FreeBSD IPsec HMAC_SHA256-512 support fixed to be RFC4868 compliant



  • I thought this fix that is now part of FreeBSD 8.3 might be of interest to folks using IPsec, since pfsense 2.0.x is based on FreeBSD 8.1, whereas the upcoming 2.1 will be based on 8.3

    IPsec's HMAC_SHA256-512 support has been fixed to be RFC4868 compliant, and will now use half of hash for authentication. This will break interoperability with all stacks (including all actual FreeBSD versions) who implement draft-ietf-ipsec-ciph-sha-256-00 (they use 96 bits of hash for authentication).

    The only workaround with such peers is to use another HMAC algorithm for IPsec ("phase 2") authentication.

    Commit: http://lists.freebsd.org/pipermail/svn-src-head/2011-February/025040.html

    Comment: http://lists.freebsd.org/pipermail/freebsd-net/2011-January/027360.html


  • Rebel Alliance Developer Netgate

    Except that's for "sha2*" and most places are still using "sha" (sha1) so I'm not sure that'll impact us at all, though it may mean we can activate the higher sha* options then.

                         hash_algorithm algorithm;
                                 Defines the hash algorithm used for the phase 1
                                 negotiation.  This directive must be defined.
                                 algorithm is one of following: md5, sha1, sha256,
                                 sha384, sha512 for Oakley.
    (...)
                 authentication_algorithm algorithms;
                         des, 3des, des_iv64, des_iv32, hmac_md5, hmac_sha1,
                         hmac_sha256, hmac_sha384, hmac_sha512, non_auth (used
                         with ESP authentication and AH)
    
    

    Note that the ones we use are all sha1, not the sha256 and higher varieties.



  • Indeed.

    I first checked to see if the fix was among the 8.1/ patches at github, but since I couldn't find it there, my next thought was that if it breaks compatibility, it might deserve a mention in the 2.0.x -> 2.1 upgrade notes.

    But if higher sha* options weren't available from the webGUI afterall, then obviously the issue won't affect anyone using stock pfsense code.


  • Rebel Alliance Developer Netgate

    Yep. It may be worth a feature request in redmine to look into adding support for those to the GUI at some point though. Now that they are actually RFC compliant it may be useful to some people.


Log in to reply