From nobody Fri May 20 00:36:06 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 3A2421B455F5; Fri, 20 May 2022 00:36:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4L477W0Vlmz3qqZ; Fri, 20 May 2022 00:36:07 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1653006967; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=kexoZ94O7mnAI56nGGquR0Yim1nFO2Af1FZJfKa+J2Y=; b=LXZzIr/9pJxu51N43KKFKCcmy+4dnUsZ/f3urgb3VDLNBdTIVYilDe6/n6mTmk2RaGmgzE AZRTH4v3w2hxmgDHtR7qysQ4mmKsJe5Kjr4WRbB2XrEBT0M8FLzDqN3u8fmqp7U47mnowD M6HpSBZMefM1aC7ihFLcCMoGY/lkJhrQwXVzEX2YWWbpuPWHSk4bLbKMlSso8twZSC8Pk3 YP2IDvwsOCACgcwV3xT2dvshuLfFrMQt7RiV4nXWnoFFc/nwbM7D4MJIFfDmkUztpK1vNm fqU+xJ9ouUTWkx1+4chhSfNHk8KmSCY07mSFcY865O3Bc17YrErP02ld82NW8Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CFDFF2C4; Fri, 20 May 2022 00:36:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 24K0a6Ex090834; Fri, 20 May 2022 00:36:06 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 24K0a6Z2090833; Fri, 20 May 2022 00:36:06 GMT (envelope-from git) Date: Fri, 20 May 2022 00:36:06 GMT Message-Id: <202205200036.24K0a6Z2090833@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: John Baldwin Subject: git: 6835ace58091 - stable/13 - setkey(8): Clarify language around AEAD ciphers. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 6835ace580917ec512eb96cf9c456f4acc161247 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1653006967; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=kexoZ94O7mnAI56nGGquR0Yim1nFO2Af1FZJfKa+J2Y=; b=x/YkquAPwsPeLWigqucgGD+3iB5yaXBR7z8IV2HZ6O746gPL7Qkn7VpEAQ8ZPGli+i2AYb n6BRAe+VL3FGrd5kK6b6aGX8/KJEtWv3bvxJW+FRBkjdES7dT1PM7CXh4VY7Y5b4cF03te DILQS6wPDYZnDgsK23Hqn3/PosN0Vg+AqXGfMbpourpKNgayMlwH4urMFxYi3q98MAIE3O w3W7HH2aYZ9XFyUTJfY79sJykTXXFjHHSHfdlB+2ZovF/hysB/+hVztiAjO0pvTOGzk3ux ilpkXXpCSNlaEalLdZne1BSh1h4gK9G4Jc9JSX0l+2I9oEM3PyyhtzIc0siCmA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1653006967; a=rsa-sha256; cv=none; b=XymZ3qIApmXSZ3lU58W75gUHFSaKwll31eucuw1zroPrMdnyseRQq2ZeSreqP4Ikx3ViSX Vz+5aPj1Fi5WGiyodZuoTO1tylaa//HftRVQ+IRiUGr8mzG2mQO8P+QgUz/J/+E9I03NNK QDGgyZt0hUMc/0niAcJ0rH99rJpY3DUb6PRiHap6B0oRO3V33TWkDlFZJeGVUgfrT6WnhJ CPA16RpsChrf++u+evjaumkHQ9iULy1WTGS96dAMyr1eQmv4INQ/PF6lBExk+MNY+TYs8+ RzxKizFBj2oFrjF7AXeazH77z01y0xct0uPXuAV1PllwtOnmi+NilPrjuMBl5g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=6835ace580917ec512eb96cf9c456f4acc161247 commit 6835ace580917ec512eb96cf9c456f4acc161247 Author: John Baldwin AuthorDate: 2022-04-27 19:18:52 +0000 Commit: John Baldwin CommitDate: 2022-05-20 00:35:34 +0000 setkey(8): Clarify language around AEAD ciphers. AEAD ciphers for IPsec combine both encryption and authentication. As such, ESP configurations using an AEAD cipher should not use a seperate authentication algorithm via -A. However, this was not apparent from the setkey manpage and 12.x and earlier did not perform sufficient argument validation permitting users to pair an explicit -A such as SHA256-HMAC with AES-GCM. (The result was a non-standard combination of AES-CTR with the specified MAC, but with the wrong initial block counter (and thus different keystream) compared to using AES-CTR as the cipher.) Attempt to clarify this in the manpage by explicitly calling out AEAD ciphers (currently only AES-GCM) and noting that AEAD ciphers should not use -A. While here, explicitly note which authentication algorithms can be used with esp vs esp-old. Also add subsection headings for the different algorithm lists and tidy some language. I did not convert the tables to column lists (Bl -column) though that would probably be more correct than using literal blocks (Bd -literal). PR: 263379 Reviewed by: Pau Amma , markj Differential Revision: https://reviews.freebsd.org/D34947 (cherry picked from commit e6dede145616ed8f98c629c23a2ba206b812c921) --- sbin/setkey/setkey.8 | 58 +++++++++++++++++++++++++++++----------------------- 1 file changed, 32 insertions(+), 26 deletions(-) diff --git a/sbin/setkey/setkey.8 b/sbin/setkey/setkey.8 index 0d271b84792e..38417d194c66 100644 --- a/sbin/setkey/setkey.8 +++ b/sbin/setkey/setkey.8 @@ -29,7 +29,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 4, 2020 +.Dd April 27, 2022 .Dt SETKEY 8 .Os .\" @@ -328,7 +328,8 @@ Specify hard/soft life time duration of the SA. .It Ar algorithm .Bl -tag -width Fl -compact .It Fl E Ar ealgo Ar key -Specify an encryption algorithm +Specify an encryption or Authenticated Encryption with Associated Data +(AEAD) algorithm .Ar ealgo for ESP. .It Xo @@ -573,13 +574,9 @@ for details. .El .\" .Sh ALGORITHMS -The following list shows the supported algorithms. -The -.Sy protocol -and -.Sy algorithm -are almost completely orthogonal. -The following list of authentication algorithms can be used as +The following lists show the supported algorithms. +.Ss Authentication Algorithms +The following authentication algorithms can be used as .Ar aalgo in the .Fl A Ar aalgo @@ -588,21 +585,21 @@ of the parameter: .Bd -literal -offset indent algorithm keylen (bits) comment -hmac-sha1 160 ah: rfc2404 - 160 ah-old: 128bit ICV (no document) +hmac-sha1 160 ah/esp: rfc2404 + 160 ah-old/esp-old: 128bit ICV (no document) null 0 to 2048 for debugging -hmac-sha2-256 256 ah: 128bit ICV (RFC4868) - 256 ah-old: 128bit ICV (no document) -hmac-sha2-384 384 ah: 192bit ICV (RFC4868) - 384 ah-old: 128bit ICV (no document) -hmac-sha2-512 512 ah: 256bit ICV (RFC4868) - 512 ah-old: 128bit ICV (no document) -aes-xcbc-mac 128 ah: 96bit ICV (RFC3566) - 128 ah-old: 128bit ICV (no document) +hmac-sha2-256 256 ah/esp: 128bit ICV (RFC4868) + 256 ah-old/esp-old: 128bit ICV (no document) +hmac-sha2-384 384 ah/esp: 192bit ICV (RFC4868) + 384 ah-old/esp-old: 128bit ICV (no document) +hmac-sha2-512 512 ah/esp: 256bit ICV (RFC4868) + 512 ah-old/esp-old: 128bit ICV (no document) +aes-xcbc-mac 128 ah/esp: 96bit ICV (RFC3566) + 128 ah-old/esp-old: 128bit ICV (no document) tcp-md5 8 to 640 tcp: rfc2385 .Ed -.Pp -The following is the list of encryption algorithms that can be used as the +.Ss Encryption Algorithms +The following encryption algorithms can be used as the .Ar ealgo in the .Fl E Ar ealgo @@ -614,14 +611,23 @@ algorithm keylen (bits) comment null 0 to 2048 rfc2410 aes-cbc 128/192/256 rfc3602 aes-ctr 160/224/288 rfc3686 -aes-gcm-16 160/224/288 rfc4106 +aes-gcm-16 160/224/288 AEAD; rfc4106 .Ed .Pp Note that the first 128/192/256 bits of a key for -.Li aes-ctr or aes-gcm-16 -will be used as AES key, and remaining 32 bits will be used as nonce. +.Li aes-ctr +or +.Li aes-gcm-16 +will be used as the AES key, +and the remaining 32 bits will be used as the nonce. .Pp -The following are the list of compression algorithms that can be used +AEAD encryption algorithms such as +.Li aes-gcm-16 +include authentication and should not be +paired with a separate authentication algorithm via +.Fl A . +.Ss Compression Algorithms +The following compression algorithms can be used as the .Ar calgo in the @@ -639,7 +645,7 @@ deflate rfc2394 .\" .Sh EXAMPLES Add an ESP SA between two IPv6 addresses using the -AES-GCM encryption algorithm. +AES-GCM AEAD algorithm. .Bd -literal -offset indent add 3ffe:501:4819::1 3ffe:501:481d::1 esp 123457 -E aes-gcm-16 0x3ffe050148193ffe050148193ffe050148193ffe ;