1 CHANGES.ipsec_alg,v 1.1.2.13 2002/05/30 03:12:03 jjo Exp
3 v0.8.0: Phase1 cipher algorithms support, plus MODP2048
4 - rc1: no user visible changes (polishing)
5 - pre14: force initialization of new vars in whack.c
6 - pre13: fixed make *go, different CFLAGS in libcrypto for pluto
9 - NEW: added Phase1 (IKE) algorithms:
10 AES, twofish, serpent, blowfish; SHA2_256, SHA2_512
11 - NEW: IKE algorithm selection
12 ike="aes128-sha,aes128-md5"
13 - NEW: IKE DH group selection (if not selected will default
14 to current 1536,1024) eg:
15 ike="aes128-sha-modp2048"
16 as current stock, PFS group will be same as P1's DH.
17 - NEW: support for OAKLEY_MODP2048 (only by explicit selection),
18 with _warnings_ if it takes "too" long to compute_dh_shared.
20 - keylen handling fixes for ESP proposals
21 - show algos for newest connection state (IKE and ESP)
22 + ipsec auto --status | grep algo.*newe
23 - added patches from Mathieu Lafon - Arkoon Network Security,
25 . (optional, me) strict response with esp= only algos by
26 adding '!' to esp string, eg: esp=aes128-sha1,aes128-md5!
27 . NULL esp= string handling: propose everything.
28 - massive cipher code reorganization, new ./libcrypto/lib<algo>
29 hierachy, almost no code changes.
31 - [OT] contributed SHA2 patch to KAME project (typo error
34 - **possibly esp= string incompatible change**
35 bumped AES,Serpent,twofish to 128-256 keys, so now you
36 *MUST* specify keylength in alg string (defaults to max algo keylen)
39 esp=aes128-md5 (explicit keylen)
41 v0.7.3: KLIPS ext->alg rename, manual conn support
43 The most user visible change is just 1 AES option, no more CAST and manual
44 connection support (tested Ok with cloned scripts from ./testing/ ).
46 Changes from previous release:
47 * KLIPS: the big rename
48 - renamed *ipsec_ext* to *ipsec_alg*, *IPSEC_EXT* to *IPSEC_ALG*,
49 everywhere: in filenames, interface and Config*.in => you must
50 re-select kernel build configuration for IPSEC_ALG_*
52 - implemented 2linked list ipsec_alg registration instead
53 of fixed arrays => some space savings and better scalability
54 (debugged from previous available beta ).
55 - more documentation in ipsec_alg.[ch]
56 - CAST discontinued, AES: only 1 impl (mailing list discussion)
58 * KLIPS UTILS: manual connection support
59 - manual conn support (klips/utils/spi.c)
60 . same pluto parser for esp strings
62 . Makefile trickery to allow compilation "from" some pluto sources
63 (constants.c, kernel_alg.c, alg_info.c)
65 * PLUTO: stricter runtime kernel algo checking
66 - stricter runtime algo checking in spdb.c, makes proposal
67 selection as responder more robust by avoiding *falsely* accepting
68 proposals for stock algos (3DES, MD5, SHA1) if not present.
73 - make pluto patch for x509 patched freeswan.
74 - fixed pluto crash for RW cases (alg_info ref_cnt).
76 v0.7.2a: "spawn of the missing link"
79 - ipsec auto --status gives verbose info about discovered algos:
81 + ipsec auto --status | egrep ESP
82 000 algorithm ESP encrypt: id=3, name=ESP_3DES
83 000 algorithm ESP encrypt: id=12, name=ESP_AES
84 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5
85 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1
86 000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256
87 000 algorithm ESP auth attr: id=7, name=AUTH_ALGORITHM_HMAC_SHA2_512
88 000 "quark-nkosa": ESP algorithms wanted: 12/000-2/000, \
89 253/000-2/000, 252/000-2/000, 7/000-2/000, 6/000-2/000, \
90 11/000-2/000, 3/000-2/000,
91 000 "quark-nkosa": ESP algorithms loaded: 12/128-2/160, 3/168-2/160,
95 . SHA1, MD5, RIPEMD (all with opt. x86 asm);
96 . experimental XCBC_MAC_AES
98 - tested over linux-2.2.x
100 - working STATIC compilation for all modules (with core ipsec.o
103 - tested interop with SSH Sentinel for all common modules:
104 aes(rinjdael), twofish, blowfish, cast, 3des (module)
106 - ext modules (loaded or static) will prevail stock implementation:
107 you can compile with all stock algos and insert modules (for
108 same algos: 3DES, SHA1, MD5) to test/benchmark them.
111 - *NEW* ESP auth hooks (!)
112 - STATIC COMPILATION of any module (with static or modular ipsec.o)
113 pretty bloody work... to cope with ^^^^^^^^^^^^^^^^^^^^^^^^^^^
114 - Makefile changes (eg: make -C ext clean ... works recursely)
115 - changed hooking code and logic:
116 a loaded MODULE will hook BEFORE stock algo (3des, md5, sha1)
117 ie. you can test the new modules by just loading them and
119 This allows, eg. compiling ipsec.o WITHOUT any algo (and load
121 - ipsec_sa->ipsec_ext link: ip_sa->ips_ext_{enc,auth}
122 . no more lookups with enc_alg for each packet processing (obvious)
123 . no more micro-locking: just count ipsec_sa' pointer for ref count
124 . direct usage of ipsec_ext data from other places, eg:
125 ipsec_tunnel.c: ip_s->ipsec_ext_enc->blocksize
126 - new struct ipsec_ext_enc, ipsec_ext_auth "derived" from
127 struct ipsec_ext (thanks cpp :)
128 - BIG cleanup: about 20% less lines of code in ipsec_ext.c (450 lin)
129 - IV,esp_head functions eliminated, direct IV handling
131 - tiny exported interface (ipsec_ext.h)
132 - INC/DEC MODULE usage count (you'll actually _see_ your algo module
134 - namespace (structs, fields) re-arranged
135 - prefix all ipsec_ext fields with "ixt_", "ixt_e_" and "ixt_a_"
136 - NOT-YET: sadb 256 array alternative: linked list, etc
139 - ipsec auto --status will show very useful info about algos loaded
140 - SADB_AALG_MAX=15, debug ESP auth registration
141 - better diagnostics for absent kernel algos for esp selection
142 - changed logic in spdb.c to allow replacing any ESP proposal =>
143 added "policy" parameter, used in kernel_alg_db_prop_new()
146 ************************************************************************
147 * recall that from v0.6 pluto MUST have the esp= connection parameter
148 * in the dotconf connection section
151 * to propose/use AES transform (_and_ 3DES).
153 * Pluto WILL ONLY offer esp= list, checking 1-by-1 if
154 * if kernel cipher support IS LOADED and skipping that one if not.
156 * So, if you want previous behaviour (offer-all-loaded-ciphers) just add:
159 * esp=aes,twofish,serpent,cast,blowfish,3des
161 * Some valid transform strings:
162 * "aes" equiv. to "aes128-md5,aes128-sha1"
163 * "aes-sha1" equiv. to "aes128-sha1"
164 * "aes128-sha1, 3des-sha1"
165 * "aes128,blowfish96,3des"
166 * "aes-sha2_256,aes-sha2_512"
168 ***********************************************************************
174 libaes pentium asm implementation: 2x speed !
177 alternative (also 2x) impl. upgraded to libaes-0.03
178 (from Nigel at libaes.sourceforge.net)
179 - some minor tweaks to minimize ipsec_ext_aes.c ipsec_ext_aes-opt.c diff
183 - added ipsec_aes-opt: AES optimized impl. from Nigel
184 (libaes.sourceforge.net)
186 - enhanced and cleaned up esp= dotconf parsing code
191 - renamed blowfish: "bf" -> "blowfish" (ie: modprobe ipsec_blowfish)
195 * KLIPS: _no_changes_
196 * PLUTO: esp= configurabilty
197 - added enum_search() to constants.c: returns value if strcmp()==0
198 Used by parsing logic tricks to allow searching in enum_names
199 arrays (thus avoiding yetanother duplication), eg:
201 "md5" -> "AUTH_ALGORITHM_HMAC_MD5"
202 - added "esp" parsing to utils/auto, default=3des
203 - added msg.esp (string 7) to whack->pluto protocol
204 - new file alg_info.c for esp algo parsing logic
205 . build proposals with esp= ordered list only _ANDed_
206 with registered (runtime kernel) ESP algos
207 Eg: (assuming all these algos are loaded) in ipsec.conf
209 <none> or esp= # default: 3DES+{MD5,SHA1}
210 esp=3des-sha1 # only this: 3DES+SHA1
211 esp=aes,cast # AES+{MD5,SHA1}, CAST+{MD5,SHA1}
212 - alg_info_test: test utility for esp algo parsing, eg:
215 $ ./alg_info_test aes,cast,3des-sha1
216 (12 = "ESP_AES", 1 = "AUTH_ALGORITHM_HMAC_MD5")
217 (12 = "ESP_AES", 2 = "AUTH_ALGORITHM_HMAC_SHA1")
218 (6 = "ESP_CAST", 1 = "AUTH_ALGORITHM_HMAC_MD5")
219 (6 = "ESP_CAST", 2 = "AUTH_ALGORITHM_HMAC_SHA1")
220 (3 = "ESP_3DES", 2 = "AUTH_ALGORITHM_HMAC_SHA1")
222 v0.5: "kidnapped CPU hero"
224 NOTE: you must _really_ clean the build area (*.o ) because some _MAX
228 - Changed SADB_EALG_MAX from 12 to 256 (to accomodate ESP enc ids
229 like ESP_SERPENT=252, ESP_TWOFISH=253)
230 - Added timing measurement tests (cipher "bandwidth"), eg:
231 # modprobe ipsec_twofish test=1
233 ipsec_twofish_init(enc_alg=253 name=twofish): ret=0
234 klips_debug:ipsec_ext_test: enc_alg=253 blocksize=16 \
235 key_e_size=8892 keysize=16
236 klips_debug:ipsec_ext_test: cbc_encrypt=1 ret=1024
237 klips_debug:ipsec_ext_test: memcmp(enc, tmp) ret=1: OK.
238 klips_debug:ipsec_ext_test: cbc_encrypt=0 ret=1024
239 klips_debug:ipsec_ext_test: memcmp(dec,tmp) ret=0: OK.
240 klips_debug:ipsec_ext_test: decrypt speed=25200 KB/s
241 klips_debug:ipsec_ext_test: encrypt speed=28600 KB/s
242 ipsec_twofish_init(enc_alg=253): test_ret=0
244 - Changed BLOWFISH to use asm versions if possible
245 - Added SERPENT, TWOFISH from
246 Dr Brian Gladman http://fp.gladman.plus.com/index.html
247 (nicely hacked to un-global-ize sources)
249 OpenBSD sources ("public domain")
250 *tested Ok against OpenBSD 3.0*
255 - (also touched by SADB_EALG_MAX changes) please _really_ clean
256 lib/*.o pluto/*.o before recompiling
257 - esp_transform_name bumped to 256 entries (from about 12)
258 - first attr.key_len processing (be careful, may break)
259 no negotiation, just use peers attr.key_len if it's lower
261 - patch from Nigel Metheringham to allow RH62/2.2.20 compilation
264 First release (should fill-in here :)