If so, immediately. That means for about 2 weeks someone in snaps
can scream.
Tobias Heider <tobias.hei...@stusta.de> wrote:
> On Tue, Apr 28, 2020 at 11:22:02AM +0100, Stuart Henderson wrote:
> > On 2020/04/28 01:09, Tobias Heider wrote:
> > > Hi,
> > >
> > > the EC2N family of curves have been marked as insecure for at least 10
> > > years.
> > > In fact, IANA has stopped listing them altogether [1].
> > > Their former IDs are now 'reserved'.
> > >
> > > I think it's time for us to drop them as well.
> > >
> > > ok?
> >
> > I agree with dropping them. Timing-wise perhaps it's better to do it
> > after release (possible text for upgrade notes below); OTOH probably
> > nobody really uses ec2n so it's not all that likely to hurt users (we
> > can use similar text but say "prior to upgrade, add alternative groups
> > [...]" instead).
> >
> > "The insecure ec2n D-H groups will be removed from iked in the next
> > release; if you are using these, add alternative groups to ikesa/childsa
> > in iked.conf, then you can move clients across one by one and remove
> > the ec2n groups in advance of 6.8.
> >
> > While removal of other groups is not imminent, some are considered
> > insecure (768-bit MODP, group 1) or weak (1024- and 1536-bit MODP,
> > groups 2 and 5). Prefer curve25519, an ECP group of 256 bits or
> > more, or a MODP group of 2048 bits or more."
>
> I would really rather do it now. It has been marked as insecure for long
> enough and really no one should be using it.
> IMHO shipping them for another six months would be rather irresponsible
> from our side.
>
> The upgrade note sound good.
>
> >
> > > Index: iked.conf.5
> > > ===================================================================
> > > RCS file: /cvs/src/sbin/iked/iked.conf.5,v
> > > retrieving revision 1.66
> > > diff -u -p -r1.66 iked.conf.5
> > > --- iked.conf.5 27 Apr 2020 22:40:09 -0000 1.66
> > > +++ iked.conf.5 27 Apr 2020 22:58:24 -0000
> > > @@ -909,8 +909,6 @@ keyword:
> > > .It Em Name Ta Em Group Ta Em Size Ta Em Type
> > > .It Li modp768 Ta grp1 Ta 768 Ta "MODP"
> > > .It Li modp1024 Ta grp2 Ta 1024 Ta "MODP"
> >
> > .It Li modp768 Ta grp1 Ta 768 Ta "MODP" [insecure]
> > .It Li modp1024 Ta grp2 Ta 1024 Ta "MODP" [weak]
> >
> > > -.It Li ec2n155 Ta grp3 Ta 155 Ta "EC2N [insecure]"
> > > -.It Li ec2n185 Ta grp4 Ta 185 Ta "EC2N [insecure]"
> > > .It Li modp1536 Ta grp5 Ta 1536 Ta "MODP"
> >
> > .It Li modp1536 Ta grp5 Ta 1536 Ta "MODP" [weak]
> >
> > I guess we should sprinkle some other weak/insecure in the manual
> > too but this is a start.
>
> Good idea, your classification makes sense. We should do the same for
> all algorithms.
>
> >
> > > .It Li modp2048 Ta grp14 Ta 2048 Ta "MODP"
> > > .It Li modp3072 Ta grp15 Ta 3072 Ta "MODP"
> > > @@ -931,11 +929,8 @@ keyword:
> > > .Pp
> > > The currently supported group types are either
> > > MODP (exponentiation groups modulo a prime),
> > > -EC2N (elliptic curve groups over GF[2^N]),
> > > ECP (elliptic curve groups modulo a prime),
> > > or Curve25519.
> > > -Please note that the EC2N groups are considered as insecure and only
> > > -provided for backwards compatibility.
> >
> > Please note that MODP groups of less than 2048 bits are considered
> > as weak or insecure (see RFC 8247 section 2.4) and only provided for
> > backwards compatibility.
> >
> > > --- dh.h 27 Oct 2017 14:26:35 -0000 1.11
> > > +++ dh.h 27 Apr 2020 22:58:24 -0000
> > > @@ -21,7 +21,6 @@
> > >
> > > enum group_type {
> > > GROUP_MODP = 0,
> > > - GROUP_EC2N = 1,
> > > GROUP_ECP = 2,
> > > GROUP_CURVE25519 = 3
> > > };
> >
> > Should the others be renumbered so that somebody looking later doesn't
> > have to figure out why there's a gap?
> >
>
> Fixed.
>
> Here's an updated diff:
>
> Index: dh.c
> ===================================================================
> RCS file: /cvs/src/sbin/iked/dh.c,v
> retrieving revision 1.22
> diff -u -p -r1.22 dh.c
> --- dh.c 2 Apr 2019 09:42:55 -0000 1.22
> +++ dh.c 28 Apr 2020 14:50:58 -0000
> @@ -35,7 +35,7 @@ int modp_getlen(struct group *);
> int modp_create_exchange(struct group *, uint8_t *);
> int modp_create_shared(struct group *, uint8_t *, uint8_t *);
>
> -/* EC2N/ECP */
> +/* ECP */
> int ec_init(struct group *);
> int ec_getlen(struct group *);
> int ec_secretlen(struct group *);
> @@ -83,8 +83,6 @@ const struct group_id ike_groups[] = {
> "FFFFFFFFFFFFFFFF",
> "02"
> },
> - { GROUP_EC2N, 3, 155, NULL, NULL, NID_ipsec3 },
> - { GROUP_EC2N, 4, 185, NULL, NULL, NID_ipsec4 },
> { GROUP_MODP, 5, 1536,
> "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
> "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
> @@ -290,7 +288,6 @@ group_get(uint32_t id)
> group->exchange = modp_create_exchange;
> group->shared = modp_create_shared;
> break;
> - case GROUP_EC2N:
> case GROUP_ECP:
> group->init = ec_init;
> group->getlen = ec_getlen;
> Index: dh.h
> ===================================================================
> RCS file: /cvs/src/sbin/iked/dh.h,v
> retrieving revision 1.11
> diff -u -p -r1.11 dh.h
> --- dh.h 27 Oct 2017 14:26:35 -0000 1.11
> +++ dh.h 28 Apr 2020 14:50:58 -0000
> @@ -21,9 +21,8 @@
>
> enum group_type {
> GROUP_MODP = 0,
> - GROUP_EC2N = 1,
> - GROUP_ECP = 2,
> - GROUP_CURVE25519 = 3
> + GROUP_ECP = 1,
> + GROUP_CURVE25519 = 2
> };
>
> struct group_id {
> Index: iked.conf.5
> ===================================================================
> RCS file: /cvs/src/sbin/iked/iked.conf.5,v
> retrieving revision 1.66
> diff -u -p -r1.66 iked.conf.5
> --- iked.conf.5 27 Apr 2020 22:40:09 -0000 1.66
> +++ iked.conf.5 28 Apr 2020 14:50:58 -0000
> @@ -907,11 +907,9 @@ The following group types are permitted
> keyword:
> .Bl -column "modp1024-160" "Group" "Size" "Type" -offset indent
> .It Em Name Ta Em Group Ta Em Size Ta Em Type
> -.It Li modp768 Ta grp1 Ta 768 Ta "MODP"
> -.It Li modp1024 Ta grp2 Ta 1024 Ta "MODP"
> -.It Li ec2n155 Ta grp3 Ta 155 Ta "EC2N [insecure]"
> -.It Li ec2n185 Ta grp4 Ta 185 Ta "EC2N [insecure]"
> -.It Li modp1536 Ta grp5 Ta 1536 Ta "MODP"
> +.It Li modp768 Ta grp1 Ta 768 Ta "MODP" [insecure]
> +.It Li modp1024 Ta grp2 Ta 1024 Ta "MODP" [weak]
> +.It Li modp1536 Ta grp5 Ta 1536 Ta "MODP" [weak]
> .It Li modp2048 Ta grp14 Ta 2048 Ta "MODP"
> .It Li modp3072 Ta grp15 Ta 3072 Ta "MODP"
> .It Li modp4096 Ta grp16 Ta 4096 Ta "MODP"
> @@ -931,11 +929,11 @@ keyword:
> .Pp
> The currently supported group types are either
> MODP (exponentiation groups modulo a prime),
> -EC2N (elliptic curve groups over GF[2^N]),
> ECP (elliptic curve groups modulo a prime),
> or Curve25519.
> -Please note that the EC2N groups are considered as insecure and only
> -provided for backwards compatibility.
> +Please note that MODP groups of less than 2048 bits are considered
> +as weak or insecure (see RFC 8247 section 2.4) and only provided for
> +backwards compatibility.
> .Sh FILES
> .Bl -tag -width /etc/examples/iked.conf -compact
> .It Pa /etc/iked.conf
> Index: ikev2.h
> ===================================================================
> RCS file: /cvs/src/sbin/iked/ikev2.h,v
> retrieving revision 1.31
> diff -u -p -r1.31 ikev2.h
> --- ikev2.h 3 Dec 2019 12:38:34 -0000 1.31
> +++ ikev2.h 28 Apr 2020 14:50:59 -0000
> @@ -230,8 +230,6 @@ extern struct iked_constmap ikev2_xforma
> #define IKEV2_XFORMDH_NONE 0 /* No DH */
> #define IKEV2_XFORMDH_MODP_768 1 /* DH Group 1 */
> #define IKEV2_XFORMDH_MODP_1024 2 /* DH Group 2 */
> -#define IKEV2_XFORMDH_EC2N_155 3 /* DH Group 3 */
> -#define IKEV2_XFORMDH_EC2N_185 4 /* DH Group 3 */
> #define IKEV2_XFORMDH_MODP_1536 5 /* DH Group 5 */
> #define IKEV2_XFORMDH_MODP_2048 14 /* DH Group 14 */
> #define IKEV2_XFORMDH_MODP_3072 15 /* DH Group 15 */
> Index: parse.y
> ===================================================================
> RCS file: /cvs/src/sbin/iked/parse.y,v
> retrieving revision 1.95
> diff -u -p -r1.95 parse.y
> --- parse.y 26 Apr 2020 16:55:47 -0000 1.95
> +++ parse.y 28 Apr 2020 14:50:59 -0000
> @@ -223,10 +223,6 @@ const struct ipsec_xf groupxfs[] = {
> { "grp1", IKEV2_XFORMDH_MODP_768 },
> { "modp1024", IKEV2_XFORMDH_MODP_1024 },
> { "grp2", IKEV2_XFORMDH_MODP_1024 },
> - { "ec2n155", IKEV2_XFORMDH_EC2N_155 },
> - { "grp3", IKEV2_XFORMDH_EC2N_155 },
> - { "ec2n185", IKEV2_XFORMDH_EC2N_185 },
> - { "grp4", IKEV2_XFORMDH_EC2N_185 },
> { "modp1536", IKEV2_XFORMDH_MODP_1536 },
> { "grp5", IKEV2_XFORMDH_MODP_1536 },
> { "modp2048", IKEV2_XFORMDH_MODP_2048 },
>
