From owner-svn-src-all@freebsd.org Sat May 2 00:07:01 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 94EF42B3E03; Sat, 2 May 2020 00:07:01 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49DTv93YJVz4HMN; Sat, 2 May 2020 00:07:01 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 564201897D; Sat, 2 May 2020 00:07:01 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 042071Ob094552; Sat, 2 May 2020 00:07:01 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04206xTZ094527; Sat, 2 May 2020 00:06:59 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <202005020006.04206xTZ094527@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Sat, 2 May 2020 00:06:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r360557 - in head: lib/libipsec sbin/setkey sys/netipsec usr.bin/netstat X-SVN-Group: head X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: in head: lib/libipsec sbin/setkey sys/netipsec usr.bin/netstat X-SVN-Commit-Revision: 360557 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 May 2020 00:07:01 -0000 Author: jhb Date: Sat May 2 00:06:58 2020 New Revision: 360557 URL: https://svnweb.freebsd.org/changeset/base/360557 Log: Remove support for IPsec algorithms deprecated in r348205 and r360202. Examples of depecrated algorithms in manual pages and sample configs are updated where relevant. I removed the one example of combining ESP and AH (vs using a cipher and auth in ESP) as RFC 8221 says this combination is NOT RECOMMENDED. Specifically, this removes support for the following ciphers: - des-cbc - 3des-cbc - blowfish-cbc - cast128-cbc - des-deriv - des-32iv - camellia-cbc This also removes support for the following authentication algorithms: - hmac-md5 - keyed-md5 - keyed-sha1 - hmac-ripemd160 Reviewed by: cem, gnn (older verisons) Relnotes: yes Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D24342 Modified: head/lib/libipsec/pfkey_dump.c head/sbin/setkey/sample.cf head/sbin/setkey/setkey.8 head/sbin/setkey/test-pfkey.c head/sbin/setkey/token.l head/sys/netipsec/ipsec.c head/sys/netipsec/ipsec.h head/sys/netipsec/key.c head/sys/netipsec/xform_ah.c head/sys/netipsec/xform_esp.c head/usr.bin/netstat/ipsec.c Modified: head/lib/libipsec/pfkey_dump.c ============================================================================== --- head/lib/libipsec/pfkey_dump.c Fri May 1 23:07:23 2020 (r360556) +++ head/lib/libipsec/pfkey_dump.c Sat May 2 00:06:58 2020 (r360557) @@ -57,22 +57,10 @@ __FBSDID("$FreeBSD$"); #include "libpfkey.h" /* cope with old kame headers - ugly */ -#ifndef SADB_X_AALG_MD5 -#define SADB_X_AALG_MD5 SADB_AALG_MD5 -#endif -#ifndef SADB_X_AALG_SHA -#define SADB_X_AALG_SHA SADB_AALG_SHA -#endif #ifndef SADB_X_AALG_NULL #define SADB_X_AALG_NULL SADB_AALG_NULL #endif -#ifndef SADB_X_EALG_BLOWFISHCBC -#define SADB_X_EALG_BLOWFISHCBC SADB_EALG_BLOWFISHCBC -#endif -#ifndef SADB_X_EALG_CAST128CBC -#define SADB_X_EALG_CAST128CBC SADB_EALG_CAST128CBC -#endif #ifndef SADB_X_EALG_RC5CBC #ifdef SADB_EALG_RC5CBC #define SADB_X_EALG_RC5CBC SADB_EALG_RC5CBC @@ -147,10 +135,7 @@ static char *str_state[] = { static struct val2str str_alg_auth[] = { { SADB_AALG_NONE, "none", }, - { SADB_AALG_MD5HMAC, "hmac-md5", }, { SADB_AALG_SHA1HMAC, "hmac-sha1", }, - { SADB_X_AALG_MD5, "md5", }, - { SADB_X_AALG_SHA, "sha", }, { SADB_X_AALG_NULL, "null", }, { SADB_X_AALG_TCP_MD5, "tcp-md5", }, #ifdef SADB_X_AALG_SHA2_256 @@ -162,9 +147,6 @@ static struct val2str str_alg_auth[] = { #ifdef SADB_X_AALG_SHA2_512 { SADB_X_AALG_SHA2_512, "hmac-sha2-512", }, #endif -#ifdef SADB_X_AALG_RIPEMD160HMAC - { SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", }, -#endif #ifdef SADB_X_AALG_AES_XCBC_MAC { SADB_X_AALG_AES_XCBC_MAC, "aes-xcbc-mac", }, #endif @@ -173,14 +155,10 @@ static struct val2str str_alg_auth[] = { static struct val2str str_alg_enc[] = { { SADB_EALG_NONE, "none", }, - { SADB_EALG_DESCBC, "des-cbc", }, - { SADB_EALG_3DESCBC, "3des-cbc", }, { SADB_EALG_NULL, "null", }, #ifdef SADB_X_EALG_RC5CBC { SADB_X_EALG_RC5CBC, "rc5-cbc", }, #endif - { SADB_X_EALG_CAST128CBC, "cast128-cbc", }, - { SADB_X_EALG_BLOWFISHCBC, "blowfish-cbc", }, #ifdef SADB_X_EALG_RIJNDAELCBC { SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc", }, #endif @@ -192,9 +170,6 @@ static struct val2str str_alg_enc[] = { #endif #ifdef SADB_X_EALG_AESGCM16 { SADB_X_EALG_AESGCM16, "aes-gcm-16", }, -#endif -#ifdef SADB_X_EALG_CAMELLIACBC - { SADB_X_EALG_CAMELLIACBC, "camellia-cbc", }, #endif { -1, NULL, }, }; Modified: head/sbin/setkey/sample.cf ============================================================================== --- head/sbin/setkey/sample.cf Fri May 1 23:07:23 2020 (r360556) +++ head/sbin/setkey/sample.cf Sat May 2 00:06:58 2020 (r360557) @@ -34,9 +34,9 @@ # parameters when you configure by manual keying. # ESP transport mode is recommended for TCP port number 110 between -# Host-A and Host-B. Encryption algorithm is blowfish-cbc whose key -# is "kamekame", and authentication algorithm is hmac-sha1 whose key -# is "this is the test key". +# Host-A and Host-B. Encryption algorithm is aes-cbc whose key +# is "kamekamekamekamekamekamekamekame", and authentication algorithm is +# hmac-sha2-512 whose key is "this is the test key". # # ============ ESP ============ # | | @@ -50,17 +50,17 @@ spdadd fec0::11[110] fec0::10[any] tcp -P in ipsec esp/transport//use ; add fec0::10 fec0::11 esp 0x10001 -m transport - -E blowfish-cbc "kamekame" - -A hmac-sha1 "this is the test key" ; + -E aes-cbc "kamekamekamekamekamekamekamekame" + -A hmac-sha2-512 "this is the test key" ; add fec0::11 fec0::10 esp 0x10002 -m transport - -E blowfish-cbc "kamekame" - -A hmac-sha1 "this is the test key" ; + -E aes-cbc "kamekamekamekamekamekamekamekame" + -A hmac-sha2-512 "this is the test key" ; # "[any]" is wildcard of port number. Note that "[0]" is the number of # zero in port number. -# Security protocol is old AH tunnel mode, i.e. RFC1826, with keyed-md5 +# Security protocol is old AH tunnel mode, i.e. RFC1826, with hmac-sha2-256 # whose key is "this is the test" as authentication algorithm. # That protocol takes place between Gateway-A and Gateway-B. # @@ -76,10 +76,10 @@ spdadd 10.0.2.0/24 10.0.1.0/24 any -P in ipsec ah/tunnel/172.16.0.2-172.16.0.1/require ; add 172.16.0.1 172.16.0.2 ah-old 0x10003 -m any - -A keyed-md5 "this is the test" ; + -A hmac-sha2-256 "this is the test" ; add 172.16.0.2 172.16.0.1 ah-old 0x10004 -m any - -A keyed-md5 "this is the test" ; + -A hmac-sha2-256 "this is the test" ; # If port number field is omitted such above then "[any]" is employed. # -m specifies the mode of SA to be used. "-m any" means wildcard of @@ -93,15 +93,15 @@ spdadd 10.0.1.0/24 10.0.2.0/24 any -P in ipsec ah/tunnel/172.16.0.1-172.16.0.2/require ; add 172.16.0.1 172.16.0.2 ah-old 0x10003 -m tunnel - -A keyed-md5 "this is the test" ; + -A hmac-sha2-256 "this is the test" ; add 172.16.0.2 172.16.0.1 ah-old 0x10004 -m tunnel - -A keyed-md5 "this is the test" ; + -A hmac-sha2-256 "this is the test" ; # AH transport mode followed by ESP tunnel mode is required between # Gateway-A and Gateway-B. -# Encryption algorithm is 3des-cbc, and authentication algorithm for ESP -# is hmac-sha1. Authentication algorithm for AH is hmac-md5. +# Encryption algorithm is aes-cbc, and authentication algorithm for ESP +# is hmac-sha2-512. Authentication algorithm for AH is hmac-sha2-256. # # ========== AH ========= # | ======= ESP ===== | @@ -118,25 +118,25 @@ spdadd fec0:0:0:2::/64 fec0:0:0:1::/64 any -P in ipsec ah/transport//require ; add fec0:0:0:1::1 fec0:0:0:2::1 esp 0x10001 -m tunnel - -E 3des-cbc "kamekame12341234kame1234" - -A hmac-sha1 "this is the test key" ; + -E aes-cbc "kamekame12341234kamekame12341234" + -A hmac-sha2-512 "this is the test key" ; add fec0:0:0:1::1 fec0:0:0:2::1 ah 0x10001 -m transport - -A hmac-md5 "this is the test" ; + -A hmac-sha2-256 "this is the test" ; add fec0:0:0:2::1 fec0:0:0:1::1 esp 0x10001 -m tunnel - -E 3des-cbc "kamekame12341234kame1234" - -A hmac-sha1 "this is the test key" ; + -E aes-cbc "kamekame12341234kamekame12341234" + -A hmac-sha2-512 "this is the test key" ; add fec0:0:0:2::1 fec0:0:0:1::1 ah 0x10001 -m transport - -A hmac-md5 "this is the test" ; + -A hmac-sha2-256 "this is the test" ; # ESP tunnel mode is required between Host-A and Gateway-A. -# Encryption algorithm is cast128-cbc, and authentication algorithm -# for ESP is hmac-sha1. +# Encryption algorithm is aes-cbc, and authentication algorithm +# for ESP is hmac-sha2-256. # ESP transport mode is recommended between Host-A and Host-B. -# Encryption algorithm is rc5-cbc, and authentication algorithm -# for ESP is hmac-md5. +# Encryption algorithm is aes-ctr, and authentication algorithm +# for ESP is hmac-sha2-512. # # ================== ESP ================= # | ======= ESP ======= | @@ -153,18 +153,18 @@ spdadd fec0:0:0:2::1[80] fec0:0:0:1::1[any] tcp -P in esp/tunnel/fec0:0:0:2::1-fec0:0:0:1::1/require ; add fec0:0:0:1::1 fec0:0:0:2::2 esp 0x10001 -m transport - -E cast128-cbc "12341234" - -A hmac-sha1 "this is the test key" ; + -E aes-cbc "kamekame12341234kamekame12341234" + -A hmac-sha2-256 "this is the test key" ; add fec0:0:0:1::1 fec0:0:0:2::1 esp 0x10002 - -E rc5-cbc "kamekame" - -A hmac-md5 "this is the test" ; + -E aes-ctr "kamekame12341234kamekame12341234f00f" + -A hmac-sha2-512 "this is the test" ; add fec0:0:0:2::2 fec0:0:0:1::1 esp 0x10003 -m transport - -E cast128-cbc "12341234" - -A hmac-sha1 "this is the test key" ; + -E aes-cbc "kamekame12341234kamekame12341234" + -A hmac-sha2-256 "this is the test key" ; add fec0:0:0:2::1 fec0:0:0:1::1 esp 0x10004 - -E rc5-cbc "kamekame" - -A hmac-md5 "this is the test" ; + -E aes-ctr "kamekame12341234kamekame12341234f00f" + -A hmac-sha2-512 "this is the test" ; # By "get" command, you can get a entry of either SP or SA. get fec0:0:0:1::1 fec0:0:0:2::2 ah 0x10004 ; @@ -189,29 +189,14 @@ flush ah ; # XXX add ::1 ::1 esp 10001 -m transport -E null ; -add ::1 ::1 esp 10002 -m transport -E des-deriv "12341234" ; -add ::1 ::1 esp-old 10003 -m transport -E des-32iv "12341234" ; add ::1 ::1 esp 10004 -m transport -E null -A null ; -add ::1 ::1 esp 10005 -m transport -E null -A hmac-md5 "1234123412341234" ; add ::1 ::1 esp 10006 -m tunnel -E null -A hmac-sha1 "12341234123412341234" ; -add ::1 ::1 esp 10007 -m transport -E null -A keyed-md5 "1234123412341234" ; -add ::1 ::1 esp 10008 -m any -E null -A keyed-sha1 "12341234123412341234" ; -add ::1 ::1 esp 10009 -m transport -E des-cbc "testtest" ; -add ::1 ::1 esp 10010 -m transport -E 3des-cbc "testtest12341234testtest" ; -add ::1 ::1 esp 10011 -m tunnel -E cast128-cbc "testtest1234" ; -add ::1 ::1 esp 10012 -m tunnel -E blowfish-cbc "testtest1234" ; -add ::1 ::1 esp 10013 -m tunnel -E rc5-cbc "testtest1234" ; -add ::1 ::1 esp 10014 -m any -E rc5-cbc "testtest1234" ; add ::1 ::1 esp 10015 -m transport -f zero-pad -E null ; add ::1 ::1 esp 10016 -m tunnel -f random-pad -r 8 -lh 100 -ls 80 -E null ; add ::1 ::1 esp 10017 -m transport -f seq-pad -f nocyclic-seq -E null ; add ::1 ::1 esp 10018 -m transport -E null ; #add ::1 ::1 ah 20000 -m transport -A null ; -add ::1 ::1 ah 20001 -m any -A hmac-md5 "1234123412341234"; add ::1 ::1 ah 20002 -m tunnel -A hmac-sha1 "12341234123412341234"; -add ::1 ::1 ah 20003 -m transport -A keyed-md5 "1234123412341234"; -add ::1 ::1 ah-old 20004 -m transport -A keyed-md5 "1234123412341234"; -add ::1 ::1 ah 20005 -m transport -A keyed-sha1 "12341234123412341234"; #add ::1 ::1 ipcomp 30000 -C oui ; add ::1 ::1 ipcomp 30001 -C deflate ; #add ::1 ::1 ipcomp 30002 -C lzs ; Modified: head/sbin/setkey/setkey.8 ============================================================================== --- head/sbin/setkey/setkey.8 Fri May 1 23:07:23 2020 (r360556) +++ head/sbin/setkey/setkey.8 Sat May 2 00:06:58 2020 (r360557) @@ -29,7 +29,7 @@ .\" .\" $FreeBSD$ .\" -.Dd April 9, 2017 +.Dd May 01, 2020 .Dt SETKEY 8 .Os .\" @@ -588,14 +588,8 @@ of the parameter: .Bd -literal -offset indent algorithm keylen (bits) comment -hmac-md5 128 ah: rfc2403 - 128 ah-old: rfc2085 hmac-sha1 160 ah: rfc2404 160 ah-old: 128bit ICV (no document) -keyed-md5 128 ah: 96bit ICV (no document) - 128 ah-old: rfc1828 -keyed-sha1 160 ah: 96bit ICV (no document) - 160 ah-old: 128bit ICV (no document) null 0 to 2048 for debugging hmac-sha2-256 256 ah: 128bit ICV (RFC4868) 256 ah-old: 128bit ICV (no document) @@ -603,8 +597,6 @@ hmac-sha2-384 384 ah: 192bit ICV (RFC4868) 384 ah-old: 128bit ICV (no document) hmac-sha2-512 512 ah: 256bit ICV (RFC4868) 512 ah-old: 128bit ICV (no document) -hmac-ripemd160 160 ah: 96bit ICV (RFC2857) - ah-old: 128bit ICV (no document) aes-xcbc-mac 128 ah: 96bit ICV (RFC3566) 128 ah-old: 128bit ICV (no document) tcp-md5 8 to 640 tcp: rfc2385 @@ -619,16 +611,10 @@ of the parameter: .Bd -literal -offset indent algorithm keylen (bits) comment -des-cbc 64 esp-old: rfc1829, esp: rfc2405 -3des-cbc 192 rfc2451 null 0 to 2048 rfc2410 -blowfish-cbc 40 to 448 rfc2451 -cast128-cbc 40 to 128 rfc2451 -des-deriv 64 ipsec-ciph-des-derived-01 rijndael-cbc 128/192/256 rfc3602 aes-ctr 160/224/288 draft-ietf-ipsec-ciph-aes-ctr-03 aes-gcm-16 160/224/288 rfc4106 -camellia-cbc 128/192/256 rfc4312 .Ed .Pp Note that the first 128/192/256 bits of a key for @@ -653,24 +639,17 @@ deflate rfc2394 .\" .Sh EXAMPLES Add an ESP SA between two IPv6 addresses using the -des-cbc encryption algorithm. +AES-GCM encryption algorithm. .Bd -literal -offset indent add 3ffe:501:4819::1 3ffe:501:481d::1 esp 123457 - -E des-cbc 0x3ffe05014819ffff ; + -E aes-gcm-16 0x3ffe050148193ffe050148193ffe050148193ffe ; .Pp .Ed .\" Add an authentication SA between two FQDN specified hosts: .Bd -literal -offset indent add -6 myhost.example.com yourhost.example.com ah 123456 - -A hmac-sha1 "AH SA configuration!" ; -.Pp -.Ed -Use both ESP and AH between two numerically specified hosts: -.Bd -literal -offset indent -add 10.0.11.41 10.0.11.33 esp 0x10001 - -E des-cbc 0x3ffe05014819ffff - -A hmac-md5 "authentication!!" ; + -A hmac-sha2-256 "AH SA configuration!" ; .Pp .Ed Get the SA information associated with first example above: Modified: head/sbin/setkey/test-pfkey.c ============================================================================== --- head/sbin/setkey/test-pfkey.c Fri May 1 23:07:23 2020 (r360556) +++ head/sbin/setkey/test-pfkey.c Sat May 2 00:06:58 2020 (r360557) @@ -319,15 +319,15 @@ key_setsadbprop() m_prop.sadb_prop_reserved[1] = 0; m_prop.sadb_prop_reserved[2] = 0; - /* the 1st is ESP DES-CBC HMAC-MD5 */ + /* the 1st is ESP AES-GCM-16 */ m_comb = (struct sadb_comb *)buf; - m_comb->sadb_comb_auth = SADB_AALG_MD5HMAC; - m_comb->sadb_comb_encrypt = SADB_EALG_DESCBC; + m_comb->sadb_comb_auth = SADB_AALG_NONE; + m_comb->sadb_comb_encrypt = SADB_X_EALG_AESGCM16; m_comb->sadb_comb_flags = 0; - m_comb->sadb_comb_auth_minbits = 8; - m_comb->sadb_comb_auth_maxbits = 96; - m_comb->sadb_comb_encrypt_minbits = 64; - m_comb->sadb_comb_encrypt_maxbits = 64; + m_comb->sadb_comb_auth_minbits = 0; + m_comb->sadb_comb_auth_maxbits = 0; + m_comb->sadb_comb_encrypt_minbits = 128; + m_comb->sadb_comb_encrypt_maxbits = 256; m_comb->sadb_comb_reserved = 0; m_comb->sadb_comb_soft_allocations = 0; m_comb->sadb_comb_hard_allocations = 0; @@ -338,15 +338,15 @@ key_setsadbprop() m_comb->sadb_comb_soft_usetime = 0; m_comb->sadb_comb_hard_usetime = 0; - /* the 2st is ESP 3DES-CBC and AH HMAC-SHA1 */ + /* the 2nd is ESP AES-CBC and AH HMAC-SHA2-256 */ m_comb = (struct sadb_comb *)(buf + sizeof(*m_comb)); - m_comb->sadb_comb_auth = SADB_AALG_SHA1HMAC; - m_comb->sadb_comb_encrypt = SADB_EALG_3DESCBC; + m_comb->sadb_comb_auth = SADB_X_AALG_SHA2_256; + m_comb->sadb_comb_encrypt = SADB_X_EALG_RIJNDAELCBC; m_comb->sadb_comb_flags = 0; - m_comb->sadb_comb_auth_minbits = 8; - m_comb->sadb_comb_auth_maxbits = 96; - m_comb->sadb_comb_encrypt_minbits = 64; - m_comb->sadb_comb_encrypt_maxbits = 64; + m_comb->sadb_comb_auth_minbits = 256; + m_comb->sadb_comb_auth_maxbits = 256; + m_comb->sadb_comb_encrypt_minbits = 128; + m_comb->sadb_comb_encrypt_maxbits = 256; m_comb->sadb_comb_reserved = 0; m_comb->sadb_comb_soft_allocations = 0; m_comb->sadb_comb_hard_allocations = 0; @@ -457,8 +457,8 @@ key_setsadbsa() m_sa.sadb_sa_spi = htonl(0x12345678); m_sa.sadb_sa_replay = 4; m_sa.sadb_sa_state = 0; - m_sa.sadb_sa_auth = SADB_AALG_MD5HMAC; - m_sa.sadb_sa_encrypt = SADB_EALG_DESCBC; + m_sa.sadb_sa_auth = SADB_AALG_NONE; + m_sa.sadb_sa_encrypt = SADB_X_EALG_AESGCM16; m_sa.sadb_sa_flags = 0; memcpy(m_buf + m_len, &m_sa, sizeof(struct sadb_sa)); Modified: head/sbin/setkey/token.l ============================================================================== --- head/sbin/setkey/token.l Fri May 1 23:07:23 2020 (r360556) +++ head/sbin/setkey/token.l Sat May 2 00:06:58 2020 (r360557) @@ -147,31 +147,20 @@ tcp { yylval.num = 0; return(PR_TCP); } /* authentication alogorithm */ {hyphen}A { BEGIN S_AUTHALG; return(F_AUTH); } -hmac-md5 { yylval.num = SADB_AALG_MD5HMAC; BEGIN INITIAL; return(ALG_AUTH); } hmac-sha1 { yylval.num = SADB_AALG_SHA1HMAC; BEGIN INITIAL; return(ALG_AUTH); } -keyed-md5 { yylval.num = SADB_X_AALG_MD5; BEGIN INITIAL; return(ALG_AUTH); } -keyed-sha1 { yylval.num = SADB_X_AALG_SHA; BEGIN INITIAL; return(ALG_AUTH); } hmac-sha2-256 { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); } hmac-sha2-384 { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); } hmac-sha2-512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); } -hmac-ripemd160 { yylval.num = SADB_X_AALG_RIPEMD160HMAC; BEGIN INITIAL; return(ALG_AUTH); } aes-xcbc-mac { yylval.num = SADB_X_AALG_AES_XCBC_MAC; BEGIN INITIAL; return(ALG_AUTH); } tcp-md5 { yylval.num = SADB_X_AALG_TCP_MD5; BEGIN INITIAL; return(ALG_AUTH); } null { yylval.num = SADB_X_AALG_NULL; BEGIN INITIAL; return(ALG_AUTH_NOKEY); } /* encryption alogorithm */ {hyphen}E { BEGIN S_ENCALG; return(F_ENC); } -des-cbc { yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC); } -3des-cbc { yylval.num = SADB_EALG_3DESCBC; BEGIN INITIAL; return(ALG_ENC); } null { yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC); } simple { yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_OLD); } -blowfish-cbc { yylval.num = SADB_X_EALG_BLOWFISHCBC; BEGIN INITIAL; return(ALG_ENC); } -cast128-cbc { yylval.num = SADB_X_EALG_CAST128CBC; BEGIN INITIAL; return(ALG_ENC); } -des-deriv { yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DESDERIV); } -des-32iv { yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DES32IV); } rijndael-cbc { yylval.num = SADB_X_EALG_RIJNDAELCBC; BEGIN INITIAL; return(ALG_ENC); } aes-ctr { yylval.num = SADB_X_EALG_AESCTR; BEGIN INITIAL; return(ALG_ENC_SALT); } -camellia-cbc { yylval.num = SADB_X_EALG_CAMELLIACBC; BEGIN INITIAL; return(ALG_ENC); } aes-gcm-16 { yylval.num = SADB_X_EALG_AESGCM16; BEGIN INITIAL; return(ALG_ENC_SALT); } /* compression algorithms */ Modified: head/sys/netipsec/ipsec.c ============================================================================== --- head/sys/netipsec/ipsec.c Fri May 1 23:07:23 2020 (r360556) +++ head/sys/netipsec/ipsec.c Sat May 2 00:06:58 2020 (r360557) @@ -217,11 +217,6 @@ SYSCTL_INT(_net_inet_ipsec, OID_AUTO, filtertunnel, SYSCTL_VNET_PCPUSTAT(_net_inet_ipsec, OID_AUTO, ipsecstats, struct ipsecstat, ipsec4stat, "IPsec IPv4 statistics."); -struct timeval ipsec_warn_interval = { .tv_sec = 1, .tv_usec = 0 }; -SYSCTL_TIMEVAL_SEC(_net_inet_ipsec, OID_AUTO, crypto_warn_interval, CTLFLAG_RW, - &ipsec_warn_interval, - "Delay in seconds between warnings of deprecated IPsec crypto algorithms."); - #ifdef REGRESSION /* * When set to 1, IPsec will send packets with the same sequence number. Modified: head/sys/netipsec/ipsec.h ============================================================================== --- head/sys/netipsec/ipsec.h Fri May 1 23:07:23 2020 (r360556) +++ head/sys/netipsec/ipsec.h Sat May 2 00:06:58 2020 (r360557) @@ -287,8 +287,6 @@ VNET_DECLARE(int, crypto_support); VNET_DECLARE(int, async_crypto); VNET_DECLARE(int, natt_cksum_policy); -extern struct timeval ipsec_warn_interval; - #define IPSECSTAT_INC(name) \ VNET_PCPUSTAT_ADD(struct ipsecstat, ipsec4stat, name, 1) #define V_ip4_esp_trans_deflev VNET(ip4_esp_trans_deflev) Modified: head/sys/netipsec/key.c ============================================================================== --- head/sys/netipsec/key.c Fri May 1 23:07:23 2020 (r360556) +++ head/sys/netipsec/key.c Sat May 2 00:06:58 2020 (r360557) @@ -583,13 +583,8 @@ static struct supported_ealgs { int sadb_alg; const struct enc_xform *xform; } supported_ealgs[] = { - { SADB_EALG_DESCBC, &enc_xform_des }, - { SADB_EALG_3DESCBC, &enc_xform_3des }, { SADB_X_EALG_AES, &enc_xform_rijndael128 }, - { SADB_X_EALG_BLOWFISHCBC, &enc_xform_blf }, - { SADB_X_EALG_CAST128CBC, &enc_xform_cast5 }, { SADB_EALG_NULL, &enc_xform_null }, - { SADB_X_EALG_CAMELLIACBC, &enc_xform_camellia }, { SADB_X_EALG_AESCTR, &enc_xform_aes_icm }, { SADB_X_EALG_AESGCM16, &enc_xform_aes_nist_gcm }, { SADB_X_EALG_AESGMAC, &enc_xform_aes_nist_gmac }, @@ -600,11 +595,7 @@ static struct supported_aalgs { const struct auth_hash *xform; } supported_aalgs[] = { { SADB_X_AALG_NULL, &auth_hash_null }, - { SADB_AALG_MD5HMAC, &auth_hash_hmac_md5 }, { SADB_AALG_SHA1HMAC, &auth_hash_hmac_sha1 }, - { SADB_X_AALG_RIPEMD160HMAC, &auth_hash_hmac_ripemd_160 }, - { SADB_X_AALG_MD5, &auth_hash_key_md5 }, - { SADB_X_AALG_SHA, &auth_hash_key_sha1 }, { SADB_X_AALG_SHA2_256, &auth_hash_hmac_sha2_256 }, { SADB_X_AALG_SHA2_384, &auth_hash_hmac_sha2_384 }, { SADB_X_AALG_SHA2_512, &auth_hash_hmac_sha2_512 }, @@ -6381,8 +6372,6 @@ key_getsizes_ah(const struct auth_hash *ah, int alg, u * key size is restricted. Enforce this here. */ switch (alg) { - case SADB_X_AALG_MD5: *min = *max = 16; break; - case SADB_X_AALG_SHA: *min = *max = 20; break; case SADB_X_AALG_NULL: *min = 1; *max = 256; break; case SADB_X_AALG_SHA2_256: *min = *max = 32; break; case SADB_X_AALG_SHA2_384: *min = *max = 48; break; @@ -6413,7 +6402,6 @@ key_getcomb_ah() #if 1 /* we prefer HMAC algorithms, not old algorithms */ if (i != SADB_AALG_SHA1HMAC && - i != SADB_AALG_MD5HMAC && i != SADB_X_AALG_SHA2_256 && i != SADB_X_AALG_SHA2_384 && i != SADB_X_AALG_SHA2_512) Modified: head/sys/netipsec/xform_ah.c ============================================================================== --- head/sys/netipsec/xform_ah.c Fri May 1 23:07:23 2020 (r360556) +++ head/sys/netipsec/xform_ah.c Sat May 2 00:06:58 2020 (r360557) @@ -108,7 +108,6 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_ah, IPSECCTL_STATS, sta #endif static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */ -static struct timeval md5warn, ripewarn, kpdkmd5warn, kpdksha1warn; static int ah_input_cb(struct cryptop*); static int ah_output_cb(struct cryptop*); @@ -185,25 +184,6 @@ ah_init0(struct secasvar *sav, struct xformsw *xsp, return EINVAL; } - switch (sav->alg_auth) { - case SADB_AALG_MD5HMAC: - if (ratecheck(&md5warn, &ipsec_warn_interval)) - gone_in(13, "MD5-HMAC authenticator for IPsec"); - break; - case SADB_X_AALG_RIPEMD160HMAC: - if (ratecheck(&ripewarn, &ipsec_warn_interval)) - gone_in(13, "RIPEMD160-HMAC authenticator for IPsec"); - break; - case SADB_X_AALG_MD5: - if (ratecheck(&kpdkmd5warn, &ipsec_warn_interval)) - gone_in(13, "Keyed-MD5 authenticator for IPsec"); - break; - case SADB_X_AALG_SHA: - if (ratecheck(&kpdksha1warn, &ipsec_warn_interval)) - gone_in(13, "Keyed-SHA1 authenticator for IPsec"); - break; - } - /* * Verify the replay state block allocation is consistent with * the protocol type. We check here so we can make assumptions @@ -317,11 +297,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int sk ip->ip_tos = 0; ip->ip_ttl = 0; ip->ip_sum = 0; - - if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK) - ip->ip_off &= htons(IP_DF); - else - ip->ip_off = htons(0); + ip->ip_off = htons(0); ptr = mtod(m, unsigned char *); Modified: head/sys/netipsec/xform_esp.c ============================================================================== --- head/sys/netipsec/xform_esp.c Fri May 1 23:07:23 2020 (r360556) +++ head/sys/netipsec/xform_esp.c Sat May 2 00:06:58 2020 (r360557) @@ -94,8 +94,6 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_esp, IPSECCTL_STATS, st struct espstat, espstat, "ESP statistics (struct espstat, netipsec/esp_var.h"); -static struct timeval deswarn, blfwarn, castwarn, camelliawarn, tdeswarn; - static int esp_input_cb(struct cryptop *op); static int esp_output_cb(struct cryptop *crp); @@ -157,29 +155,6 @@ esp_init(struct secasvar *sav, struct xformsw *xsp) DPRINTF(("%s: 4-byte IV not supported with protocol\n", __func__)); return EINVAL; - } - - switch (sav->alg_enc) { - case SADB_EALG_DESCBC: - if (ratecheck(&deswarn, &ipsec_warn_interval)) - gone_in(13, "DES cipher for IPsec"); - break; - case SADB_EALG_3DESCBC: - if (ratecheck(&tdeswarn, &ipsec_warn_interval)) - gone_in(13, "3DES cipher for IPsec"); - break; - case SADB_X_EALG_BLOWFISHCBC: - if (ratecheck(&blfwarn, &ipsec_warn_interval)) - gone_in(13, "Blowfish cipher for IPsec"); - break; - case SADB_X_EALG_CAST128CBC: - if (ratecheck(&castwarn, &ipsec_warn_interval)) - gone_in(13, "CAST cipher for IPsec"); - break; - case SADB_X_EALG_CAMELLIACBC: - if (ratecheck(&camelliawarn, &ipsec_warn_interval)) - gone_in(13, "Camellia cipher for IPsec"); - break; } /* subtract off the salt, RFC4106, 8.1 and RFC3686, 5.1 */ Modified: head/usr.bin/netstat/ipsec.c ============================================================================== --- head/usr.bin/netstat/ipsec.c Fri May 1 23:07:23 2020 (r360556) +++ head/usr.bin/netstat/ipsec.c Sat May 2 00:06:58 2020 (r360557) @@ -123,15 +123,11 @@ struct val2str { static struct val2str ipsec_ahnames[] = { { SADB_AALG_NONE, "none", }, - { SADB_AALG_MD5HMAC, "hmac-md5", }, { SADB_AALG_SHA1HMAC, "hmac-sha1", }, - { SADB_X_AALG_MD5, "keyed-md5", }, - { SADB_X_AALG_SHA, "keyed-sha1", }, { SADB_X_AALG_NULL, "null", }, { SADB_X_AALG_SHA2_256, "hmac-sha2-256", }, { SADB_X_AALG_SHA2_384, "hmac-sha2-384", }, { SADB_X_AALG_SHA2_512, "hmac-sha2-512", }, - { SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", }, { SADB_X_AALG_AES_XCBC_MAC, "aes-xcbc-mac", }, { SADB_X_AALG_TCP_MD5, "tcp-md5", }, { SADB_X_AALG_AES128GMAC, "aes-gmac-128", }, @@ -142,13 +138,8 @@ static struct val2str ipsec_ahnames[] = { static struct val2str ipsec_espnames[] = { { SADB_EALG_NONE, "none", }, - { SADB_EALG_DESCBC, "des-cbc", }, - { SADB_EALG_3DESCBC, "3des-cbc", }, { SADB_EALG_NULL, "null", }, - { SADB_X_EALG_CAST128CBC, "cast128-cbc", }, - { SADB_X_EALG_BLOWFISHCBC, "blowfish-cbc", }, { SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc", }, - { SADB_X_EALG_CAMELLIACBC, "camellia-cbc", }, { SADB_X_EALG_AESCTR, "aes-ctr", }, { SADB_X_EALG_AESGCM16, "aes-gcm-16", }, { SADB_X_EALG_AESGMAC, "aes-gmac", },