From: Martin Willi Date: Tue, 8 May 2018 13:06:33 +0000 (+0200) Subject: proposal: Add a compat alg for ChaCha20Poly1305 with explicit key length X-Git-Tag: 5.6.3dr2~3 X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=c58434aeff04feea4a7a92b4cc54b8b0b111923d;p=thirdparty%2Fstrongswan.git proposal: Add a compat alg for ChaCha20Poly1305 with explicit key length The keylength fix for ChaCha20Poly1305 (5a7b0be2) removes the keylength attribute from the AEAD transform. This breaks compatibility between versions with the patch and those without. The ChaCha20Poly1305 AEAD won't match in proposals between such versions, and if no other algorithm is available, negotiating SAs fails. As a migration strategy, this patch introduces a new string identifier for a ChaCha20Poly1305 proposal keyword which uses the explicit keylength, exactly as it was used before the mentioned patch. Administrators that care about the use of that AEAD with old clients can temporarily add this keyword to the list of proposals, until all clients have been upgraded. The used approach is the least invasive, as it just adds an additional keyword that can't do any harm if not explicitly configured. Nontheless allows it the administrator to smoothly keep ChaCha20Poly1305 working, even if upgrading all peers simultaneously is not an option. It requires manual configuration edits, though, but we assume that ChaCha20Poly1305 is not that widely used, and not as the only transform in proposals. Removing the compat keyword in a future version is an option; it might be helpful for other implementations, though, that falsely use an explicit key length in ChaCha20Poly1305 AEAD transforms. --- diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt index 77dea333a4..1e636e897b 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt @@ -79,6 +79,7 @@ aes128gmac, ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128 aes192gmac, ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192 aes256gmac, ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256 chacha20poly1305, ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 0 +chacha20poly1305compat, ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 256 blowfish, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128 blowfish128, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128 blowfish192, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192