Project

General

Profile

Feature #9309

Allow manual selection of IPsec IKE Pseudo-Random Function (PRF)

Added by Florian K. over 1 year ago. Updated 9 months ago.

Status:
Resolved
Priority:
Normal
Category:
IPsec
Target version:
Start date:
02/07/2019
Due date:
% Done:

0%

Estimated time:

Description

If you want to use AES-GCM, you don't need an integrity algorithm, but you do need a pseudo random function.

See https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites :

If combined-mode (AEAD) ciphers are proposed there won't be any integrity algorithms from which to derive PRFs, so in such a proposal PRF algorithms have to be configured explicitly.

Also, please see the comment of Joel Schulze regarding phase one proposals in https://wiki.strongswan.org/issues/2808

Problem: When I configure a "Phase 1 Proposal (Encryption Algorithm)" of
- Algorithm: AES256-GCM
- Keylength: 128 bits
- Hash: SHA256
- DH-Group: 21

Then, the line `ike = aes256gcm128-sha256-ecp521!` will be created in ipsec.conf.
However, the correct value would be `ike = aes256gcm128-prfsha256-ecp521!`
(Note that sha256 is a hash function and prfsha256 is a pseudo-random-function.)

Proposal:
- Rename the label of the dropdown "Hash" to "Hash/PRF" (the values of the dropdown can fortunately stay the same)
- When a AES-GCM algorithm is selected, interpret the value in this field as PRF and therefore add the correct value as described in
"Pseudo-random Functions" of https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites .
(Basically, use the same string, but with a "prf" prefix.)

Screenshot from 2019-11-09 14-58-03.png (125 KB) Screenshot from 2019-11-09 14-58-03.png WebGUI screenshot Viktor Gurov, 11/09/2019 06:00 AM

Associated revisions

Revision f5ddbec1 (diff)
Added by Viktor Gurov 9 months ago

Allow manual selection of IPsec IKE Pseudo-Random Function (PRF). Issue #9309

Revision ffcfddc6 (diff)
Added by Viktor Gurov 9 months ago

Fix IPsec issue if no PH2 hashes selected. Issue #9309

History

#1 Updated by Jim Pingle over 1 year ago

That's what AES-XCBC is for:

https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configuring-a-site-to-site-ipsec-vpn.html

This could be handled better, but the correct choice is documented.

#2 Updated by Florian K. over 1 year ago

Thanks Jim for pointing out the documentation - but the documentation does not match the implementation:

The documentation says:

When using AES-GCM, this is used solely as a PRF because AES-GCM already performs hashing internally.

That would be the correct behavior. However, pfSense behaves differently. As I wrote above, it does NOT use "prfsha256" (as it should and as it is documented). It uses "sha256" which is wrong (see the strongswan docs and the comment of Joel Schulze.)

Maybe AES-XCBC is a good choice - but if the client does not support it, it would be good to be able to use prfsha256 (or one of the other PRFs.)

#3 Updated by Jim Pingle about 1 year ago

  • Tracker changed from Bug to Feature
  • Subject changed from Configuration AES-GCM for IKEv2 phase 1 does not work to Allow manual selection of IPsec IKE Pseudo-Random Function (PRF)
  • Affected Version deleted (2.4.4_2)

Adding another selector to set the prf (with an option to automatically assume it based on Hash choice) seems best, but that's a new feature, not a bug.

#4 Updated by Viktor Gurov about 1 year ago

Jim Pingle wrote:

Adding another selector to set the prf (with an option to automatically assume it based on Hash choice) seems best, but that's a new feature, not a bug.

Without this feature, pfSense can't connect to host whose proposal PRF != Integrity.

IOS for example:

crypto ikev2 proposal PROP1
encryption aes-cbc-256
prf md5
integrity sha384
group 14

#5 Updated by Viktor Gurov about 1 year ago

Currently manual selection of PRF supported by:
Cisco IOS/IOS-XE/ASA, Huawei routers/firewalls and Google CloudVPN

Most of other vendors (CheckPoint, Palo Alto, Mikrotik, Sophos) doesn't support this feature

#8 Updated by Jim Pingle 12 months ago

  • Status changed from New to Pull Request Review

#9 Updated by Renato Botelho 9 months ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • Target version set to 2.5.0

Pull request has been merged. Thanks!

#10 Updated by Viktor Gurov 9 months ago

  • Status changed from Feedback to Resolved

works as expected on 2.5.0.a.20200207.2007

#11 Updated by Viktor Gurov 9 months ago

  • Status changed from Resolved to Feedback

If no IPsec PH2 hashes selected (i.e. AES-GCM) after pressing 'apply' you got:

Fatal error: Uncaught ArgumentCountError: Too few arguments to function ipsec_setup_proposal_algo(), 4 passed in /etc/inc/ipsec.inc on line 1922 and exactly 5 expected in /etc/inc/ipsec.inc:1862

see https://forum.netgate.com/topic/150353/ipsec-php-fatal-error-uncaught-argumentcounterror-too-few-arguments-to-function-ipsec_setup_proposal_algo-4-passed/2

This PR fix this issue:
https://github.com/pfsense/pfsense/pull/4188

#12 Updated by Renato Botelho 9 months ago

Viktor Gurov wrote:

If no IPsec PH2 hashes selected (i.e. AES-GCM) after pressing 'apply' you got:
[...]

see https://forum.netgate.com/topic/150353/ipsec-php-fatal-error-uncaught-argumentcounterror-too-few-arguments-to-function-ipsec_setup_proposal_algo-4-passed/2

This PR fix this issue:
https://github.com/pfsense/pfsense/pull/4188

PR merged. Thanks!

#13 Updated by Viktor Gurov 9 months ago

  • Status changed from Feedback to Resolved

works as expected on 2.5.0.a.20200211.1811

Also available in: Atom PDF