IKEv1 Cipher Suites » History » Version 13
Version 12 (Tobias Brunner, 28.02.2012 10:33) → Version 13/31 (Andreas Steffen, 25.11.2013 09:14)
h1. IKEv1 Cipher Suites
The keywords listed below can be used with the _ike_ and _esp_ directives in [[IpsecConf|ipsec.conf]] to define cipher suites.
h2. Encryption Algorithms
|Keyword |Description |IKE |ESP |
|*null* |Null encryption | |=.k |
|*aes128* or *aes* |128 bit AES-CBC |x o g a|=.k |
|*aes192* |192 bit AES-CBC |x o g a|=.k |
|*aes256* |256 bit AES-CBC |x o g a|=.k |
|*aes128ctr* |128 bit AES-COUNTER | |=.k |
|*aes192ctr* |192 bit AES-COUNTER | |=.k |
|*aes256ctr* |256 bit AES-COUNTER | |=.k |
|*aes128ccm8* or *aes128ccm64* |128 bit AES-CCM with 64 bit ICV | |=.k |
|*aes128ccm12* or *aes128ccm96* |128 bit AES-CCM with 96 bit ICV | |=.k |
|*aes128ccm16* or *aes128ccm128* |128 bit AES-CCM with 128 bit ICV | |=.k |
|*aes192ccm8* or *aes192ccm64* |192 bit AES-CCM with 64 bit ICV | |=.k |
|*aes192ccm12* or *aes192ccm96* |192 bit AES-CCM with 96 bit ICV | |=.k |
|*aes192ccm16* or *aes192ccm128* |192 bit AES-CCM with 128 bit ICV | |=.k |
|*aes256ccm8* or *aes256ccm64* |256 bit AES-CCM with 64 bit ICV | |=.k |
|*aes256ccm12* or *aes256ccm96* |256 bit AES-CCM with 96 bit ICV | |=.k |
|*aes256ccm16* or *aes256ccm128* |256 bit AES-CCM with 128 bit ICV | |=.k |
|*aes128gcm8* or *aes128gcm64* |128 bit AES-GCM with 64 bit ICV | |=.k |
|*aes128gcm12* or *aes128gcm96* |128 bit AES-GCM with 96 bit ICV | |=.k |
|*aes128gcm16* or *aes128gcm128* |128 bit AES-GCM with 128 bit ICV | |=.k |
|*aes192gcm8* or *aes192gcm64* |192 bit AES-GCM with 64 bit ICV | |=.k |
|*aes192gcm12* or *aes192gcm96* |192 bit AES-GCM with 96 bit ICV | |=.k |
|*aes192gcm16* or *aes192gcm128* |192 bit AES-GCM with 128 bit ICV | |=.k |
|*aes256gcm8* or *aes256gcm64* |256 bit AES-GCM with 64 bit ICV | |=.k |
|*aes256gcm12* or *aes256gcm96* |256 bit AES-GCM with 96 bit ICV | |=.k |
|*aes256gcm16* or *aes256gcm128* |256 bit AES-GCM with 128 bit ICV | |=.k |
|*aes128gmac* |Null encryption with 128 bit AES-GMAC | |=.k |
|*aes192gmac* |Null encryption with 192 bit AES-GMAC | |=.k |
|*aes256gmac* |Null encryption with 256 bit AES-GMAC | |=.k |
|*3des* |168 bit 3DES-EDE-CBC |x o g a|=.k |
|*blowfish128* or *blowfish* |128 bit Blowfish-CBC |x o g a|=.k |
|*blowfish192* |192 bit Blowfish-CBC |x o a |=.k |
|*blowfish256* |256 bit Blowfish-CBC |x o a |=.k |
|*camellia128* or *camellia* |128 bit Camellia-CBC | |=.k |
|*camellia192* |192 bit Camellia-CBC | |=.k |
|*camellia256* |256 bit Camellia-CBC | |=.k |
|*serpent128* or *serpent* |128 bit Serpent-CBC |>.g a |=.k |
|*serpent192* |192 bit Serpent-CBC |>.g a |=.k |
|*serpent256* |256 bit Serpent-CBC |>.g a |=.k |
|*twofish128* or *twofish* |128 bit Twofish-CBC |>.g a |=.k |
|*twofish192* |192 bit Twofish-CBC |>. a |=.k |
|*twofish256* |256 bit Twofish-CBC |>.g a |=.k |
*x* default built-in crypto library
*o* OpenSSL crypto library
*g* Gcrypt crypto library
*a* AF_ALG userland crypto API for Linux 2.6.38 kernel or newer
*k* Linux 2.6 kernel
h2. Integrity Algorithms
|Keyword |Description |=.IKE |=.ESP |=.Info|
|*md5* |MD5 HMAC |>. 96 bit |>. 96 bit | |
|*sha1* or *sha* |SHA1 HMAC |>. 96 bit |>. 96 bit | |
|*aesxcbc* |AES XCBC |>. n/a |>. 96 bit | |
|*sha2_256* or *sha256* |SHA2_256_128 HMAC |>.128 bit |>.128 bit |=.*t* |
|*sha2_384* or *sha384* |SHA2_384_192 HMAC |>.192 bit |>.192 bit | |
|*sha2_512* or *sha512* |SHA2_512_256 HMAC |>.256 bit |>.256 bit | |
|*sha2_256_96* or *sha256_96* |SHA2_256_96 HMAC |>. n/a |>. 96 bit |=.*p* *t* |
*p* strongSwan uses the value 252 from the IANA private use range
*t* before version 2.6.33 the Linux kernel incorrectly used 96 bit truncation for SHA-256
h2. Diffie Hellman Groups
h3. Modulo Prime Groups
|Keyword |DH Group |Modulus |IKE |
|*modp768* |=. 1 |>.768 bits |m o g|
|*modp1024* |=. 2 |>.1024 bits |m o g|
|*modp1536* |=. 5 |>.1536 bits |m o g|
|*modp2048* |=. 14 |>.2048 bits |m o g|
|*modp3072* |=. 15 |>.3072 bits |m o g|
|*modp4096* |=. 16 |>.4096 bits |m o g|
|*modp6144* |=. 17 |>.6144 bits |m o g|
|*modp8192* |=. 18 |>.8192 bits |m o g|
h3. Modulo Prime Groups with Prime Order Subgroup
|Keyword |DH Group |Modulus |Subgroup |IKE |
|*modp1024s160* |=. 22 |>.1024 bits |>.160 bits |m o g|
|*modp2048s224* |=. 23 |>.2048 bits |>.224 bits |m o g|
|*modp2048s256* |=. 24 |>.2048 bits |>.256 bits |m o g|
h3. NIST Elliptic Curve Groups
|Keyword |DH Group |Modulus |IKE |
|*ecp192* |=. 25 |>.192 bits |=.o |
|*ecp224* |=. 26 |>.224 bits |=.o |
|*ecp256* |=. 19 |>.256 bits |=.o |
|*ecp384* |=. 20 |>.384 bits |=.o |
|*ecp521* |=. 21 |>.521 bits |=.o |
h3. Brainpool Elliptic Curve Groups
|Keyword |DH Group |Modulus |IKE |
|*ecp224bp* |=. 27 |>.224 bits |=.o |
|*ecp256bp* |=. 28 |>.256 bits |=.o |
|*ecp384bp* |=. 29 |>.384 bits |=.o |
|*ecp512bp* |=. 30 |>.512 bits |=.o |
*m* GMP multi-precision library
*o* OpenSSL crypto library
*g* Gcrypt crypto library
The keywords listed below can be used with the _ike_ and _esp_ directives in [[IpsecConf|ipsec.conf]] to define cipher suites.
h2. Encryption Algorithms
|Keyword |Description |IKE |ESP |
|*null* |Null encryption | |=.k |
|*aes128* or *aes* |128 bit AES-CBC |x o g a|=.k |
|*aes192* |192 bit AES-CBC |x o g a|=.k |
|*aes256* |256 bit AES-CBC |x o g a|=.k |
|*aes128ctr* |128 bit AES-COUNTER | |=.k |
|*aes192ctr* |192 bit AES-COUNTER | |=.k |
|*aes256ctr* |256 bit AES-COUNTER | |=.k |
|*aes128ccm8* or *aes128ccm64* |128 bit AES-CCM with 64 bit ICV | |=.k |
|*aes128ccm12* or *aes128ccm96* |128 bit AES-CCM with 96 bit ICV | |=.k |
|*aes128ccm16* or *aes128ccm128* |128 bit AES-CCM with 128 bit ICV | |=.k |
|*aes192ccm8* or *aes192ccm64* |192 bit AES-CCM with 64 bit ICV | |=.k |
|*aes192ccm12* or *aes192ccm96* |192 bit AES-CCM with 96 bit ICV | |=.k |
|*aes192ccm16* or *aes192ccm128* |192 bit AES-CCM with 128 bit ICV | |=.k |
|*aes256ccm8* or *aes256ccm64* |256 bit AES-CCM with 64 bit ICV | |=.k |
|*aes256ccm12* or *aes256ccm96* |256 bit AES-CCM with 96 bit ICV | |=.k |
|*aes256ccm16* or *aes256ccm128* |256 bit AES-CCM with 128 bit ICV | |=.k |
|*aes128gcm8* or *aes128gcm64* |128 bit AES-GCM with 64 bit ICV | |=.k |
|*aes128gcm12* or *aes128gcm96* |128 bit AES-GCM with 96 bit ICV | |=.k |
|*aes128gcm16* or *aes128gcm128* |128 bit AES-GCM with 128 bit ICV | |=.k |
|*aes192gcm8* or *aes192gcm64* |192 bit AES-GCM with 64 bit ICV | |=.k |
|*aes192gcm12* or *aes192gcm96* |192 bit AES-GCM with 96 bit ICV | |=.k |
|*aes192gcm16* or *aes192gcm128* |192 bit AES-GCM with 128 bit ICV | |=.k |
|*aes256gcm8* or *aes256gcm64* |256 bit AES-GCM with 64 bit ICV | |=.k |
|*aes256gcm12* or *aes256gcm96* |256 bit AES-GCM with 96 bit ICV | |=.k |
|*aes256gcm16* or *aes256gcm128* |256 bit AES-GCM with 128 bit ICV | |=.k |
|*aes128gmac* |Null encryption with 128 bit AES-GMAC | |=.k |
|*aes192gmac* |Null encryption with 192 bit AES-GMAC | |=.k |
|*aes256gmac* |Null encryption with 256 bit AES-GMAC | |=.k |
|*3des* |168 bit 3DES-EDE-CBC |x o g a|=.k |
|*blowfish128* or *blowfish* |128 bit Blowfish-CBC |x o g a|=.k |
|*blowfish192* |192 bit Blowfish-CBC |x o a |=.k |
|*blowfish256* |256 bit Blowfish-CBC |x o a |=.k |
|*camellia128* or *camellia* |128 bit Camellia-CBC | |=.k |
|*camellia192* |192 bit Camellia-CBC | |=.k |
|*camellia256* |256 bit Camellia-CBC | |=.k |
|*serpent128* or *serpent* |128 bit Serpent-CBC |>.g a |=.k |
|*serpent192* |192 bit Serpent-CBC |>.g a |=.k |
|*serpent256* |256 bit Serpent-CBC |>.g a |=.k |
|*twofish128* or *twofish* |128 bit Twofish-CBC |>.g a |=.k |
|*twofish192* |192 bit Twofish-CBC |>. a |=.k |
|*twofish256* |256 bit Twofish-CBC |>.g a |=.k |
*x* default built-in crypto library
*o* OpenSSL crypto library
*g* Gcrypt crypto library
*a* AF_ALG userland crypto API for Linux 2.6.38 kernel or newer
*k* Linux 2.6 kernel
h2. Integrity Algorithms
|Keyword |Description |=.IKE |=.ESP |=.Info|
|*md5* |MD5 HMAC |>. 96 bit |>. 96 bit | |
|*sha1* or *sha* |SHA1 HMAC |>. 96 bit |>. 96 bit | |
|*aesxcbc* |AES XCBC |>. n/a |>. 96 bit | |
|*sha2_256* or *sha256* |SHA2_256_128 HMAC |>.128 bit |>.128 bit |=.*t* |
|*sha2_384* or *sha384* |SHA2_384_192 HMAC |>.192 bit |>.192 bit | |
|*sha2_512* or *sha512* |SHA2_512_256 HMAC |>.256 bit |>.256 bit | |
|*sha2_256_96* or *sha256_96* |SHA2_256_96 HMAC |>. n/a |>. 96 bit |=.*p* *t* |
*p* strongSwan uses the value 252 from the IANA private use range
*t* before version 2.6.33 the Linux kernel incorrectly used 96 bit truncation for SHA-256
h2. Diffie Hellman Groups
h3. Modulo Prime Groups
|Keyword |DH Group |Modulus |IKE |
|*modp768* |=. 1 |>.768 bits |m o g|
|*modp1024* |=. 2 |>.1024 bits |m o g|
|*modp1536* |=. 5 |>.1536 bits |m o g|
|*modp2048* |=. 14 |>.2048 bits |m o g|
|*modp3072* |=. 15 |>.3072 bits |m o g|
|*modp4096* |=. 16 |>.4096 bits |m o g|
|*modp6144* |=. 17 |>.6144 bits |m o g|
|*modp8192* |=. 18 |>.8192 bits |m o g|
h3. Modulo Prime Groups with Prime Order Subgroup
|Keyword |DH Group |Modulus |Subgroup |IKE |
|*modp1024s160* |=. 22 |>.1024 bits |>.160 bits |m o g|
|*modp2048s224* |=. 23 |>.2048 bits |>.224 bits |m o g|
|*modp2048s256* |=. 24 |>.2048 bits |>.256 bits |m o g|
h3. NIST Elliptic Curve Groups
|Keyword |DH Group |Modulus |IKE |
|*ecp192* |=. 25 |>.192 bits |=.o |
|*ecp224* |=. 26 |>.224 bits |=.o |
|*ecp256* |=. 19 |>.256 bits |=.o |
|*ecp384* |=. 20 |>.384 bits |=.o |
|*ecp521* |=. 21 |>.521 bits |=.o |
h3. Brainpool Elliptic Curve Groups
|Keyword |DH Group |Modulus |IKE |
|*ecp224bp* |=. 27 |>.224 bits |=.o |
|*ecp256bp* |=. 28 |>.256 bits |=.o |
|*ecp384bp* |=. 29 |>.384 bits |=.o |
|*ecp512bp* |=. 30 |>.512 bits |=.o |
*m* GMP multi-precision library
*o* OpenSSL crypto library
*g* Gcrypt crypto library