Project

General

Profile

Feature #9531

[IPSEC] Add additional curve-based DH Groups (31+)

Added by Jens Groh 5 months ago. Updated about 2 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
Start date:
05/17/2019
Due date:
% Done:

100%

Estimated time:

Description

DH Group 31/32 (incl. curve25519) variants are available in Strongswan and it would be nice to have them as additions to the DH Group dropdown.

Associated revisions

Revision 4fc26748 (diff)
Added by Jim Pingle 5 months ago

Add RFC 8031 Group 31 to IPsec. Implements #9531

Revision 3f45cc99 (diff)
Added by Jim Pingle 5 months ago

Add in DH 32, a patch for strongSwan will be in soon to test with. Issue #9531

History

#1 Updated by Jim Pingle 5 months ago

  • Status changed from New to In Progress
  • Assignee set to Jim Pingle
  • Target version set to 2.5.0

#2 Updated by Jim Pingle 5 months ago

Group 31 (curve25519) works. Group 32 (curve448) does not. Appears to be a strongSwan issue, I raised a bug report upstream: https://wiki.strongswan.org/issues/3064

Commit coming shortly which enables the curve25519 plugin and group 31.

#3 Updated by Jim Pingle 5 months ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100

#4 Updated by Jim Pingle 5 months ago

  • Status changed from Feedback to In Progress

That was quick. Fix is in upstream: https://wiki.strongswan.org/projects/strongswan/repository/revisions/97708f7ff7571a159ca9a3d03804ffc506469449/diff

Will test with that after 2.4.4-p3 ships and we have 2.5.0 snapshots going again.

#5 Updated by Jim Pingle 5 months ago

  • Status changed from In Progress to Feedback

Looks good on the current snapshot with group 31 and 32

#6 Updated by Jens Groh 5 months ago

Just curious: would the changeset be appliable to 2.4.4-p3 when released?

I have a current customer that would like to upgrade his IPSEC tunnel to curve 25519 so an appliable patch via System Patches would be fine as an interim solution ;)

#7 Updated by Jim Pingle 5 months ago

Jens Groh wrote:

Just curious: would the changeset be appliable to 2.4.4-p3 when released?

The first patch to add group 31 might, but the 32 would not since it requires a patch to strongSwan. I only tested on 2.5.0.

#8 Updated by Jens Groh 5 months ago

Jim Pingle wrote:

The first patch to add group 31 might, but the 32 would not since it requires a patch to strongSwan. I only tested on 2.5.0.

Not trying to add complexity to this. But a patch for DH31 capability I'd take for sure ;)

As german BSI recommends using elliptic curve ciphers like 25519-based, brainpool or secpxxxRy that would help against people using bad/old/unsafe cipher suites and settings (had to shout one down recently that tried to sneak a 3DES one in).

But really appreciate the fast response on that on in general! Thanks a lot!

#9 Updated by Jim Pingle 5 months ago

The first patch above, 4fc267484e604509b072b398642f19cb6797ef21, applies cleanly to 2.4.4-p2 and 2.4.4-p3 and adds only group 31. I didn't test it, but the libstrongswan curve25519 plugin is there, so it should work.

#10 Updated by Jens Groh 5 months ago

Alright will test within our lab setup and try it with the customer if that works. Will report back!

#11 Updated by Jens Groh 3 months ago

Just as feedback: we had the first two tunnels set up with EC25519 / DH31 as Phase1 (and in one case Phase2, too) and as of yet all is well an normal as expected. :)

#12 Updated by Jim Pingle about 2 months ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF