v0.6: "esp= support" Changes from v0.5: * KLIPS: _no_changes_ * PLUTO: esp= configurabilty - added enum_search() to constants.c: returns value if strcmp()==0 Used by parsing logic tricks to allow searching in enum_names arrays (thus avoiding yetanother duplication), eg: "3des" -> "ESP_3DES" "md5" -> "AUTH_ALGORITHM_HMAC_MD5" - added "esp" parsing to utils/auto, default=3des - added msg.esp (string 7) to whack->pluto protocol - new file alg_info.c for esp algo parsing logic . build proposals with esp= ordered list only _ANDed_ with registered (runtime kernel) ESP algos Eg: (assuming all these algos are loaded) in ipsec.conf connection section: or esp= # default: 3DES+{MD5,SHA1} esp=3des-sha1 # only this: 3DES+SHA1 esp=aes,cast # AES+{MD5,SHA1}, CAST+{MD5,SHA1} - alg_info_test: test utility for esp algo parsing, eg: $ cd pluto $ make alg_info_test $ ./alg_info_test aes,cast,3des-sha1 (12 = "ESP_AES", 1 = "AUTH_ALGORITHM_HMAC_MD5") (12 = "ESP_AES", 2 = "AUTH_ALGORITHM_HMAC_SHA1") (6 = "ESP_CAST", 1 = "AUTH_ALGORITHM_HMAC_MD5") (6 = "ESP_CAST", 2 = "AUTH_ALGORITHM_HMAC_SHA1") (3 = "ESP_3DES", 2 = "AUTH_ALGORITHM_HMAC_SHA1") v0.5: "kidnapped CPU hero" Changes from v0.4: NOTE: you must _really_ clean the build area (*.o ) because some _MAX values have changed. * KLIPS - Changed SADB_EALG_MAX from 12 to 256 (to accomodate ESP enc ids like ESP_SERPENT=252, ESP_TWOFISH=253) - Added timing measurement tests (cipher "bandwidth"), eg: # modprobe ipsec_twofish test=1 # dmesg | tail -9 ipsec_twofish_init(enc_alg=253 name=twofish): ret=0 klips_debug:ipsec_ext_test: enc_alg=253 blocksize=16 \ key_e_size=8892 keysize=16 klips_debug:ipsec_ext_test: cbc_encrypt=1 ret=1024 klips_debug:ipsec_ext_test: memcmp(enc, tmp) ret=1: OK. klips_debug:ipsec_ext_test: cbc_encrypt=0 ret=1024 klips_debug:ipsec_ext_test: memcmp(dec,tmp) ret=0: OK. klips_debug:ipsec_ext_test: decrypt speed=25200 KB/s klips_debug:ipsec_ext_test: encrypt speed=28600 KB/s ipsec_twofish_init(enc_alg=253): test_ret=0 - Changed BLOWFISH to use asm versions if possible - Added SERPENT, TWOFISH from Dr Brian Gladman http://fp.gladman.plus.com/index.html (nicely hacked to un-global-ize sources) - Added CAST from OpenBSD sources ("public domain") *tested Ok against OpenBSD 3.0* - Added NULL from me :) * PLUTO - (also touched by SADB_EALG_MAX changes) please _really_ clean lib/*.o pluto/*.o before recompiling - esp_transform_name bumped to 256 entries (from about 12) - first attr.key_len processing (be careful, may break) no negotiation, just use peers attr.key_len if it's lower than maxkeybits - patch from Nigel Metheringham to allow RH62/2.2.20 compilation v0.4: First release (should fill-in here :)