Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 21 Mar 2021 12:42:18 +1100
From:      Dewayne Geraghty <dewayne@heuristicsystems.com.au>
To:        "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject:   IPSEC loosing camellia in IPSEC on FreeBSD13?
Message-ID:  <d9817733-7cd0-6b76-eaf8-5ea3c17bb8b3@heuristicsystems.com.au>

Next in thread | Raw E-Mail | Index | Archive | Help
For those that skim release notes,
https://www.freebsd.org/releases/13.0R/relnotes/
I noticed that FreeBSD13 drops from IPSEC:
- some integrity checks as well as blowfish, cast128, des, des3 & variants
AND
camellia. From my stable/12 "man setkey" this leaves ciphers: null,
aes-cbc, aes-ctr and aes-gcm16.

Apparently the reason is that it wasn't mentioned in RFC8221, while
section 1.2 states "As a result, any algorithm listed at the
   IPsec IANA registry that is not mentioned in this document MAY be
   implemented."
it goes on to explain what must not be used. (Camellia is not part of
that list)

Camellia does appear in the IANA registry

https://www.iana.org/assignments/isakmp-registry/isakmp-registry.xhtml#isakmp-registry-9

Can anyone help me to understand why camellia should be removed?  On a
purely number of rounds basis, camellia is better.  Both AES and
camellia use S boxes, camellia uses 18 rounds for 128b keys and 24
rounds on 192 and 256 bit keys, while commercial/public AES-128 uses 10
rounds and AES-256 14 rounds.

FreeBSD is better by having more choice of ciphers and somewhat ahead of
the pack (rfc4312 (Camellia use with ipsec)).

Ref: https://cgit.freebsd.org/src/commit/?id=16aabb761c0a

PS And yes I use IPSEC with camellia between FreeBSD boxes and I was
planning on upgrading some old internet facing systems. Twofish would be
better ;)



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?d9817733-7cd0-6b76-eaf8-5ea3c17bb8b3>