[Swan] Support for SHA 256-512

Paul Wouters paul at nohats.ca
Wed Jun 3 17:15:18 UTC 2020

On Wed, 3 Jun 2020, Shweta Kalyani wrote:

> I wanted to check if SHA 256 and 512 is supported for IKEv1 and IKEv2 for esp tunnels.
> Following is my conf in which phase 1 passes(ike_sa=1) but fails in phase 2. I have enabled USE_SHA2=true when building libreswan.
> Would appreciate your response on this.

It is supported and tested and FIPS certified.

> esp = 3DES-SHA2_256

Using SHA2 with 3DES is a bit of an odd combination. Although it does work.

> ike = 3DES-SHA2_256-MODP1024

This one is also odd. While it works (provided you compile with USE_DH2=true)
you don't really gain security here for using SHA2 over SHA1 because of
the very very weak DH2 (modp1024).

> 000 "Tunnel37_1":   newest ISAKMP SA: #3; newest IPsec SA: #0;
> 000 "Tunnel37_1":   IKE algorithms: 3DES_CBC-HMAC_SHA2_256-MODP1024
> 000 "Tunnel37_1":   IKEv1 algorithm newest: 3DES_CBC_192-HMAC_SHA2_256-MODP1024
> 000 "Tunnel37_1":   ESP algorithms: 3DES_CBC-HMAC_SHA2_256_128

> 000 #1: "Tunnel37_1":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 28057s; lastdpd=-1s(seq in:0 out:0); idle;
> 000 #2: "Tunnel37_1":500 STATE_QUICK_I1 (sent QI1, expecting QR1); EVENT_RETRANSMIT in 21s; lastdpd=-1s(seq in:0 out:0); idle;
> 000 #3: "Tunnel37_1":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 28457s; newest ISAKMP; lastdpd=-1s(seq in:0
> out:0); idle;
> 000 #4: "Tunnel37_1":500 STATE_QUICK_R0 (expecting QI1); EVENT_CRYPTO_TIMEOUT in 17s; lastdpd=-1s(seq in:0 out:0); idle;

You can see that the IKEv1 IKE SA came up (state #1) with 3des-sha2_256
The phase 2 packet did not get a reply, presumbly the other end did not
like your proposal for phase2. It could be a crypto parameter, but could
also be a src/dst IP range or mismatched pfs= setting etc. You will
need to check the other endpoint's log on why it refused to answer.


More information about the Swan mailing list