From patchwork Mon May 26 18:27:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 8796 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4b5klF2lQVz3wmb for ; Mon, 26 May 2025 18:27:37 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4b5klF0vyyz6X6 for ; Mon, 26 May 2025 18:27:37 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4b5klF0B9qz32TZ for ; Mon, 26 May 2025 18:27:37 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4b5klB0ssVz2xnJ for ; Mon, 26 May 2025 18:27:34 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4b5kl85NJWzrD for ; Mon, 26 May 2025 18:27:32 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1748284053; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=TKl3yb+ox9vwo2VGIWkfkqvhJZfqk9OLPOIvwBCk4Qc=; b=3UDinMKZW3kdYfBMdg0K6O2A6Dxc6qJUuaDa/MaCLf4luVk0FSZc1U5UvXZg82o968NJs0 qmhRwf0cI1C+beBw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1748284053; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=TKl3yb+ox9vwo2VGIWkfkqvhJZfqk9OLPOIvwBCk4Qc=; b=uM6agtcRvlwcroZhz0NdaCr+yfnt8r1S3Pq7jdh38svssj6Tu2yTDzFAUER/khJnU7BNQ3 UHo+DePhtHmPJevfBnLMXKnq41R3wg6knxLnoAIcBpDgu/91OUv/EXbfrWFk7H+gPwn1XT OKKdf7rX3GA0WexiEebvg3FlmRcNMq0Xe4dTGnpAF/rZbYfKDO/FQMC/QXDq2l2+JeLG2R CZx/QL7hw/rHmj4atDv/n4Ya2DB4ozf0Astmy1SnpA03R1/GeXVtFW9YgZJIMB7sJbU9mZ GfbPa3ot6feW6hwOTzvSTgbhRqqRtsY9HvDmli+9d1SqqHrL03wBD4mqsEwG4w== Message-ID: <3d399f8b-3f71-4ca4-beaa-88c7c4ecbaf7@ipfire.org> Date: Mon, 26 May 2025 18:27:00 +0000 Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 To: "IPFire: Development" From: =?utf-8?q?Peter_M=C3=BCller?= Subject: [PATCH v2 1/2] vpnmain.cgi: Use ML-KEM only as a hybrid with Curve 25519 In commit 887778e0888d51eb9942ae310a43f6d2813efad3, the post-quantum key exchange algorithm ML-KEM was introduced, due to its support being added in strongSwan 6.0. However, using PQC key exchanges is commonly recommended only in conjunction with a traditional one, to avoid encrypted traffic becoming subject to trivial decryption in case a PQC algorithm proves weak, broken, or backdoored. OpenSSH, for instance, combines ML-KEM 768 with Curve 25519 (mlkem768x25519-sha256), rather than using ML-KEM alone. This patch changes the cipher suites offered for IPsec connections to always use ML-KEM as a hybrid with Curve 25519. This is possible due to strongSwan 6.0 having added support for IKE intermediary key exchanges (RFC 9370); see https://docs.strongswan.org/docs/latest/config/proposals.html#_key_exchange_methods for additional information. We can reasonably assume an IPsec peer supporting ML-KEM will also support Curve 25519, as this has been around for much longer, and is used quite commonly. Even if this is not the case, or if the IPsec peer does not implement RFC 9370, any IPsec connection using our default cipher selection will fall back to Curve 448, Curve 25519, or other, hence continue working. IPsec connections already created will need their ciphers to be changed once during the Core Update routine where this patch will be incorporated. Tested-by: Peter Müller Signed-off-by: Peter Müller --- html/cgi-bin/vpnmain.cgi | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 4f81fecdf..154b94033 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -2374,11 +2374,11 @@ END #use default advanced value $cgiparams{'IKE_ENCRYPTION'} = 'chacha20poly1305|aes256gcm128|aes256'; #[18]; $cgiparams{'IKE_INTEGRITY'} = 'sha2_512|sha2_256'; #[19]; - $cgiparams{'IKE_GROUPTYPE'} = 'mlkem1024|mlkem768|mlkem512|curve448|curve25519|e521|e384|4096|3072'; #[20]; + $cgiparams{'IKE_GROUPTYPE'} = 'x25519-ke1_mlkem1024|x25519-ke1_mlkem768|x25519-ke1_mlkem512|curve448|curve25519|e521|e384|4096|3072'; #[20]; $cgiparams{'IKE_LIFETIME'} = '3'; #[16]; $cgiparams{'ESP_ENCRYPTION'} = 'chacha20poly1305|aes256gcm128|aes256'; #[21]; $cgiparams{'ESP_INTEGRITY'} = 'sha2_512|sha2_256'; #[22]; - $cgiparams{'ESP_GROUPTYPE'} = 'mlkem1024|mlkem768|mlkem512|curve448|curve25519|e521|e384|4096|3072'; #[23]; + $cgiparams{'ESP_GROUPTYPE'} = 'x25519-ke1_mlkem1024|x25519-ke1_mlkem768|x25519-ke1_mlkem512|curve448|curve25519|e521|e384|4096|3072'; #[23]; $cgiparams{'ESP_KEYLIFE'} = '1'; #[17]; $cgiparams{'COMPRESSION'} = 'off'; #[13]; $cgiparams{'ONLY_PROPOSED'} = 'on'; #[24]; @@ -2759,7 +2759,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || goto ADVANCED_ERROR; } foreach my $val (@temp) { - if ($val !~ /^(mlkem(1024|768|512)|curve448|curve25519|e521|e384|e256|e224|e192|e512bp|e384bp|e256bp|e224bp|768|1024|1536|2048|3072|4096|6144|8192)$/) { + if ($val !~ /^(x25519-ke1_mlkem(1024|768|512)|curve448|curve25519|e521|e384|e256|e224|e192|e512bp|e384bp|e256bp|e224bp|768|1024|1536|2048|3072|4096|6144|8192)$/) { $errormessage = $Lang::tr{'invalid input'}; goto ADVANCED_ERROR; } @@ -2800,7 +2800,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || goto ADVANCED_ERROR; } foreach my $val (@temp) { - if ($val !~ /^(mlkem(1024|768|512)|curve448|curve25519|e521|e384|e256|e224|e192|e512bp|e384bp|e256bp|e224bp|768|1024|1536|2048|3072|4096|6144|8192|none)$/) { + if ($val !~ /^(x25519-ke1_mlkem(1024|768|512)|curve448|curve25519|e521|e384|e256|e224|e192|e512bp|e384bp|e256bp|e224bp|768|1024|1536|2048|3072|4096|6144|8192|none)$/) { $errormessage = $Lang::tr{'invalid input'}; goto ADVANCED_ERROR; } @@ -2940,9 +2940,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $checked{'IKE_INTEGRITY'}{'aesxcbc'} = ''; @temp = split('\|', $cgiparams{'IKE_INTEGRITY'}); foreach my $key (@temp) {$checked{'IKE_INTEGRITY'}{$key} = "selected='selected'"; } - $checked{'IKE_GROUPTYPE'}{'mlkem1024'} = ''; - $checked{'IKE_GROUPTYPE'}{'mlkem768'} = ''; - $checked{'IKE_GROUPTYPE'}{'mlkem512'} = ''; + $checked{'IKE_GROUPTYPE'}{'x25519-ke1_mlkem1024'} = ''; + $checked{'IKE_GROUPTYPE'}{'x25519-ke1_mlkem768'} = ''; + $checked{'IKE_GROUPTYPE'}{'x25519-ke1_mlkem512'} = ''; $checked{'IKE_GROUPTYPE'}{'curve448'} = ''; $checked{'IKE_GROUPTYPE'}{'curve25519'} = ''; $checked{'IKE_GROUPTYPE'}{'768'} = ''; @@ -2983,9 +2983,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $checked{'ESP_INTEGRITY'}{'aesxcbc'} = ''; @temp = split('\|', $cgiparams{'ESP_INTEGRITY'}); foreach my $key (@temp) {$checked{'ESP_INTEGRITY'}{$key} = "selected='selected'"; } - $checked{'ESP_GROUPTYPE'}{'mlkem1024'} = ''; - $checked{'ESP_GROUPTYPE'}{'mlkem768'} = ''; - $checked{'ESP_GROUPTYPE'}{'mlkem512'} = ''; + $checked{'ESP_GROUPTYPE'}{'x25519-ke1_mlkem1024'} = ''; + $checked{'ESP_GROUPTYPE'}{'x25519-ke1_mlkem768'} = ''; + $checked{'ESP_GROUPTYPE'}{'x25519-ke1_mlkem512'} = ''; $checked{'ESP_GROUPTYPE'}{'curve448'} = ''; $checked{'ESP_GROUPTYPE'}{'curve25519'} = ''; $checked{'ESP_GROUPTYPE'}{'768'} = ''; @@ -3151,9 +3151,9 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $Lang::tr{'grouptype'} - - - + + + @@ -3757,7 +3757,7 @@ sub make_algos($$$$$) { if ($mode eq "ike") { push(@algo, $int); - if ($grp =~ m/^mlkem(\d+)$/) { + if ($grp =~ m/^x25519-ke1_mlkem(\d+)$/) { push(@algo, "$grp"); } elsif ($grp =~ m/^e(.*)$/) { push(@algo, "ecp$1"); @@ -3776,7 +3776,7 @@ sub make_algos($$$$$) { if (!$pfs || $grp eq "none") { # noop - } elsif ($grp =~ m/^mlkem(\d+)$/) { + } elsif ($grp =~ m/^x25519-ke1_mlkem(\d+)$/) { push(@algo, "$grp"); } elsif ($grp =~ m/^e(.*)$/) { push(@algo, "ecp$1"); From patchwork Mon May 26 18:28:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 8797 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4b5kmn4twKz3wmb for ; Mon, 26 May 2025 18:28:57 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4b5kmn49YLz5Kx for ; Mon, 26 May 2025 18:28:57 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4b5kmn3TVmz32TZ for ; Mon, 26 May 2025 18:28:57 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4b5kmk4BMLz2xnJ for ; Mon, 26 May 2025 18:28:54 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4b5kmj4n48zrD for ; Mon, 26 May 2025 18:28:53 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1748284134; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+Qk3ngRivOlCALaDHI7CioLNYTccV5bycyWVqSfaIp4=; b=fY5dqHa1sLV7pnfby9iUtTLcVtqCMMlINYwyC8kde8EcNioqaFDWvbKkHzbfgLYR5myOZ/ GkmDmzNjYGyN4CAw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1748284134; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+Qk3ngRivOlCALaDHI7CioLNYTccV5bycyWVqSfaIp4=; b=mqCdTRDXQi23Ezh6Z4bgB8i8ptSiH7l1JQcfOlqT0QCV96qjXNAA9vYxOJatbByy81db2p 9ASp3Kp/gu8S8liuHbLs0udhKqE4aYaX/iBnXRtjsMAr7H0rIGT4UrmAEPbxDkT/2RZDQQ M6aRRjL9bdVVNYdJBFwn0f8OoAdzS9oGpOa3ZZ1G7gYTEiUXKvAAvSc3mgd031eQUZExrK k6Y/6CWYhjD8LroiIyroIYbTsUXZ5PEY8nRxSpBkpPOiC/+cicBlB/yxrhCCUxx5xwmCHE ajGzLZrtLFmTQz1BTGiMFRrAW9zL0miI7hexSoz3JFOjaTCBpKKGd/ADmk9LEQ== Message-ID: Date: Mon, 26 May 2025 18:28:00 +0000 Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Subject: [PATCH v2 2/2] Core Update 196: Adjust existing IPsec connections using ML-KEM From: =?utf-8?q?Peter_M=C3=BCller?= To: "IPFire: Development" References: <3d399f8b-3f71-4ca4-beaa-88c7c4ecbaf7@ipfire.org> In-Reply-To: <3d399f8b-3f71-4ca4-beaa-88c7c4ecbaf7@ipfire.org> This causes existing IPsec connections using ML-KEM to always use it in conjunction with Curve 25519, in line with the changes dfa7cd2bbac3c746569368d70fefaf1ff4e1fed2 implements for newly configured IPsec connections. Again, we can reasonably assume an IPsec peer supporting ML-KEM also supports Curve 25519. In case such a peer does not support RFC 9370, and the IPsec connection was created using our default ciphers, it will fall back to Curve 448, Curve 25519, or any other traditional algorithm. This patch will break existing IPsec connections only if they are exclusively using ML-KEM (which means the IPFire user reconfigured them manually using the "advanced connection settings" section in the WebUI), and the IPsec peer is configured in the same manner, and/or is an IPFire machine not yet updated to Core Update 196. Any other IPFire-to-IPFire IPsec connection will continue working, potentially falling back to Curve 448 or 25519 until both peers are updated to Core Update 196, after which ML-KEM in conjunction with Curve 25519 will be used again. The second version of this patch modifies IPFire's own configuration file for IPsec connections, rather than applying these changes directly to /etc/ipsec.conf, where they would have been overwritten by the next WebUI change. Signed-off-by: Peter Müller --- config/rootfiles/core/196/update.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/config/rootfiles/core/196/update.sh b/config/rootfiles/core/196/update.sh index 0138fabcf..b8f92322f 100644 --- a/config/rootfiles/core/196/update.sh +++ b/config/rootfiles/core/196/update.sh @@ -32,6 +32,7 @@ for (( i=1; i<=$core; i++ )); do done # Stop services +/etc/rc.d/init.d/ipsec stop # Remove files rm -rfv \ @@ -65,7 +66,17 @@ esac # Apply SSH configuration #/usr/local/bin/sshctrl +# Change IPsec configuration of existing connections using ML-KEM +# to always make use of hybrid key exchange in conjunction with Curve 25519. +sed -i -e "s@mlkem@x25519-ke1_mlkem@g" /var/ipfire/vpn/config + +# Apply changes to ipsec.conf +/srv/web/ipfire/cgi-bin/vpnmain.cgi + # Start services +if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then + /etc/rc.d/init.d/ipsec start +fi # This update needs a reboot... #touch /var/run/need_reboot