https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites
IKEv1 Cipher Suites
The keywords listed below can be used with the ike and esp directives in ipsec.conf or the proposals settings in swanctl.conf to define cipher suites.
IANA provides lists of algorithm identifiers for IKEv1 and mp-registry" class="external" style="color: rgb(138, 0, 32); text-decoration-line: none; overflow-wrap: break-word; background-position: 0% 60%; background-repeat: no-repeat; padding-left: 12px; background-image: url("../images/external.png"); font-weight: bold;">IPsec.
Encryption Algorithms
| Keyword | Description | IANA | IKE | ESP | Built-in Plugins | Deprecated |
|---|---|---|---|---|---|---|
| null | Null encryption | 11 | k | |||
| aes128 or aes | 128 bit AES-CBC | 7 | x o g a | k | aes | |
| aes192 | 192 bit AES-CBC | x o g a | k | aes | ||
| aes256 | 256 bit AES-CBC | x o g a | k | aes | ||
| aes128ctr | 128 bit AES-COUNTER | 13 | k | |||
| aes192ctr | 192 bit AES-COUNTER | k | ||||
| aes256ctr | 256 bit AES-COUNTER | k | ||||
| aes128ccm8 or aes128ccm64 | 128 bit AES-CCM with 64 bit ICV | 14 | k | |||
| aes192ccm8 or aes192ccm64 | 192 bit AES-CCM with 64 bit ICV | k | ||||
| aes256ccm8 or aes256ccm64 | 256 bit AES-CCM with 64 bit ICV | k | ||||
| aes128ccm12 or aes128ccm96 | 128 bit AES-CCM with 96 bit ICV | 15 | k | |||
| aes192ccm12 or aes192ccm96 | 192 bit AES-CCM with 96 bit ICV | k | ||||
| aes256ccm12 or aes256ccm96 | 256 bit AES-CCM with 96 bit ICV | k | ||||
| aes128ccm16 or aes128ccm128 | 128 bit AES-CCM with 128 bit ICV | 16 | k | |||
| aes192ccm16 or aes192ccm128 | 192 bit AES-CCM with 128 bit ICV | k | ||||
| aes256ccm16 or aes256ccm128 | 256 bit AES-CCM with 128 bit ICV | k | ||||
| aes128gcm8 or aes128gcm64 | 128 bit AES-GCM with 64 bit ICV | 18 | k | |||
| aes192gcm8 or aes192gcm64 | 192 bit AES-GCM with 64 bit ICV | k | ||||
| aes256gcm8 or aes256gcm64 | 256 bit AES-GCM with 64 bit ICV | k | ||||
| aes128gcm12 or aes128gcm96 | 128 bit AES-GCM with 96 bit ICV | 19 | k | |||
| aes192gcm12 or aes192gcm96 | 192 bit AES-GCM with 96 bit ICV | k | ||||
| aes256gcm12 or aes256gcm96 | 256 bit AES-GCM with 96 bit ICV | k | ||||
| aes128gcm16 or aes128gcm128 | 128 bit AES-GCM with 128 bit ICV | 20 | k | |||
| aes192gcm16 or aes192gcm128 | 192 bit AES-GCM with 128 bit ICV | k | ||||
| aes256gcm16 or aes256gcm128 | 256 bit AES-GCM with 128 bit ICV | k | ||||
| aes128gmac | Null encryption with 128 bit AES-GMAC | 23 | k | |||
| aes192gmac | Null encryption with 192 bit AES-GMAC | k | ||||
| aes256gmac | Null encryption with 256 bit AES-GMAC | k | ||||
| 3des | 168 bit 3DES-EDE-CBC | 5 | x o g a | k | des | s |
| blowfish128 or blowfish | 128 bit Blowfish-CBC | 3 | x o g a | k | blowfish | s |
| blowfish192 | 192 bit Blowfish-CBC | x o a | k | blowfish | s | |
| blowfish256 | 256 bit Blowfish-CBC | x o a | k | blowfish | s | |
| camellia128 or camellia | 128 bit Camellia-CBC | 8 | k | |||
| camellia192 | 192 bit Camellia-CBC | k | ||||
| camellia256 | 256 bit Camellia-CBC | k | ||||
| serpent128 or serpent | 128 bit Serpent-CBC | 252 | g a | k | ||
| serpent192 | 192 bit Serpent-CBC | g a | k | |||
| serpent256 | 256 bit Serpent-CBC | g a | k | |||
| twofish128 or twofish | 128 bit Twofish-CBC | 253 | g a | k | ||
| twofish192 | 192 bit Twofish-CBC | a | k | |||
| twofish256 | 256 bit Twofish-CBC | g a | k | |||
| IKE support | ||||||
| x default built-in crypto plugin(s) (see separate column) o OpenSSL crypto library (openssl plugin) g Gcrypt crypto library (gcrypt plugin) a AF_ALG userland crypto API for Linux 2.6.38 kernel or newer (af-alg plugin) | ||||||
| ESP support | ||||||
| k Linux 2.6+ kernel | ||||||
| Deprecated | ||||||
| s broken by SWEET32 | ||||||
Integrity Algorithms
| Keyword | Description | IANA | IKE | ESP/AH | Length | Built-in Plugins |
|---|---|---|---|---|---|---|
| md5 | MD5 HMAC | 1 | x o a | k | 96 bit | md5, hmac |
| sha1 or sha | SHA1 HMAC | 2 | x o a | k | 96 bit | sha1, hmac |
| sha256 or sha2_256 | SHA2_256_128 HMAC | 5 | x o a | n | 128 bit | sha2, hmac |
| sha384 or sha2_384 | SHA2_384_192 HMAC | 6 | x o a | k | 192 bit | sha2, hmac |
| sha512 or sha2_512 | SHA2_512_256 HMAC | 7 | x o a | k | 256 bit | sha2, hmac |
| aesxcbc | AES XCBC | 9 | k | 96 bit | ||
| aes128gmac | 128-bit AES-GMAC | 11 | q | 128 bit | ||
| aes192gmac | 192-bit AES-GMAC | 12 | q | 128 bit | ||
| aes256gmac | 256-bit AES-GMAC | 13 | q | 128 bit | ||
| IKE support | ||||||
| x default built-in crypto plugin(s) (see separate column) o OpenSSL crypto library (openssl plugin) a AF_ALG userland crypto API for Linux 2.6.38 kernel or newer (af-alg plugin) It's also possible to use the hash implementations provided by the gcrypt or openssl plugin together with the hmac plugin. | ||||||
| ESP/AH support | ||||||
| k Linux 2.6+ kernel q for AH, AES-GMAC is negotiated as encryption algorithm for ESP n before version 2.6.33 the Linux kernel incorrectly used 96 bit truncation for SHA-256 | ||||||
Diffie Hellman Groups
| Keyword | DH Group | Modulus | Subgroup | IKE | Deprecated |
|---|---|---|---|---|---|
| Regular Groups | |||||
| modp768 | 1 | 768 bits | m o g | l | |
| modp1024 | 2 | 1024 bits | m o g | l | |
| modp1536 | 5 | 1536 bits | m o g | l | |
| modp2048 | 14 | 2048 bits | m o g | ||
| modp3072 | 15 | 3072 bits | m o g | ||
| modp4096 | 16 | 4096 bits | m o g | ||
| modp6144 | 17 | 6144 bits | m o g | ||
| modp8192 | 18 | 8192 bits | m o g | ||
| Modulo Prime Groups with Prime Order Subgroup | |||||
| modp1024s160 | 22 | 1024 bits | 160 bits | m o g | x |
| modp2048s224 | 23 | 2048 bits | 224 bits | m o g | x |
| modp2048s256 | 24 | 2048 bits | 256 bits | m o g | x |
| NIST Elliptic Curve Groups | |||||
| ecp192 | 25 | 192 bits | o | w | |
| ecp224 | 26 | 224 bits | o | ||
| ecp256 | 19 | 256 bits | o | ||
| ecp384 | 20 | 384 bits | o | ||
| ecp521 | 21 | 521 bits | o | ||
| Brainpool Elliptic Curve Groups | |||||
| ecp224bp | 27 | 224 bits | o | ||
| ecp256bp | 28 | 256 bits | o | ||
| ecp384bp | 29 | 384 bits | o | ||
| ecp512bp | 30 | 512 bits | o | ||
| Elliptic Curve 25519 - only standardized for IKEv2 but also supported for IKEv1 by strongSwan | |||||
| curve25519 or x25519 | 31 | 256 bits | c | ||
| IKE support | |||||
| c curve25519 plugin m GMP multi-precision library (gmp plugin) o OpenSSL crypto library (openssl plugin) g Gcrypt crypto library (gcrypt plugin) | |||||
| Deprecated | |||||
| x questionable source of the primes. Potentially trapdoored (https://eprint.iacr.org/2016/961). l broken by LogJam w less than 112 bit security strength | |||||
Post-Quantum Key Exchange using NTRU Encryption
| Keyword | DH Group | Strength | IKE |
| ntru112 | 1030 | 112 bits | n |
| ntru128 | 1031 | 128 bits | n |
| ntru192 | 1032 | 192 bits | n |
| ntru256 | 1033 | 256 bits | n |
| IKE support | |||
| n ntru plugin (includes ntru-crypto library) | |||
Post-Quantum Key Exchange using NewHope
| Keyword | DH Group | Strength | IKE |
|---|---|---|---|
| newhope128 | 1040 | 128 bits | n |
| IKE support | |||
| n newhope plugin | |||
Since the Diffie-Hellman Group Transform IDs 1030..1033 and 1040 selected by the strongSwan project to designate the four NTRU key exchange strengths and the NewHope key exchange algorithm, respectively, were taken from the private-use range, the strongSwan vendor ID must be sent by the charon daemon. This can be enabled by the following statement in /etc/strongswan.conf:
支付宝微信扫一扫,打赏作者吧~本文链接:https://www.kinber.cn/post/4888.html 转载需授权!
推荐本站淘宝优惠价购买喜欢的宝贝:
您阅读本篇文章共花了: 