If so, immediately. That means for about 2 weeks someone in snaps can scream.
Tobias Heider <tobias.hei...@stusta.de> wrote: > On Tue, Apr 28, 2020 at 11:22:02AM +0100, Stuart Henderson wrote: > > On 2020/04/28 01:09, Tobias Heider wrote: > > > Hi, > > > > > > the EC2N family of curves have been marked as insecure for at least 10 > > > years. > > > In fact, IANA has stopped listing them altogether [1]. > > > Their former IDs are now 'reserved'. > > > > > > I think it's time for us to drop them as well. > > > > > > ok? > > > > I agree with dropping them. Timing-wise perhaps it's better to do it > > after release (possible text for upgrade notes below); OTOH probably > > nobody really uses ec2n so it's not all that likely to hurt users (we > > can use similar text but say "prior to upgrade, add alternative groups > > [...]" instead). > > > > "The insecure ec2n D-H groups will be removed from iked in the next > > release; if you are using these, add alternative groups to ikesa/childsa > > in iked.conf, then you can move clients across one by one and remove > > the ec2n groups in advance of 6.8. > > > > While removal of other groups is not imminent, some are considered > > insecure (768-bit MODP, group 1) or weak (1024- and 1536-bit MODP, > > groups 2 and 5). Prefer curve25519, an ECP group of 256 bits or > > more, or a MODP group of 2048 bits or more." > > I would really rather do it now. It has been marked as insecure for long > enough and really no one should be using it. > IMHO shipping them for another six months would be rather irresponsible > from our side. > > The upgrade note sound good. > > > > > > Index: iked.conf.5 > > > =================================================================== > > > RCS file: /cvs/src/sbin/iked/iked.conf.5,v > > > retrieving revision 1.66 > > > diff -u -p -r1.66 iked.conf.5 > > > --- iked.conf.5 27 Apr 2020 22:40:09 -0000 1.66 > > > +++ iked.conf.5 27 Apr 2020 22:58:24 -0000 > > > @@ -909,8 +909,6 @@ keyword: > > > .It Em Name Ta Em Group Ta Em Size Ta Em Type > > > .It Li modp768 Ta grp1 Ta 768 Ta "MODP" > > > .It Li modp1024 Ta grp2 Ta 1024 Ta "MODP" > > > > .It Li modp768 Ta grp1 Ta 768 Ta "MODP" [insecure] > > .It Li modp1024 Ta grp2 Ta 1024 Ta "MODP" [weak] > > > > > -.It Li ec2n155 Ta grp3 Ta 155 Ta "EC2N [insecure]" > > > -.It Li ec2n185 Ta grp4 Ta 185 Ta "EC2N [insecure]" > > > .It Li modp1536 Ta grp5 Ta 1536 Ta "MODP" > > > > .It Li modp1536 Ta grp5 Ta 1536 Ta "MODP" [weak] > > > > I guess we should sprinkle some other weak/insecure in the manual > > too but this is a start. > > Good idea, your classification makes sense. We should do the same for > all algorithms. > > > > > > .It Li modp2048 Ta grp14 Ta 2048 Ta "MODP" > > > .It Li modp3072 Ta grp15 Ta 3072 Ta "MODP" > > > @@ -931,11 +929,8 @@ keyword: > > > .Pp > > > The currently supported group types are either > > > MODP (exponentiation groups modulo a prime), > > > -EC2N (elliptic curve groups over GF[2^N]), > > > ECP (elliptic curve groups modulo a prime), > > > or Curve25519. > > > -Please note that the EC2N groups are considered as insecure and only > > > -provided for backwards compatibility. > > > > Please note that MODP groups of less than 2048 bits are considered > > as weak or insecure (see RFC 8247 section 2.4) and only provided for > > backwards compatibility. > > > > > --- dh.h 27 Oct 2017 14:26:35 -0000 1.11 > > > +++ dh.h 27 Apr 2020 22:58:24 -0000 > > > @@ -21,7 +21,6 @@ > > > > > > enum group_type { > > > GROUP_MODP = 0, > > > - GROUP_EC2N = 1, > > > GROUP_ECP = 2, > > > GROUP_CURVE25519 = 3 > > > }; > > > > Should the others be renumbered so that somebody looking later doesn't > > have to figure out why there's a gap? > > > > Fixed. > > Here's an updated diff: > > Index: dh.c > =================================================================== > RCS file: /cvs/src/sbin/iked/dh.c,v > retrieving revision 1.22 > diff -u -p -r1.22 dh.c > --- dh.c 2 Apr 2019 09:42:55 -0000 1.22 > +++ dh.c 28 Apr 2020 14:50:58 -0000 > @@ -35,7 +35,7 @@ int modp_getlen(struct group *); > int modp_create_exchange(struct group *, uint8_t *); > int modp_create_shared(struct group *, uint8_t *, uint8_t *); > > -/* EC2N/ECP */ > +/* ECP */ > int ec_init(struct group *); > int ec_getlen(struct group *); > int ec_secretlen(struct group *); > @@ -83,8 +83,6 @@ const struct group_id ike_groups[] = { > "FFFFFFFFFFFFFFFF", > "02" > }, > - { GROUP_EC2N, 3, 155, NULL, NULL, NID_ipsec3 }, > - { GROUP_EC2N, 4, 185, NULL, NULL, NID_ipsec4 }, > { GROUP_MODP, 5, 1536, > "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" > "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" > @@ -290,7 +288,6 @@ group_get(uint32_t id) > group->exchange = modp_create_exchange; > group->shared = modp_create_shared; > break; > - case GROUP_EC2N: > case GROUP_ECP: > group->init = ec_init; > group->getlen = ec_getlen; > Index: dh.h > =================================================================== > RCS file: /cvs/src/sbin/iked/dh.h,v > retrieving revision 1.11 > diff -u -p -r1.11 dh.h > --- dh.h 27 Oct 2017 14:26:35 -0000 1.11 > +++ dh.h 28 Apr 2020 14:50:58 -0000 > @@ -21,9 +21,8 @@ > > enum group_type { > GROUP_MODP = 0, > - GROUP_EC2N = 1, > - GROUP_ECP = 2, > - GROUP_CURVE25519 = 3 > + GROUP_ECP = 1, > + GROUP_CURVE25519 = 2 > }; > > struct group_id { > Index: iked.conf.5 > =================================================================== > RCS file: /cvs/src/sbin/iked/iked.conf.5,v > retrieving revision 1.66 > diff -u -p -r1.66 iked.conf.5 > --- iked.conf.5 27 Apr 2020 22:40:09 -0000 1.66 > +++ iked.conf.5 28 Apr 2020 14:50:58 -0000 > @@ -907,11 +907,9 @@ The following group types are permitted > keyword: > .Bl -column "modp1024-160" "Group" "Size" "Type" -offset indent > .It Em Name Ta Em Group Ta Em Size Ta Em Type > -.It Li modp768 Ta grp1 Ta 768 Ta "MODP" > -.It Li modp1024 Ta grp2 Ta 1024 Ta "MODP" > -.It Li ec2n155 Ta grp3 Ta 155 Ta "EC2N [insecure]" > -.It Li ec2n185 Ta grp4 Ta 185 Ta "EC2N [insecure]" > -.It Li modp1536 Ta grp5 Ta 1536 Ta "MODP" > +.It Li modp768 Ta grp1 Ta 768 Ta "MODP" [insecure] > +.It Li modp1024 Ta grp2 Ta 1024 Ta "MODP" [weak] > +.It Li modp1536 Ta grp5 Ta 1536 Ta "MODP" [weak] > .It Li modp2048 Ta grp14 Ta 2048 Ta "MODP" > .It Li modp3072 Ta grp15 Ta 3072 Ta "MODP" > .It Li modp4096 Ta grp16 Ta 4096 Ta "MODP" > @@ -931,11 +929,11 @@ keyword: > .Pp > The currently supported group types are either > MODP (exponentiation groups modulo a prime), > -EC2N (elliptic curve groups over GF[2^N]), > ECP (elliptic curve groups modulo a prime), > or Curve25519. > -Please note that the EC2N groups are considered as insecure and only > -provided for backwards compatibility. > +Please note that MODP groups of less than 2048 bits are considered > +as weak or insecure (see RFC 8247 section 2.4) and only provided for > +backwards compatibility. > .Sh FILES > .Bl -tag -width /etc/examples/iked.conf -compact > .It Pa /etc/iked.conf > Index: ikev2.h > =================================================================== > RCS file: /cvs/src/sbin/iked/ikev2.h,v > retrieving revision 1.31 > diff -u -p -r1.31 ikev2.h > --- ikev2.h 3 Dec 2019 12:38:34 -0000 1.31 > +++ ikev2.h 28 Apr 2020 14:50:59 -0000 > @@ -230,8 +230,6 @@ extern struct iked_constmap ikev2_xforma > #define IKEV2_XFORMDH_NONE 0 /* No DH */ > #define IKEV2_XFORMDH_MODP_768 1 /* DH Group 1 */ > #define IKEV2_XFORMDH_MODP_1024 2 /* DH Group 2 */ > -#define IKEV2_XFORMDH_EC2N_155 3 /* DH Group 3 */ > -#define IKEV2_XFORMDH_EC2N_185 4 /* DH Group 3 */ > #define IKEV2_XFORMDH_MODP_1536 5 /* DH Group 5 */ > #define IKEV2_XFORMDH_MODP_2048 14 /* DH Group 14 */ > #define IKEV2_XFORMDH_MODP_3072 15 /* DH Group 15 */ > Index: parse.y > =================================================================== > RCS file: /cvs/src/sbin/iked/parse.y,v > retrieving revision 1.95 > diff -u -p -r1.95 parse.y > --- parse.y 26 Apr 2020 16:55:47 -0000 1.95 > +++ parse.y 28 Apr 2020 14:50:59 -0000 > @@ -223,10 +223,6 @@ const struct ipsec_xf groupxfs[] = { > { "grp1", IKEV2_XFORMDH_MODP_768 }, > { "modp1024", IKEV2_XFORMDH_MODP_1024 }, > { "grp2", IKEV2_XFORMDH_MODP_1024 }, > - { "ec2n155", IKEV2_XFORMDH_EC2N_155 }, > - { "grp3", IKEV2_XFORMDH_EC2N_155 }, > - { "ec2n185", IKEV2_XFORMDH_EC2N_185 }, > - { "grp4", IKEV2_XFORMDH_EC2N_185 }, > { "modp1536", IKEV2_XFORMDH_MODP_1536 }, > { "grp5", IKEV2_XFORMDH_MODP_1536 }, > { "modp2048", IKEV2_XFORMDH_MODP_2048 }, >