diff -up crypto-policies/back-ends/libreswan.pl.libreswan-fix crypto-policies/back-ends/libreswan.pl --- crypto-policies/back-ends/libreswan.pl.libreswan-fix 2018-12-17 17:01:44.000000000 +0100 +++ crypto-policies/back-ends/libreswan.pl 2019-02-18 10:34:57.525777928 +0100 @@ -26,7 +26,9 @@ sub append { my %group_map = ( 'X448' => '', - 'X25519' => '', #dh31 - not in f28 + 'X25519' => '', +# Disabled for now as it cannot be prioritized over others +# 'X25519' => 'dh31', 'SECP256R1' => 'dh19', 'SECP384R1' => 'dh20', 'SECP521R1' => 'dh21', @@ -38,31 +40,42 @@ my %group_map = ( 'FFDHE-8192' => 'dh18' ); +my %cipher_map = ( + 'AES-256-CBC' => 'aes256', + 'AES-128-CBC' => 'aes128', + 'AES-256-GCM' => 'aes_gcm256', + 'AES-128-GCM' => 'aes_gcm128', + 'CHACHA20-POLY1305' => 'chacha20_poly1305', +# Unused for IKEv2 +# '3DES-CBC' => '3des', +); + my %cipher_prf_map = ( - 'AES-256-CBC-HMAC-SHA2-512' => 'aes256-sha2_512', - 'AES-256-CBC-HMAC-SHA2-256' => 'aes256-sha2_256', - 'AES-128-CBC-HMAC-SHA2-256' => 'aes128-sha2_256', - 'AES-256-CBC-HMAC-SHA1' => 'aes256-sha1', - 'AES-128-CBC-HMAC-SHA1' => 'aes128-sha1', - 'AES-256-GCM-HMAC-SHA2-512' => 'aes_gcm256-sha2_512', - 'AES-256-GCM-HMAC-SHA2-256' => 'aes_gcm256-sha2_256', - 'AES-128-GCM-HMAC-SHA2-512' => 'aes_gcm128-sha2_512', - 'AES-128-GCM-HMAC-SHA2-256' => 'aes_gcm128-sha2_256', - 'CHACHA20-POLY1305-HMAC-SHA2-512' => 'chacha20_poly1305-sha2_512', - 'CHACHA20-POLY1305-HMAC-SHA2-256' => 'chacha20_poly1305-sha2_256', - '3DES-CBC-HMAC-SHA1' => '3des-sha1', + 'AES-256-CBC-HMAC-SHA2-512' => 'sha2_512', + 'AES-256-CBC-HMAC-SHA2-256' => 'sha2_256', + 'AES-128-CBC-HMAC-SHA2-256' => 'sha2_256', +# Not needed for IKEv2 +# 'AES-256-CBC-HMAC-SHA1' => 'sha1', +# 'AES-128-CBC-HMAC-SHA1' => 'sha1', + 'AES-256-GCM-HMAC-SHA2-512' => 'sha2_512', + 'AES-256-GCM-HMAC-SHA2-256' => 'sha2_256', + 'AES-128-GCM-HMAC-SHA2-512' => 'sha2_512', + 'AES-128-GCM-HMAC-SHA2-256' => 'sha2_256', + 'CHACHA20-POLY1305-HMAC-SHA2-512' => 'sha2_512', + 'CHACHA20-POLY1305-HMAC-SHA2-256' => 'sha2_256', +# '3DES-CBC-HMAC-SHA1' => 'sha1', ); my %cipher_mac_map = ( - 'AES-256-CBC-HMAC-SHA2-512' => 'aes256-sha2_512', - 'AES-256-CBC-HMAC-SHA2-256' => 'aes256-sha2_256', - 'AES-128-CBC-HMAC-SHA2-256' => 'aes128-sha2_256', - 'AES-256-CBC-HMAC-SHA1' => 'aes256-sha1', - 'AES-128-CBC-HMAC-SHA1' => 'aes128-sha1', - 'AES-256-GCM-AEAD' => 'aes_gcm256', - 'AES-128-GCM-AEAD' => 'aes_gcm128', - 'CHACHA20-POLY1305-AEAD' => 'chacha20_poly1305', - '3DES-CBC-HMAC-SHA1' => '3des-sha1', + 'AES-256-CBC-HMAC-SHA2-512' => 'sha2_512', + 'AES-256-CBC-HMAC-SHA2-256' => 'sha2_256', + 'AES-128-CBC-HMAC-SHA2-256' => 'sha2_256', + 'AES-256-CBC-HMAC-SHA1' => 'sha1', + 'AES-128-CBC-HMAC-SHA1' => 'sha1', + 'AES-256-GCM-AEAD' => '', + 'AES-128-GCM-AEAD' => '', + 'CHACHA20-POLY1305-AEAD' => '', +# '3DES-CBC-HMAC-SHA1' => '3des-sha1', ); my %protocol_map = ( @@ -147,35 +160,52 @@ sub generate_temp_policy() { $tmp = ''; my $cipher; + my $cm; my $group; my $mac; + my $mm; my $combo; %mac_prio_map = %mac_ike_prio_map; my @sorted_mac_list = sort compare @mac_list; - foreach (@group_list) { - $group = $group_map{$_}; - if (!defined($group) || $group eq '') { + + foreach (@cipher_list) { + $cipher = $_; + $cm = $cipher_map{$cipher}; + if (!defined($cm)) { +# print STDERR "libreswan: unknown cipher: $cipher\n"; next; } + $combo = $cm."-"; + foreach (@sorted_mac_list) { + $mac = $_; - foreach (@cipher_list) { - $cipher = $_; - foreach (@sorted_mac_list) { - $mac = $_; - - my $cm=$cipher."-".$mac; - $combo = $cipher_prf_map{$cm}; - - if (!defined($combo)) { -# print STDERR "libreswan: unknown combo: $cipher-$mac\n"; - next; - } + $mm = $cipher_prf_map{$cipher."-".$mac}; - append("${combo};${group}", \$tmp); + if (!defined($mm)) { +# print STDERR "libreswan: unknown combo: $cipher-$mac\n"; + next; } + + $combo = $combo.$mm."+"; } + + my $lastc = substr($combo, -1); + if ($lastc eq "-") { + next; + } + # Replace the last + with - + substr($combo, -1) = "-"; + foreach (@group_list) { + $group = $group_map{$_}; + if (!defined($group) || $group eq '') { + next; + } + $combo = $combo.$group."+"; + } + substr($combo, -1) = ''; + append("${combo}", \$tmp); } if ($tmp ne '') { @@ -189,20 +219,35 @@ sub generate_temp_policy() { $tmp = ''; foreach (@cipher_list) { $cipher = $_; + $cm = $cipher_map{$cipher}; + if (!defined($cm)) { +# print STDERR "libreswan: unknown cipher: $cipher\n"; + next; + } + $combo = $cm."-"; foreach (@sorted_mac_list) { $mac = $_; - my $cm=$cipher."-".$mac; - $combo = $cipher_mac_map{$cm}; + $mm = $cipher_mac_map{$cipher."-".$mac}; - if (!defined($combo)) { + if (!defined($mm)) { next; } - if ($tmp !~ $combo) { - append("${combo}", \$tmp); + if ($mm eq '') { + # Special handling for AEAD + substr($combo, -1) = '+'; + } else { + $combo = $combo.$mm."+"; } } + + my $lastc = substr($combo, -1); + if ($lastc eq "-") { + next; + } + substr($combo, -1) = ''; + append("${combo}", \$tmp); } if ($tmp ne '') { diff -up crypto-policies/tests/outputs/DEFAULT-libreswan.txt.libreswan-fix crypto-policies/tests/outputs/DEFAULT-libreswan.txt --- crypto-policies/tests/outputs/DEFAULT-libreswan.txt.libreswan-fix 2018-12-17 17:01:44.000000000 +0100 +++ crypto-policies/tests/outputs/DEFAULT-libreswan.txt 2019-02-18 10:34:57.526777910 +0100 @@ -1,5 +1,5 @@ conn %default ikev2=insist pfs=yes - ike=aes_gcm256-sha2_512;dh19,aes_gcm256-sha2_256;dh19,chacha20_poly1305-sha2_512;dh19,chacha20_poly1305-sha2_256;dh19,aes256-sha2_512;dh19,aes256-sha2_256;dh19,aes256-sha1;dh19,aes_gcm128-sha2_512;dh19,aes_gcm128-sha2_256;dh19,aes128-sha2_256;dh19,aes128-sha1;dh19,aes_gcm256-sha2_512;dh20,aes_gcm256-sha2_256;dh20,chacha20_poly1305-sha2_512;dh20,chacha20_poly1305-sha2_256;dh20,aes256-sha2_512;dh20,aes256-sha2_256;dh20,aes256-sha1;dh20,aes_gcm128-sha2_512;dh20,aes_gcm128-sha2_256;dh20,aes128-sha2_256;dh20,aes128-sha1;dh20,aes_gcm256-sha2_512;dh21,aes_gcm256-sha2_256;dh21,chacha20_poly1305-sha2_512;dh21,chacha20_poly1305-sha2_256;dh21,aes256-sha2_512;dh21,aes256-sha2_256;dh21,aes256-sha1;dh21,aes_gcm128-sha2_512;dh21,aes_gcm128-sha2_256;dh21,aes128-sha2_256;dh21,aes128-sha1;dh21,aes_gcm256-sha2_512;dh14,aes_gcm256-sha2_256;dh14,chacha20_poly1305-sha2_512;dh14,chacha20_poly1305-sha2_256;dh14,aes256-sha2_512;dh14,aes256-sha2_256;dh14,aes256-sha1;dh14,aes_gcm128-sha2_512;dh14,aes_gcm128-sha2_256;dh14,aes128-sha2_256;dh14,aes128-sha1;dh14,aes_gcm256-sha2_512;dh15,aes_gcm256-sha2_256;dh15,chacha20_poly1305-sha2_512;dh15,chacha20_poly1305-sha2_256;dh15,aes256-sha2_512;dh15,aes256-sha2_256;dh15,aes256-sha1;dh15,aes_gcm128-sha2_512;dh15,aes_gcm128-sha2_256;dh15,aes128-sha2_256;dh15,aes128-sha1;dh15,aes_gcm256-sha2_512;dh16,aes_gcm256-sha2_256;dh16,chacha20_poly1305-sha2_512;dh16,chacha20_poly1305-sha2_256;dh16,aes256-sha2_512;dh16,aes256-sha2_256;dh16,aes256-sha1;dh16,aes_gcm128-sha2_512;dh16,aes_gcm128-sha2_256;dh16,aes128-sha2_256;dh16,aes128-sha1;dh16,aes_gcm256-sha2_512;dh18,aes_gcm256-sha2_256;dh18,chacha20_poly1305-sha2_512;dh18,chacha20_poly1305-sha2_256;dh18,aes256-sha2_512;dh18,aes256-sha2_256;dh18,aes256-sha1;dh18,aes_gcm128-sha2_512;dh18,aes_gcm128-sha2_256;dh18,aes128-sha2_256;dh18,aes128-sha1;dh18 - esp=aes_gcm256,chacha20_poly1305,aes256-sha2_512,aes256-sha1,aes256-sha2_256,aes_gcm128,aes128-sha1,aes128-sha2_256 + ike=aes_gcm256-sha2_512+sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18,chacha20_poly1305-sha2_512+sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18,aes256-sha2_512+sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18,aes_gcm128-sha2_512+sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18,aes128-sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18 + esp=aes_gcm256,chacha20_poly1305,aes256-sha2_512+sha1+sha2_256,aes_gcm128,aes128-sha1+sha2_256 diff -up crypto-policies/tests/outputs/FIPS-libreswan.txt.libreswan-fix crypto-policies/tests/outputs/FIPS-libreswan.txt --- crypto-policies/tests/outputs/FIPS-libreswan.txt.libreswan-fix 2018-12-17 17:01:44.000000000 +0100 +++ crypto-policies/tests/outputs/FIPS-libreswan.txt 2019-02-18 10:34:57.526777910 +0100 @@ -1,5 +1,5 @@ conn %default ikev2=insist pfs=yes - ike=aes_gcm256-sha2_512;dh19,aes_gcm256-sha2_256;dh19,aes256-sha2_512;dh19,aes256-sha2_256;dh19,aes256-sha1;dh19,aes_gcm128-sha2_512;dh19,aes_gcm128-sha2_256;dh19,aes128-sha2_256;dh19,aes128-sha1;dh19,aes_gcm256-sha2_512;dh20,aes_gcm256-sha2_256;dh20,aes256-sha2_512;dh20,aes256-sha2_256;dh20,aes256-sha1;dh20,aes_gcm128-sha2_512;dh20,aes_gcm128-sha2_256;dh20,aes128-sha2_256;dh20,aes128-sha1;dh20,aes_gcm256-sha2_512;dh21,aes_gcm256-sha2_256;dh21,aes256-sha2_512;dh21,aes256-sha2_256;dh21,aes256-sha1;dh21,aes_gcm128-sha2_512;dh21,aes_gcm128-sha2_256;dh21,aes128-sha2_256;dh21,aes128-sha1;dh21,aes_gcm256-sha2_512;dh14,aes_gcm256-sha2_256;dh14,aes256-sha2_512;dh14,aes256-sha2_256;dh14,aes256-sha1;dh14,aes_gcm128-sha2_512;dh14,aes_gcm128-sha2_256;dh14,aes128-sha2_256;dh14,aes128-sha1;dh14,aes_gcm256-sha2_512;dh15,aes_gcm256-sha2_256;dh15,aes256-sha2_512;dh15,aes256-sha2_256;dh15,aes256-sha1;dh15,aes_gcm128-sha2_512;dh15,aes_gcm128-sha2_256;dh15,aes128-sha2_256;dh15,aes128-sha1;dh15,aes_gcm256-sha2_512;dh16,aes_gcm256-sha2_256;dh16,aes256-sha2_512;dh16,aes256-sha2_256;dh16,aes256-sha1;dh16,aes_gcm128-sha2_512;dh16,aes_gcm128-sha2_256;dh16,aes128-sha2_256;dh16,aes128-sha1;dh16,aes_gcm256-sha2_512;dh18,aes_gcm256-sha2_256;dh18,aes256-sha2_512;dh18,aes256-sha2_256;dh18,aes256-sha1;dh18,aes_gcm128-sha2_512;dh18,aes_gcm128-sha2_256;dh18,aes128-sha2_256;dh18,aes128-sha1;dh18 - esp=aes_gcm256,aes256-sha2_512,aes256-sha1,aes256-sha2_256,aes_gcm128,aes128-sha1,aes128-sha2_256 + ike=aes_gcm256-sha2_512+sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18,aes256-sha2_512+sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18,aes_gcm128-sha2_512+sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18,aes128-sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18 + esp=aes_gcm256,aes256-sha2_512+sha1+sha2_256,aes_gcm128,aes128-sha1+sha2_256 diff -up crypto-policies/tests/outputs/FUTURE-libreswan.txt.libreswan-fix crypto-policies/tests/outputs/FUTURE-libreswan.txt --- crypto-policies/tests/outputs/FUTURE-libreswan.txt.libreswan-fix 2018-12-17 17:01:44.000000000 +0100 +++ crypto-policies/tests/outputs/FUTURE-libreswan.txt 2019-02-18 10:34:57.527777893 +0100 @@ -1,5 +1,5 @@ conn %default ikev2=insist pfs=yes - ike=aes_gcm256-sha2_512;dh19,aes_gcm256-sha2_256;dh19,chacha20_poly1305-sha2_512;dh19,chacha20_poly1305-sha2_256;dh19,aes256-sha2_512;dh19,aes256-sha2_256;dh19,aes_gcm256-sha2_512;dh20,aes_gcm256-sha2_256;dh20,chacha20_poly1305-sha2_512;dh20,chacha20_poly1305-sha2_256;dh20,aes256-sha2_512;dh20,aes256-sha2_256;dh20,aes_gcm256-sha2_512;dh21,aes_gcm256-sha2_256;dh21,chacha20_poly1305-sha2_512;dh21,chacha20_poly1305-sha2_256;dh21,aes256-sha2_512;dh21,aes256-sha2_256;dh21,aes_gcm256-sha2_512;dh15,aes_gcm256-sha2_256;dh15,chacha20_poly1305-sha2_512;dh15,chacha20_poly1305-sha2_256;dh15,aes256-sha2_512;dh15,aes256-sha2_256;dh15,aes_gcm256-sha2_512;dh16,aes_gcm256-sha2_256;dh16,chacha20_poly1305-sha2_512;dh16,chacha20_poly1305-sha2_256;dh16,aes256-sha2_512;dh16,aes256-sha2_256;dh16,aes_gcm256-sha2_512;dh18,aes_gcm256-sha2_256;dh18,chacha20_poly1305-sha2_512;dh18,chacha20_poly1305-sha2_256;dh18,aes256-sha2_512;dh18,aes256-sha2_256;dh18 - esp=aes_gcm256,chacha20_poly1305,aes256-sha2_512,aes256-sha2_256 + ike=aes_gcm256-sha2_512+sha2_256-dh19+dh20+dh21+dh15+dh16+dh18,chacha20_poly1305-sha2_512+sha2_256-dh19+dh20+dh21+dh15+dh16+dh18,aes256-sha2_512+sha2_256-dh19+dh20+dh21+dh15+dh16+dh18 + esp=aes_gcm256,chacha20_poly1305,aes256-sha2_512+sha2_256 diff -up crypto-policies/tests/outputs/LEGACY-libreswan.txt.libreswan-fix crypto-policies/tests/outputs/LEGACY-libreswan.txt --- crypto-policies/tests/outputs/LEGACY-libreswan.txt.libreswan-fix 2018-12-17 17:01:44.000000000 +0100 +++ crypto-policies/tests/outputs/LEGACY-libreswan.txt 2019-02-18 10:34:57.527777893 +0100 @@ -1,5 +1,5 @@ conn %default ikev2=insist pfs=yes - ike=aes_gcm256-sha2_512;dh19,aes_gcm256-sha2_256;dh19,chacha20_poly1305-sha2_512;dh19,chacha20_poly1305-sha2_256;dh19,aes256-sha2_512;dh19,aes256-sha2_256;dh19,aes256-sha1;dh19,aes_gcm128-sha2_512;dh19,aes_gcm128-sha2_256;dh19,aes128-sha2_256;dh19,aes128-sha1;dh19,3des-sha1;dh19,aes_gcm256-sha2_512;dh20,aes_gcm256-sha2_256;dh20,chacha20_poly1305-sha2_512;dh20,chacha20_poly1305-sha2_256;dh20,aes256-sha2_512;dh20,aes256-sha2_256;dh20,aes256-sha1;dh20,aes_gcm128-sha2_512;dh20,aes_gcm128-sha2_256;dh20,aes128-sha2_256;dh20,aes128-sha1;dh20,3des-sha1;dh20,aes_gcm256-sha2_512;dh21,aes_gcm256-sha2_256;dh21,chacha20_poly1305-sha2_512;dh21,chacha20_poly1305-sha2_256;dh21,aes256-sha2_512;dh21,aes256-sha2_256;dh21,aes256-sha1;dh21,aes_gcm128-sha2_512;dh21,aes_gcm128-sha2_256;dh21,aes128-sha2_256;dh21,aes128-sha1;dh21,3des-sha1;dh21,aes_gcm256-sha2_512;dh5,aes_gcm256-sha2_256;dh5,chacha20_poly1305-sha2_512;dh5,chacha20_poly1305-sha2_256;dh5,aes256-sha2_512;dh5,aes256-sha2_256;dh5,aes256-sha1;dh5,aes_gcm128-sha2_512;dh5,aes_gcm128-sha2_256;dh5,aes128-sha2_256;dh5,aes128-sha1;dh5,3des-sha1;dh5,aes_gcm256-sha2_512;dh14,aes_gcm256-sha2_256;dh14,chacha20_poly1305-sha2_512;dh14,chacha20_poly1305-sha2_256;dh14,aes256-sha2_512;dh14,aes256-sha2_256;dh14,aes256-sha1;dh14,aes_gcm128-sha2_512;dh14,aes_gcm128-sha2_256;dh14,aes128-sha2_256;dh14,aes128-sha1;dh14,3des-sha1;dh14,aes_gcm256-sha2_512;dh15,aes_gcm256-sha2_256;dh15,chacha20_poly1305-sha2_512;dh15,chacha20_poly1305-sha2_256;dh15,aes256-sha2_512;dh15,aes256-sha2_256;dh15,aes256-sha1;dh15,aes_gcm128-sha2_512;dh15,aes_gcm128-sha2_256;dh15,aes128-sha2_256;dh15,aes128-sha1;dh15,3des-sha1;dh15,aes_gcm256-sha2_512;dh16,aes_gcm256-sha2_256;dh16,chacha20_poly1305-sha2_512;dh16,chacha20_poly1305-sha2_256;dh16,aes256-sha2_512;dh16,aes256-sha2_256;dh16,aes256-sha1;dh16,aes_gcm128-sha2_512;dh16,aes_gcm128-sha2_256;dh16,aes128-sha2_256;dh16,aes128-sha1;dh16,3des-sha1;dh16,aes_gcm256-sha2_512;dh18,aes_gcm256-sha2_256;dh18,chacha20_poly1305-sha2_512;dh18,chacha20_poly1305-sha2_256;dh18,aes256-sha2_512;dh18,aes256-sha2_256;dh18,aes256-sha1;dh18,aes_gcm128-sha2_512;dh18,aes_gcm128-sha2_256;dh18,aes128-sha2_256;dh18,aes128-sha1;dh18,3des-sha1;dh18 - esp=aes_gcm256,chacha20_poly1305,aes256-sha2_512,aes256-sha1,aes256-sha2_256,aes_gcm128,aes128-sha1,aes128-sha2_256,3des-sha1 + ike=aes_gcm256-sha2_512+sha2_256-dh19+dh20+dh21+dh5+dh14+dh15+dh16+dh18,chacha20_poly1305-sha2_512+sha2_256-dh19+dh20+dh21+dh5+dh14+dh15+dh16+dh18,aes256-sha2_512+sha2_256-dh19+dh20+dh21+dh5+dh14+dh15+dh16+dh18,aes_gcm128-sha2_512+sha2_256-dh19+dh20+dh21+dh5+dh14+dh15+dh16+dh18,aes128-sha2_256-dh19+dh20+dh21+dh5+dh14+dh15+dh16+dh18 + esp=aes_gcm256,chacha20_poly1305,aes256-sha2_512+sha1+sha2_256,aes_gcm128,aes128-sha1+sha2_256