IKEv1 Cipher Suites » History » Version 7
Version 6 (Andreas Steffen, 20.06.2009 08:52) → Version 7/31 (Andreas Steffen, 13.07.2009 07:42)
h1. IKEv1 Cipher Suites
h2. Encryption Algorithms
|Keyword |Description |IKE |ESP |
|*null* |Null encryption | |=.k |
|*aes128* or *aes* |128 bit AES-CBC |x o g|=.k |
|*aes192* |192 bit AES-CBC |x o g|=.k |
|*aes256* |256 bit AES-CBC |x o g|=.k |
|*aes128ctr* |128 bit AES-COUNTER | |=.k |
|*aes192ctr* |192 bit AES-COUNTER | |=.k |
|*aes256ctr* |256 bit AES-COUNTER | |=.k |
|*aes128ccm8* or *aes128ccm64* |128 bit AES-CCM with 64 bit ICV | |=.k |
|*aes128ccm12* or *aes128ccm96* |128 bit AES-CCM with 96 bit ICV | |=.k |
|*aes128ccm16* or *aes128ccm128* |128 bit AES-CCM with 128 bit ICV | |=.k |
|*aes192ccm8* or *aes192ccm64* |192 bit AES-CCM with 64 bit ICV | |=.k |
|*aes192ccm12* or *aes192ccm96* |192 bit AES-CCM with 96 bit ICV | |=.k |
|*aes192ccm16* or *aes192ccm128* |192 bit AES-CCM with 128 bit ICV | |=.k |
|*aes256ccm8* or *aes256ccm64* |256 bit AES-CCM with 64 bit ICV | |=.k |
|*aes256ccm12* or *aes256ccm96* |256 bit AES-CCM with 96 bit ICV | |=.k |
|*aes256ccm16* or *aes256ccm128* |256 bit AES-CCM with 128 bit ICV | |=.k |
|*aes128gcm8* or *aes128gcm64* |128 bit AES-GCM with 64 bit ICV | |=.k |
|*aes128gcm12* or *aes128gcm96* |128 bit AES-GCM with 96 bit ICV | |=.k |
|*aes128gcm16* or *aes128gcm128* |128 bit AES-GCM with 128 bit ICV | |=.k |
|*aes192gcm8* or *aes192gcm64* |192 bit AES-GCM with 64 bit ICV | |=.k |
|*aes192gcm12* or *aes192gcm96* |192 bit AES-GCM with 96 bit ICV | |=.k |
|*aes192gcm16* or *aes192gcm128* |192 bit AES-GCM with 128 bit ICV | |=.k |
|*aes256gcm8* or *aes256gcm64* |256 bit AES-GCM with 64 bit ICV | |=.k |
|*aes256gcm12* or *aes256gcm96* |256 bit AES-GCM with 96 bit ICV | |=.k |
|*aes256gcm16* or *aes256gcm128* |256 bit AES-GCM with 128 bit ICV | |=.k |
|*3des* |168 bit 3DES-EDE-CBC |x o g|=.k |
|*blowfish128* or *blowfish* |128 bit Blowfish-CBC |x o g|=.k |
|*blowfish192* |192 bit Blowfish-CBC |x o |=.k |
|*blowfish256* |256 bit Blowfish-CBC |x o |=.k |
|*camellia128* or *camellia* |128 bit Camellia-CBC | |=.k |
|*camellia192* |192 bit Camellia-CBC | |=.k |
|*camellia256* |256 bit Camellia-CBC | |=.k |
|*serpent128* or *serpent* |128 bit Serpent-CBC |>.g |=.k |
|*serpent192* |192 bit Serpent-CBC |>.g |=.k |
|*serpent256* |256 bit Serpent-CBC |>.g |=.k |
|*twofish128* or *twofish* |128 bit Twofish-CBC |>.g |=.k |
|*twofish192* |192 bit Twofish-CBC | |=.k |
|*twofish256* |256 bit Twofish-CBC |>.g |=.k |
*x* default built-in crypto library
*o* OpenSSL crypto library
*g* Gcrypt crypto library
*k* Linux 2.6 kernel
h2. Integrity Algorithms
|Keyword |Description |IKE |ESP |
|*sha1* or *sha* |SHA1 HMAC | 96 bit | 96 bit |
|*sha2_256* or *sha256* |SHA2_256 HMAC |128 bit | 96 bit |
|*sha2_384* or *sha384* |SHA2_384 HMAC |192 bit | |
|*sha2_512* or *sha512* |SHA2_512 HMAC |256 bit | |
|*md5* |MD5 HMAC | 96 bit | 96 bit |
|*aesxcbc* |AES XCBC | | 96 bit |
h2. Diffie Hellman Groups
h3. RSA Groups
|Keyword |DH Group |Modulus |IKE |
|*modp768* |=. 1 |>.768 bits |m o g|
|*modp1024* |=. 2 |>.1024 bits |m o g|
|*modp1536* |=. 5 |>.1536 bits |m o g|
|*modp2048* |=. 14 |>.2048 bits |m o g|
|*modp3072* |=. 15 |>.3072 bits |m o g|
|*modp4096* |=. 16 |>.4096 bits |m o g|
|*modp6144* |=. 17 |>.6144 bits |m o g|
|*modp8192* |=. 18 |>.8192 bits |m o g|
h3. Elliptic Curve Groups
|Keyword |DH Group |Modulus |IKE |
|*ecp192* |=. 25 |>.192 bits |=.o |
|*ecp224* |=. 26 |>.224 bits |=.o |
|*ecp256* |=. 19 |>.256 bits |=.o |
|*ecp384* |=. 20 |>.384 bits |=.o |
|*ecp521* |=. 21 |>.521 bits |=.o |
*m* GMP multi-precision library
*o* OpenSSL crypto library
*g* Gcrypt crypto library
h2. Encryption Algorithms
|Keyword |Description |IKE |ESP |
|*null* |Null encryption | |=.k |
|*aes128* or *aes* |128 bit AES-CBC |x o g|=.k |
|*aes192* |192 bit AES-CBC |x o g|=.k |
|*aes256* |256 bit AES-CBC |x o g|=.k |
|*aes128ctr* |128 bit AES-COUNTER | |=.k |
|*aes192ctr* |192 bit AES-COUNTER | |=.k |
|*aes256ctr* |256 bit AES-COUNTER | |=.k |
|*aes128ccm8* or *aes128ccm64* |128 bit AES-CCM with 64 bit ICV | |=.k |
|*aes128ccm12* or *aes128ccm96* |128 bit AES-CCM with 96 bit ICV | |=.k |
|*aes128ccm16* or *aes128ccm128* |128 bit AES-CCM with 128 bit ICV | |=.k |
|*aes192ccm8* or *aes192ccm64* |192 bit AES-CCM with 64 bit ICV | |=.k |
|*aes192ccm12* or *aes192ccm96* |192 bit AES-CCM with 96 bit ICV | |=.k |
|*aes192ccm16* or *aes192ccm128* |192 bit AES-CCM with 128 bit ICV | |=.k |
|*aes256ccm8* or *aes256ccm64* |256 bit AES-CCM with 64 bit ICV | |=.k |
|*aes256ccm12* or *aes256ccm96* |256 bit AES-CCM with 96 bit ICV | |=.k |
|*aes256ccm16* or *aes256ccm128* |256 bit AES-CCM with 128 bit ICV | |=.k |
|*aes128gcm8* or *aes128gcm64* |128 bit AES-GCM with 64 bit ICV | |=.k |
|*aes128gcm12* or *aes128gcm96* |128 bit AES-GCM with 96 bit ICV | |=.k |
|*aes128gcm16* or *aes128gcm128* |128 bit AES-GCM with 128 bit ICV | |=.k |
|*aes192gcm8* or *aes192gcm64* |192 bit AES-GCM with 64 bit ICV | |=.k |
|*aes192gcm12* or *aes192gcm96* |192 bit AES-GCM with 96 bit ICV | |=.k |
|*aes192gcm16* or *aes192gcm128* |192 bit AES-GCM with 128 bit ICV | |=.k |
|*aes256gcm8* or *aes256gcm64* |256 bit AES-GCM with 64 bit ICV | |=.k |
|*aes256gcm12* or *aes256gcm96* |256 bit AES-GCM with 96 bit ICV | |=.k |
|*aes256gcm16* or *aes256gcm128* |256 bit AES-GCM with 128 bit ICV | |=.k |
|*3des* |168 bit 3DES-EDE-CBC |x o g|=.k |
|*blowfish128* or *blowfish* |128 bit Blowfish-CBC |x o g|=.k |
|*blowfish192* |192 bit Blowfish-CBC |x o |=.k |
|*blowfish256* |256 bit Blowfish-CBC |x o |=.k |
|*camellia128* or *camellia* |128 bit Camellia-CBC | |=.k |
|*camellia192* |192 bit Camellia-CBC | |=.k |
|*camellia256* |256 bit Camellia-CBC | |=.k |
|*serpent128* or *serpent* |128 bit Serpent-CBC |>.g |=.k |
|*serpent192* |192 bit Serpent-CBC |>.g |=.k |
|*serpent256* |256 bit Serpent-CBC |>.g |=.k |
|*twofish128* or *twofish* |128 bit Twofish-CBC |>.g |=.k |
|*twofish192* |192 bit Twofish-CBC | |=.k |
|*twofish256* |256 bit Twofish-CBC |>.g |=.k |
*x* default built-in crypto library
*o* OpenSSL crypto library
*g* Gcrypt crypto library
*k* Linux 2.6 kernel
h2. Integrity Algorithms
|Keyword |Description |IKE |ESP |
|*sha1* or *sha* |SHA1 HMAC | 96 bit | 96 bit |
|*sha2_256* or *sha256* |SHA2_256 HMAC |128 bit | 96 bit |
|*sha2_384* or *sha384* |SHA2_384 HMAC |192 bit | |
|*sha2_512* or *sha512* |SHA2_512 HMAC |256 bit | |
|*md5* |MD5 HMAC | 96 bit | 96 bit |
|*aesxcbc* |AES XCBC | | 96 bit |
h2. Diffie Hellman Groups
h3. RSA Groups
|Keyword |DH Group |Modulus |IKE |
|*modp768* |=. 1 |>.768 bits |m o g|
|*modp1024* |=. 2 |>.1024 bits |m o g|
|*modp1536* |=. 5 |>.1536 bits |m o g|
|*modp2048* |=. 14 |>.2048 bits |m o g|
|*modp3072* |=. 15 |>.3072 bits |m o g|
|*modp4096* |=. 16 |>.4096 bits |m o g|
|*modp6144* |=. 17 |>.6144 bits |m o g|
|*modp8192* |=. 18 |>.8192 bits |m o g|
h3. Elliptic Curve Groups
|Keyword |DH Group |Modulus |IKE |
|*ecp192* |=. 25 |>.192 bits |=.o |
|*ecp224* |=. 26 |>.224 bits |=.o |
|*ecp256* |=. 19 |>.256 bits |=.o |
|*ecp384* |=. 20 |>.384 bits |=.o |
|*ecp521* |=. 21 |>.521 bits |=.o |
*m* GMP multi-precision library
*o* OpenSSL crypto library
*g* Gcrypt crypto library