[strongSwan] Default PRF algorithm selection

Tobias Brunner tobias at strongswan.org
Fri Oct 31 15:39:31 CET 2014


Hi Emeric,

> --- src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c	2014-10-30 16:18:20.000000000 +0100
> +++ src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c	2014-10-30 16:16:49.535620541 +0100
> @@ -850,7 +850,10 @@ static kernel_algorithm_t encryption_alg
>   */
>  static kernel_algorithm_t integrity_algs[] = {
>  	{AUTH_HMAC_MD5_96,			SADB_AALG_MD5HMAC			},
> +	{AUTH_HMAC_MD5_128,			SADB_AALG_MD5HMAC			},
>  	{AUTH_HMAC_SHA1_96,			SADB_AALG_SHA1HMAC			},
> +	{AUTH_HMAC_SHA1_128,			SADB_AALG_SHA1HMAC			},
> +	{AUTH_HMAC_SHA1_160,			SADB_AALG_SHA1HMAC			},
>  	{AUTH_HMAC_SHA2_256_128,	SADB_X_AALG_SHA2_256HMAC	},
>  	{AUTH_HMAC_SHA2_384_192,	SADB_X_AALG_SHA2_384HMAC	},
>  	{AUTH_HMAC_SHA2_512_256,	SADB_X_AALG_SHA2_512HMAC	},

That won't work.  The PF_KEY integrity algorithm identifiers have a
fixed truncation length associated with them.  For instance,
SADB_AALG_SHA1HMAC always truncates to 96 bits, therefore it can't
simply be used for the other two variants.  On the other hand, with
XFRM/Netlink we have more flexibility as the truncation length can be
specified explicitly since 2.6.33.

> I have another question: why only very well-know key size are implemented for variable-length key algorithms (blowfish, serpent) ?
> For example blowfish can be used with keysize that range from 32 to 448, and only 128, 192 and 256 are available.

I guess it's mostly a configuration thing as it allows us to use gperf
to quickly parse these algorithm keywords.  Also, these sizes are
definitely the ones that are typically used.

> Is there a way to handle them? Maybe just add all entries in the  ./src/libstrongswan/crypto/proposal/proposal_keywords_static.c file ?

That file is generated, but if you want to add other blowfish variants
you could add them to proposal_keywords_static.txt.  Since 5.2.1 it's
also possible to register custom parsers for algorithm keywords, so you
could write a plugin that provides variable key lengths for these
algorithms.  I guess the blowfish plugin could do so for blowfish,
actually, the patch in the blowfish-keylen branch [1] does exactly that.

Regards,
Tobias

[1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=008482d88


More information about the Users mailing list