diff options
-rw-r--r-- | man/ipsec.conf.5.in | 7 | ||||
-rw-r--r-- | src/libcharon/config/child_cfg.h | 3 | ||||
-rw-r--r-- | src/libcharon/plugins/stroke/stroke_config.c | 3 | ||||
-rw-r--r-- | src/libcharon/plugins/stroke/stroke_socket.c | 1 | ||||
-rw-r--r-- | src/libcharon/plugins/vici/vici_config.c | 11 | ||||
-rw-r--r-- | src/libcharon/sa/child_sa.c | 8 | ||||
-rw-r--r-- | src/starter/args.c | 1 | ||||
-rw-r--r-- | src/starter/confread.h | 2 | ||||
-rw-r--r-- | src/starter/keywords.h | 1 | ||||
-rw-r--r-- | src/starter/keywords.txt | 1 | ||||
-rw-r--r-- | src/starter/starterstroke.c | 1 | ||||
-rw-r--r-- | src/stroke/stroke_msg.h | 1 | ||||
-rw-r--r-- | src/swanctl/swanctl.opt | 9 |
13 files changed, 48 insertions, 1 deletions
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index ee7d86089..fef44ae21 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -1141,6 +1141,13 @@ a value of 0 disables IPsec replay protection. .BR reqid " = <number>" sets the reqid for a given connection to a pre-configured fixed value. .TP +.BR sha256_96 " = " no " | yes" +HMAC-SHA-256 is used with 128-bit truncation with IPsec. For compatibility +with implementations that incorrectly use 96-bit truncation this option may be +enabled to configure the shorter truncation length in the kernel. This is not +negotiated, so this only works with peers that use the incorrect truncation +length (or have this option enabled). +.TP .BR tfc " = <value>" number of bytes to pad ESP payload data to. Traffic Flow Confidentiality is currently supported in IKEv2 and applies to outgoing packets only. The diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h index 56ffab597..a102c459c 100644 --- a/src/libcharon/config/child_cfg.h +++ b/src/libcharon/config/child_cfg.h @@ -307,6 +307,9 @@ enum child_cfg_option_t { /** Enable hardware offload, if supported by the IPsec backend */ OPT_HW_OFFLOAD = (1<<5), + + /** Force 96-bit truncation for SHA-256 */ + OPT_SHA256_96 = (1<<6), }; /** diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index a9d073684..d47787d72 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -1074,7 +1074,8 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, .options = (msg->add_conn.proxy_mode ? OPT_PROXY_MODE : 0) | (msg->add_conn.ipcomp ? OPT_IPCOMP : 0) | (msg->add_conn.me.hostaccess ? OPT_HOSTACCESS : 0) | - (msg->add_conn.install_policy ? 0 : OPT_NO_POLICIES), + (msg->add_conn.install_policy ? 0 : OPT_NO_POLICIES) | + (msg->add_conn.sha256_96 ? OPT_SHA256_96 : 0), .tfc = msg->add_conn.tfc, .inactivity = msg->add_conn.inactivity, .dpd_action = map_action(msg->add_conn.dpd.action), diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c index 46de90ca6..65d345db3 100644 --- a/src/libcharon/plugins/stroke/stroke_socket.c +++ b/src/libcharon/plugins/stroke/stroke_socket.c @@ -216,6 +216,7 @@ static void stroke_add_conn(private_stroke_socket_t *this, stroke_msg_t *msg) DBG_OPT(" dpdtimeout=%d", msg->add_conn.dpd.timeout); DBG_OPT(" dpdaction=%d", msg->add_conn.dpd.action); DBG_OPT(" closeaction=%d", msg->add_conn.close_action); + DBG_OPT(" sha256_96=%s", msg->add_conn.sha256_96 ? "yes" : "no"); DBG_OPT(" mediation=%s", msg->add_conn.ikeme.mediation ? "yes" : "no"); DBG_OPT(" mediated_by=%s", msg->add_conn.ikeme.mediated_by); DBG_OPT(" me_peerid=%s", msg->add_conn.ikeme.peerid); diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index 46eaf5cff..3af67df94 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -525,6 +525,7 @@ static void log_child_data(child_data_t *data, char *name) DBG2(DBG_CFG, " local_ts = %#R", data->local_ts); DBG2(DBG_CFG, " remote_ts = %#R", data->remote_ts); DBG2(DBG_CFG, " hw_offload = %u", cfg->options & OPT_HW_OFFLOAD); + DBG2(DBG_CFG, " sha256_96 = %u", cfg->options & OPT_SHA256_96); } /** @@ -892,6 +893,15 @@ CALLBACK(parse_opt_hw_offl, bool, } /** + * Parse OPT_SHA256_96 option + */ +CALLBACK(parse_opt_sha256_96, bool, + child_cfg_option_t *out, chunk_t v) +{ + return parse_option(out, OPT_SHA256_96, v); +} + +/** * Parse an action_t */ CALLBACK(parse_action, bool, @@ -1550,6 +1560,7 @@ CALLBACK(child_kv, bool, { "priority", parse_uint32, &child->cfg.priority }, { "interface", parse_string, &child->cfg.interface }, { "hw_offload", parse_opt_hw_offl, &child->cfg.options }, + { "sha256_96", parse_opt_sha256_96,&child->cfg.options }, }; return parse_rules(rules, countof(rules), name, value, diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index 1d615915f..e1ffc2aae 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -802,6 +802,14 @@ static status_t install_internal(private_child_sa_t *this, chunk_t encr, this->proposal->get_algorithm(this->proposal, EXTENDED_SEQUENCE_NUMBERS, &esn, NULL); + if (int_alg == AUTH_HMAC_SHA2_256_128 && + this->config->has_option(this->config, OPT_SHA256_96)) + { + DBG2(DBG_CHD, " using %N with 96-bit truncation", + integrity_algorithm_names, int_alg); + int_alg = AUTH_HMAC_SHA2_256_96; + } + if (!this->reqid_allocated && !this->static_reqid) { status = charon->kernel->alloc_reqid(charon->kernel, my_ts, other_ts, diff --git a/src/starter/args.c b/src/starter/args.c index 7f010d350..477a52082 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -165,6 +165,7 @@ static const token_info_t token_info[] = { ARG_TIME, offsetof(starter_conn_t, dpd_timeout), NULL }, { ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action }, { ARG_ENUM, offsetof(starter_conn_t, close_action), LST_dpd_action }, + { ARG_ENUM, offsetof(starter_conn_t, sha256_96), LST_bool }, { ARG_TIME, offsetof(starter_conn_t, inactivity), NULL }, { ARG_MISC, 0, NULL /* KW_MODECONFIG */ }, { ARG_MISC, 0, NULL /* KW_XAUTH */ }, diff --git a/src/starter/confread.h b/src/starter/confread.h index 2b974d1bc..8ee730daa 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -162,6 +162,8 @@ struct starter_conn { dpd_action_t close_action; + bool sha256_96; + time_t inactivity; bool me_mediation; diff --git a/src/starter/keywords.h b/src/starter/keywords.h index 94af493f8..0cb46a740 100644 --- a/src/starter/keywords.h +++ b/src/starter/keywords.h @@ -64,6 +64,7 @@ enum kw_token_t { KW_DPDTIMEOUT, KW_DPDACTION, KW_CLOSEACTION, + KW_SHA256_96, KW_INACTIVITY, KW_MODECONFIG, KW_XAUTH, diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt index ee0bd31e1..3f92dc83f 100644 --- a/src/starter/keywords.txt +++ b/src/starter/keywords.txt @@ -61,6 +61,7 @@ dpddelay, KW_DPDDELAY dpdtimeout, KW_DPDTIMEOUT dpdaction, KW_DPDACTION closeaction, KW_CLOSEACTION +sha256_96, KW_SHA256_96 inactivity, KW_INACTIVITY modeconfig, KW_MODECONFIG xauth, KW_XAUTH diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index b92c00c87..90af9372a 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -220,6 +220,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) msg->add_conn.dpd.timeout = conn->dpd_timeout; msg->add_conn.dpd.action = conn->dpd_action; msg->add_conn.close_action = conn->close_action; + msg->add_conn.sha256_96 = conn->sha256_96; msg->add_conn.inactivity = conn->inactivity; msg->add_conn.ikeme.mediation = conn->me_mediation; push_string(&msg, add_conn.ikeme.mediated_by, conn->me_mediated_by); diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h index a3b911d0f..60ea0028d 100644 --- a/src/stroke/stroke_msg.h +++ b/src/stroke/stroke_msg.h @@ -302,6 +302,7 @@ struct stroke_msg_t { } mark_in, mark_out; stroke_end_t me, other; uint32_t replay_window; + bool sha256_96; } add_conn; /* data for STR_ADD_CA */ diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index 496dbf3cd..7e204db61 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -651,6 +651,15 @@ connections.<conn>.children.<child>.esp_proposals = default for interoperability. If no algorithms are specified for AH nor ESP, the _default_ set of algorithms for ESP is included. +connections.<conn>.children.<child>.sha256_96 = no + Use incorrect 96-bit truncation for HMAC-SHA-256. + + HMAC-SHA-256 is used with 128-bit truncation with IPsec. For compatibility + with implementations that incorrectly use 96-bit truncation this option may + be enabled to configure the shorter truncation length in the kernel. This + is not negotiated, so this only works with peers that use the incorrect + truncation length (or have this option enabled). + connections.<conn>.children.<child>.local_ts = dynamic Local traffic selectors to include in CHILD_SA. |