-.\" $OpenBSD: iked.conf.5,v 1.87 2021/10/26 17:31:22 tobhe Exp $
+.\" $OpenBSD: iked.conf.5,v 1.88 2021/11/04 03:53:57 yasuoka Exp $
.\"
.\" Copyright (c) 2010 - 2014 Reyk Floeter <reyk@openbsd.org>
.\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved.
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: October 26 2021 $
+.Dd $Mdocdate: November 4 2021 $
.Dt IKED.CONF 5
.Os
.Sh NAME
3DES requires 24 bytes to form its 168-bit key.
This is because the most significant bit of each byte is used for parity.
.Pp
-The keysize of AES-CTR is actually 128-bit.
+The keysize of AES-CTR can be 128, 192, or 256 bits.
However as well as the key, a 32-bit nonce has to be supplied.
-Thus 160 bits of key material have to be supplied.
+Thus 160, 224, or 288 bits of key material, respectively, have to be supplied.
The same applies to AES-GCM, AES-GMAC and Chacha20-Poly1305,
however in the latter case the keysize is 256 bit.
.Pp
-.\" $OpenBSD: ipsec.conf.5,v 1.160 2021/10/22 12:30:54 bluhm Exp $
+.\" $OpenBSD: ipsec.conf.5,v 1.161 2021/11/04 03:53:57 yasuoka Exp $
.\"
.\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved.
.\"
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: October 22 2021 $
+.Dd $Mdocdate: November 4 2021 $
.Dt IPSEC.CONF 5
.Os
.Sh NAME
The following cipher types are permitted with the
.Ic enc
keyword:
-.Bl -column "aes-128-gmac" "Key Length" "Description" -offset indent
+.Bl -column "chacha20-poly1305" "128-256 bits" "Description" -offset indent
.It Em "Cipher" Ta Em "Key Length" Ta ""
.It Li 3des Ta "168 bits" Ta ""
-.It Li aes Ta "128 bits" Ta ""
+.It Li aes Ta "128-256 bits" Ta ""
.It Li aes-128 Ta "128 bits" Ta ""
.It Li aes-192 Ta "192 bits" Ta ""
.It Li aes-256 Ta "256 bits" Ta ""
.It Li aes-128-gcm Ta "160 bits" Ta "[phase 2 only, IKE only]"
.It Li aes-192-gcm Ta "224 bits" Ta "[phase 2 only, IKE only]"
.It Li aes-256-gcm Ta "288 bits" Ta "[phase 2 only, IKE only]"
+.It Li blowfish Ta "160 bits" Ta ""
+.It Li cast128 Ta "128 bits" Ta ""
+.It Li chacha20-poly1305 Ta "288 bits" Ta ""
+.El
+.Pp
+The following cipher types provide only authentication, not encryption:
+.Bl -column "chacha20-poly1305" "128-256 bits" "Description" -offset indent
.It Li aes-128-gmac Ta "160 bits" Ta "[phase 2 only, IKE only]"
.It Li aes-192-gmac Ta "224 bits" Ta "[phase 2 only, IKE only]"
.It Li aes-256-gmac Ta "288 bits" Ta "[phase 2 only, IKE only]"
-.It Li blowfish Ta "160 bits" Ta ""
-.It Li cast Ta "128 bits" Ta ""
.It Li null Ta "(none)" Ta "[phase 2 only]"
.El
.Pp
+Transforms followed by
+.Bq IKE only
+can only be used with the
+.Ic ike
+keyword, transforms with
+.Bq phase 2 only
+can only be used with the
+.Ic quick
+keyword.
+.Pp
3DES requires 24 bytes to form its 168-bit key.
This is because the most significant bit of each byte is used for parity.
.Pp
The keysize of AES-CTR can be 128, 192, or 256 bits.
However as well as the key, a 32-bit nonce has to be supplied.
Thus 160, 224, or 288 bits of key material, respectively, have to be supplied.
-The same applies to AES-GCM and AES-GMAC.
+The same applies to AES-GCM, AES-GMAC and Chacha20-Poly1305,
+however in the latter case the keysize is 256 bit.
.Pp
Using AES-GMAC or NULL with ESP will only provide authentication.
This is useful in setups where AH cannot be used, e.g. when NAT is involved.
projects / openbsd / commitdiff