIDE(DH, ECP_256_BIT),
|
||||
PLUGIN_PROVIDE(DH, ECP_384_BIT),
|
||||
PLUGIN_PROVIDE(DH, ECP_521_BIT),
|
||||
PLUGIN_PROVIDE(DH, ECP_224_BIT),
|
||||
PLUGIN_PROVIDE(DH, ECP_192_BIT),
|
||||
PLUGIN_PROVIDE(DH, ECP_256_BP),
|
||||
PLUGIN_PROVIDE(DH, ECP_384_BP),
|
||||
PLUGIN_PROVIDE(DH, ECP_512_BP),
|
||||
PLUGIN_PROVIDE(DH, ECP_224_BP),
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_DH
|
||||
/* MODP DH groups */
|
||||
PLUGIN_REGISTER(DH, openssl_diffie_hellman_create),
|
||||
|
|
@ -446,19 +459,6 @@ METHOD(plugin_t, get_features, int,
|
|||
#endif /* OPENSSL_VERSION_NUMBER */
|
||||
PLUGIN_REGISTER(CONTAINER_DECODE, openssl_pkcs12_load, TRUE),
|
||||
PLUGIN_PROVIDE(CONTAINER_DECODE, CONTAINER_PKCS12),
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
/* EC DH groups */
|
||||
PLUGIN_REGISTER(DH, openssl_ec_diffie_hellman_create),
|
||||
PLUGIN_PROVIDE(DH, ECP_256_BIT),
|
||||
PLUGIN_PROVIDE(DH, ECP_384_BIT),
|
||||
PLUGIN_PROVIDE(DH, ECP_521_BIT),
|
||||
PLUGIN_PROVIDE(DH, ECP_224_BIT),
|
||||
PLUGIN_PROVIDE(DH, ECP_192_BIT),
|
||||
PLUGIN_PROVIDE(DH, ECP_224_BP),
|
||||
PLUGIN_PROVIDE(DH, ECP_256_BP),
|
||||
PLUGIN_PROVIDE(DH, ECP_384_BP),
|
||||
PLUGIN_PROVIDE(DH, ECP_512_BP),
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_ECDSA
|
||||
/* EC private/public key loading */
|
||||
PLUGIN_REGISTER(PRIVKEY, openssl_ec_private_key_load, TRUE),
|
||||
|
|
|
|||
Loading…
Reference in New Issue