From patchwork Mon Feb  3 20:50:11 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Tremer <michael.tremer@ipfire.org>
X-Patchwork-Id: 8455
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature RSA-PSS (4096 bits))
	(Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4YmzCf2w6pz3xGD
	for <patchwork@web04.haj.ipfire.org>; Mon,  3 Feb 2025 20:50:22 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits)
	 client-signature ECDSA (secp384r1))
	(Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4YmzCb2k52z4nR;
	Mon,  3 Feb 2025 20:50:19 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4YmzCb2FsQz32gD;
	Mon,  3 Feb 2025 20:50:19 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature RSA-PSS (4096 bits))
	(Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4YmzCX0lFNz334r
	for <development@lists.ipfire.org>; Mon,  3 Feb 2025 20:50:16 +0000 (UTC)
Received: from michael.haj.ipfire.org (michael.haj.ipfire.org [172.28.1.242])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256
	 client-signature ECDSA (secp384r1) client-digest SHA384)
	(Client CN "michael.haj.ipfire.org", Issuer "E5" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4YmzCW4MK8z4jk;
	Mon,  3 Feb 2025 20:50:15 +0000 (UTC)
Received: by michael.haj.ipfire.org (Postfix, from userid 0)
	id 4YmzCW3KGLzTj7X; Mon,  3 Feb 2025 20:50:15 +0000 (UTC)
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 1/2] vpnmain.cgi: Add support for key exchange using ML-KEM
Date: Mon,  3 Feb 2025 20:50:11 +0000
Message-Id: <20250203205012.3773819-1-michael.tremer@ipfire.org>
X-Mailer: git-send-email 2.39.5
MIME-Version: 1.0
Message-ID-Hash: 4KZD3CAD4P6GNOKI3OOX7RXIWUJSP5CT
X-Message-ID-Hash: 4KZD3CAD4P6GNOKI3OOX7RXIWUJSP5CT
X-MailFrom: root@michael.haj.ipfire.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: Michael Tremer <michael.tremer@ipfire.org>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
Archived-At: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/message/4KZD3CAD4P6GNOKI3OOX7RXIWUJSP5CT/>
List-Archive: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Owner: <mailto:development-owner@lists.ipfire.org>
List-Post: <mailto:development@lists.ipfire.org>
List-Subscribe: <mailto:development-join@lists.ipfire.org>
List-Unsubscribe: <mailto:development-leave@lists.ipfire.org>

There are enabled by default, because I don't see any reason why we
should not offer this.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 html/cgi-bin/vpnmain.cgi | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 3541aaa29..05376e029 100755
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -2384,11 +2384,11 @@ END
 	#use default advanced value
 	$cgiparams{'IKE_ENCRYPTION'}	= 'chacha20poly1305|aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[18];
 	$cgiparams{'IKE_INTEGRITY'}		= 'sha2_512|sha2_256'; #[19];
-	$cgiparams{'IKE_GROUPTYPE'}             = 'curve448|curve25519|e521|e384|4096|3072'; #[20];
+	$cgiparams{'IKE_GROUPTYPE'}             = 'mlkem1024|mlkem768|mlkem512|curve448|curve25519|e521|e384|4096|3072'; #[20];
 	$cgiparams{'IKE_LIFETIME'}		= '3'; #[16];
 	$cgiparams{'ESP_ENCRYPTION'}	= 'chacha20poly1305|aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[21];
 	$cgiparams{'ESP_INTEGRITY'}		= 'sha2_512|sha2_256'; #[22];
-	$cgiparams{'ESP_GROUPTYPE'}             = 'curve448|curve25519|e521|e384|4096|3072'; #[23];
+	$cgiparams{'ESP_GROUPTYPE'}             = 'mlkem1024|mlkem768|mlkem512|curve448|curve25519|e521|e384|4096|3072'; #[23];
 	$cgiparams{'ESP_KEYLIFE'}		= '1'; #[17];
 	$cgiparams{'COMPRESSION'}		= 'off'; #[13];
 	$cgiparams{'ONLY_PROPOSED'}		= 'on'; #[24];
@@ -2769,7 +2769,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 			goto ADVANCED_ERROR;
 		}
 		foreach my $val (@temp) {
-			if ($val !~ /^(curve448|curve25519|e521|e384|e256|e224|e192|e512bp|e384bp|e256bp|e224bp|768|1024|1536|2048|3072|4096|6144|8192)$/) {
+			if ($val !~ /^(mlkem(1024|768|512)|curve448|curve25519|e521|e384|e256|e224|e192|e512bp|e384bp|e256bp|e224bp|768|1024|1536|2048|3072|4096|6144|8192)$/) {
 				$errormessage = $Lang::tr{'invalid input'};
 				goto ADVANCED_ERROR;
 			}
@@ -2810,7 +2810,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 			goto ADVANCED_ERROR;
 		}
 		foreach my $val (@temp) {
-			if ($val !~ /^(curve448|curve25519|e521|e384|e256|e224|e192|e512bp|e384bp|e256bp|e224bp|768|1024|1536|2048|3072|4096|6144|8192|none)$/) {
+			if ($val !~ /^(mlkem(1024|768|512)|curve448|curve25519|e521|e384|e256|e224|e192|e512bp|e384bp|e256bp|e224bp|768|1024|1536|2048|3072|4096|6144|8192|none)$/) {
 				$errormessage = $Lang::tr{'invalid input'};
 				goto ADVANCED_ERROR;
 			}
@@ -2950,6 +2950,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	$checked{'IKE_INTEGRITY'}{'aesxcbc'} = '';
 	@temp = split('\|', $cgiparams{'IKE_INTEGRITY'});
 	foreach my $key (@temp) {$checked{'IKE_INTEGRITY'}{$key} = "selected='selected'"; }
+	$checked{'IKE_GROUPTYPE'}{'mlkem1024'} = '';
+	$checked{'IKE_GROUPTYPE'}{'mlkem768'} = '';
+	$checked{'IKE_GROUPTYPE'}{'mlkem512'} = '';
 	$checked{'IKE_GROUPTYPE'}{'curve448'} = '';
 	$checked{'IKE_GROUPTYPE'}{'curve25519'} = '';
 	$checked{'IKE_GROUPTYPE'}{'768'} = '';
@@ -2990,6 +2993,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	$checked{'ESP_INTEGRITY'}{'aesxcbc'} = '';
 	@temp = split('\|', $cgiparams{'ESP_INTEGRITY'});
 	foreach my $key (@temp) {$checked{'ESP_INTEGRITY'}{$key} = "selected='selected'"; }
+	$checked{'ESP_GROUPTYPE'}{'mlkem1024'} = '';
+	$checked{'ESP_GROUPTYPE'}{'mlkem768'} = '';
+	$checked{'ESP_GROUPTYPE'}{'mlkem512'} = '';
 	$checked{'ESP_GROUPTYPE'}{'curve448'} = '';
 	$checked{'ESP_GROUPTYPE'}{'curve25519'} = '';
 	$checked{'ESP_GROUPTYPE'}{'768'} = '';
@@ -3155,6 +3161,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 			<td class='boldbase' width="15%">$Lang::tr{'grouptype'}</td>
 			<td class='boldbase'>
 				<select name='IKE_GROUPTYPE' multiple='multiple' size='6' style='width: 100%'>
+					<option value='mlkem1024' $checked{'IKE_GROUPTYPE'}{'mlkem1024'}>ML-KEM 1024 (256 bit)</option>
+					<option value='mlkem768' $checked{'IKE_GROUPTYPE'}{'mlkem768'}>ML-KEM 768 (192 bit)</option>
+					<option value='mlkem512' $checked{'IKE_GROUPTYPE'}{'mlkem512'}>ML-KEM 512 (128 bit)</option>
 					<option value='curve448' $checked{'IKE_GROUPTYPE'}{'curve448'}>Curve 448 (224 bit)</option>
 					<option value='curve25519' $checked{'IKE_GROUPTYPE'}{'curve25519'}>Curve 25519 (128 bit)</option>
 					<option value='e521' $checked{'IKE_GROUPTYPE'}{'e521'}>ECP-521 (NIST)</option>
@@ -3178,6 +3187,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 			</td>
 			<td class='boldbase'>
 				<select name='ESP_GROUPTYPE' multiple='multiple' size='6' style='width: 100%'>
+					<option value='mlkem1024' $checked{'ESP_GROUPTYPE'}{'mlkem1024'}>ML-KEM 1024 (256 bit)</option>
+					<option value='mlkem768' $checked{'ESP_GROUPTYPE'}{'mlkem768'}>ML-KEM 768 (192 bit)</option>
+					<option value='mlkem512' $checked{'ESP_GROUPTYPE'}{'mlkem512'}>ML-KEM 512 (128 bit)</option>
 					<option value='curve448' $checked{'ESP_GROUPTYPE'}{'curve448'}>Curve 448 (224 bit)</option>
 					<option value='curve25519' $checked{'ESP_GROUPTYPE'}{'curve25519'}>Curve 25519 (128 bit)</option>
 					<option value='e521' $checked{'ESP_GROUPTYPE'}{'e521'}>ECP-521 (NIST)</option>
@@ -3755,7 +3767,9 @@ sub make_algos($$$$$) {
 				if ($mode eq "ike") {
 					push(@algo, $int);
 
-					if ($grp =~ m/^e(.*)$/) {
+					if ($grp =~ m/^mlkem(\d+)$/) {
+						push(@algo, "$grp");
+					} elsif ($grp =~ m/^e(.*)$/) {
 						push(@algo, "ecp$1");
 					} elsif ($grp =~ m/curve(448|25519)/) {
 						push(@algo, "$grp");
@@ -3772,6 +3786,8 @@ sub make_algos($$$$$) {
 
 					if (!$pfs || $grp eq "none") {
 						# noop
+					} elsif ($grp =~ m/^mlkem(\d+)$/) {
+						push(@algo, "$grp");
 					} elsif ($grp =~ m/^e(.*)$/) {
 						push(@algo, "ecp$1");
 					} elsif ($grp =~ m/curve(448|25519)/) {

From patchwork Mon Feb  3 20:50:12 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Tremer <michael.tremer@ipfire.org>
X-Patchwork-Id: 8454
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4YmzCd5T0Qz3wmg
	for <patchwork@web04.haj.ipfire.org>; Mon,  3 Feb 2025 20:50:21 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256
	 client-signature ECDSA (secp384r1) client-digest SHA384)
	(Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4YmzCZ27sxz4jk;
	Mon,  3 Feb 2025 20:50:18 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4YmzCZ0gfBz3483;
	Mon,  3 Feb 2025 20:50:18 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4YmzCX0Ps8z2xLv
	for <development@lists.ipfire.org>; Mon,  3 Feb 2025 20:50:16 +0000 (UTC)
Received: from michael.haj.ipfire.org (michael.haj.ipfire.org [172.28.1.242])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256
	 client-signature ECDSA (secp384r1) client-digest SHA384)
	(Client CN "michael.haj.ipfire.org", Issuer "E5" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4YmzCW5dQ1z4mb;
	Mon,  3 Feb 2025 20:50:15 +0000 (UTC)
Received: by michael.haj.ipfire.org (Postfix, from userid 0)
	id 4YmzCW3RDwzTgyj; Mon,  3 Feb 2025 20:50:15 +0000 (UTC)
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 2/2] vpnmain.cgi: Reduce the number of offered ciphers
Date: Mon,  3 Feb 2025 20:50:12 +0000
Message-Id: <20250203205012.3773819-2-michael.tremer@ipfire.org>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20250203205012.3773819-1-michael.tremer@ipfire.org>
References: <20250203205012.3773819-1-michael.tremer@ipfire.org>
MIME-Version: 1.0
Message-ID-Hash: AQLKCEDOAXOZVYBRNUI7CZSSTA7QWJXX
X-Message-ID-Hash: AQLKCEDOAXOZVYBRNUI7CZSSTA7QWJXX
X-MailFrom: root@michael.haj.ipfire.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: Michael Tremer <michael.tremer@ipfire.org>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
Archived-At: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/message/AQLKCEDOAXOZVYBRNUI7CZSSTA7QWJXX/>
List-Archive: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Owner: <mailto:development-owner@lists.ipfire.org>
List-Post: <mailto:development@lists.ipfire.org>
List-Subscribe: <mailto:development-join@lists.ipfire.org>
List-Unsubscribe: <mailto:development-leave@lists.ipfire.org>

For new connections, we will now configure fewer ciphers by default. I
currently do not see any reason why we should support so many different
versions of AES-GCM and AES-128 by default.

The defaults should provide high security as well as decent
compatibility to solutions from other vendors.

I am currently not sure whether ChaCha20-Poly1305 should remain as
default as AES should usually outperform it by far. We can assume that
most hardware has support for AES-NI.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 html/cgi-bin/vpnmain.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 05376e029..a1d0f0e2a 100755
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -2382,11 +2382,11 @@ END
 	$cgiparams{'REMOTE_ID'} = '';
 
 	#use default advanced value
-	$cgiparams{'IKE_ENCRYPTION'}	= 'chacha20poly1305|aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[18];
+	$cgiparams{'IKE_ENCRYPTION'}		= 'chacha20poly1305|aes256gcm128|aes256'; #[18];
 	$cgiparams{'IKE_INTEGRITY'}		= 'sha2_512|sha2_256'; #[19];
 	$cgiparams{'IKE_GROUPTYPE'}             = 'mlkem1024|mlkem768|mlkem512|curve448|curve25519|e521|e384|4096|3072'; #[20];
 	$cgiparams{'IKE_LIFETIME'}		= '3'; #[16];
-	$cgiparams{'ESP_ENCRYPTION'}	= 'chacha20poly1305|aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[21];
+	$cgiparams{'ESP_ENCRYPTION'}		= 'chacha20poly1305|aes256gcm128|aes256'; #[21];
 	$cgiparams{'ESP_INTEGRITY'}		= 'sha2_512|sha2_256'; #[22];
 	$cgiparams{'ESP_GROUPTYPE'}             = 'mlkem1024|mlkem768|mlkem512|curve448|curve25519|e521|e384|4096|3072'; #[23];
 	$cgiparams{'ESP_KEYLIFE'}		= '1'; #[17];