From: YASUOKA Masahiko <yasuoka@yasuoka.net>
Subject: Re: modp1024 in isakmpd
To: sashan@fastmail.net
Cc: tech@openbsd.org
Date: Thu, 22 Aug 2024 19:42:53 +0900

Sorry, let me correct,

On Thu, 22 Aug 2024 19:39:59 +0900 (JST)
YASUOKA Masahiko <yasuoka@openbsd.org> wrote:
> Hi,
> 
> On Mon, 19 Aug 2024 15:32:52 +0200
> Alexandr Nedvedicky <sashan@fastmail.net> wrote:
>> Hello,
>> 
>> I've just noticed there is a slight difference between iked and isakmpd.
>> isakmpd does not allow modp1024 when I use this in my ipsec.conf:
>> 
>> ike dynamic esp transport proto udp from egress to l2tpd.endpoint port l2tp \
>>         main auth "hmac-sha" enc "3des" group "modp1024" \
>>         quick auth "hmac-sha" enc "3des" group none \
>>         psk j3ym8RWVICaoUhrfy5OdbYVkz4aZ5l
>> 
>> when I try to do ipsec -vf ipsec.conf the isakmpd rewards me with
>> message as follows:
>> 
>>     Aug 18 22:25:45 lifty isakmpd[38350]: attribute_unacceptable: \
>> 	GROUP_DESCRIPTION: got MODP_1024, expected MODP_2048
> 
> I can't repeat the problem.  I suppose the log message shows that the peer sent SA with modp1024, but isakmpd configured modp2048 for Phase-1.
> So, I think it is not matched with what you report.
> 
>> with tweak below I'm able to initiate transport to l2tpd.endpoind
>> 
>> What's interesting iked is happy with selection hmac-sha-3des-modp1024.
>> 
>> What I'd like to check here if we should make behavior of isakmpd same as iked
>> in this respect.
>> 
>> IPsec is not my department.
>> 
>> thanks and
>> regards
>> sashan
>> 
>> --------8<---------------8<---------------8<------------------8<--------
>> diff --git a/sbin/isakmpd/ipsec.c b/sbin/isakmpd/ipsec.c
>> index 14bc6c45770..6248128e2e0 100644
>> --- a/sbin/isakmpd/ipsec.c
>> +++ b/sbin/isakmpd/ipsec.c
>> @@ -1296,7 +1296,7 @@ ipsec_is_attribute_incompatible(u_int16_t type, u_int8_t *value, u_int16_t len,
>>  		case IKE_ATTR_GROUP_DESCRIPTION:
>>  			return (dv < IKE_GROUP_DESC_MODP_768 ||
>>  			    dv > IKE_GROUP_DESC_MODP_1536) &&
>> -			    (dv < IKE_GROUP_DESC_MODP_2048 ||
>> +			    (dv < IKE_GROUP_DESC_MODP_1024 ||
>>  			    dv > IKE_GROUP_DESC_ECP_521) &&
>>  			    (dv < IKE_GROUP_DESC_ECP_192 ||
>>  			    dv > IKE_GROUP_DESC_BP_512);
>> 
>> 
> 
> It's hard to check this conditions, but the original seems correct.
> 
> In ipsec_num.cst:
> 
> 154 # IKE group description.
> 155 IKE_GROUP_DESC
> 156   MODP_768                              1
> 157   MODP_1024                             2
> 158   EC2N_155                              3
> 159   EC2N_185                              4
> 160   MODP_1536                             5
> 161   EC2N_163sect                          6
> 162   EC2N_163K                             7
> 163   EC2N_283sect                          8
> 164   EC2N_283K                             9
> 165   EC2N_409sect                          10
> 166   EC2N_409K                             11
> 167   EC2N_571sect                          12
> 168   EC2N_571K                             13
> 169   MODP_2048                             14
> 170   MODP_3072                             15
> 171   MODP_4096                             16
> 172   MODP_6144                             17
> 
> See dh.c also, isakmpd supports EC2N_{155,185} but it doesn't support
> other EC2Ns.  So we want to skip (MODP_1056 < dv &&) dv < MODP_2048.
                                    ^^^^^^^^^
should be "MODP_1536".