[Swan-dev] IKEv2: notes on parsing ike=aes_ctr-aes-3des-sha1-sha2-dh21-dh24, ...
Andrew Cagney
andrew.cagney at gmail.com
Sun Aug 19 18:12:45 UTC 2018
(While the existing parser is no where near supporting this, the
impair algparse option, does tickle some of the problems we'll
encounter if we were to try implementing this, here are my notes).
Currently it isn't possible to descripe a single proposal with
multiple algorithms. This both limits what we can send across the
wire (and annoying to me, means we can't feed the default proposals
into the parser). One possible syntax is:
ike=aes_ctr-aes-3des-sha1-sha2-dh21-dh24,...
i.e., just list the algorithms and let the parser deal with it. The
implementation would need to try multiple lookups:
- encryption (ike, esp, ah)
- prf (ike)
- integ (ike?, esp, ah)
- dh (i,e esp, ah)
and then take the first one that succeeds. This would mean:
ike=aes-sha -> encrypt=aes prf=hmac_sha1 integ=hmac_sha1_96 dh=<defaults>
applying the existing use PRF for integrity rule
ike=aes-hmac_sha1_96 -> enrypt=aes prf=<defaults> integ=hmac_sha1_96
dh=<defaults>
since hmac_sha1_96 can't ge a PRF
The got-ya is with 'none'. For instance, in both:
esp=aes-none
ike=aes_gcm-none
while 'none' could mean either DH or INTEG (yes, the latest RFC added
'none' for DH), the above strategy interprets it as integrity. The
likely workaround is to specify:
ike=aes_gcm;none
to force none as DH.
Andrew
More information about the Swan-dev
mailing list