Intermediate Exchange: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 5: | Line 5: | ||
== Implementation == | == Implementation == | ||
To allow the use of Intermediate Exchange in libreswan, the following options were added: | |||
* The value 43 was picked to define a new exchange type, IKE_INTERMEDIATE. The value 16438 defines INTERMEDIATE_EXCHANGE_SUPPORTED Notify messages. The numbers were assigned by IANA. | |||
* Changes were made in source files (programs/pluto/''ikev2_*.c'') where IKEv2 is implemented. For now, only a single round of Intermediate Exchanges is supported, since the post-quantum cryptographic algorithms are not yet a part of NSS API. | |||
* New state transitions were added in programs/pluto/''ikev2.c'' to support Intermediate Exchange. | |||
* New connection option was added which can be configured with '''intermediate=yes'''. | |||
* Test suite changes. | |||
== Future work == | == Future work == | ||
* Interoperability test with Elvis Plus | |||
== Source code == | == Source code == | ||
Revision as of 14:12, 30 August 2020
Introduction
Implementation
To allow the use of Intermediate Exchange in libreswan, the following options were added:
- The value 43 was picked to define a new exchange type, IKE_INTERMEDIATE. The value 16438 defines INTERMEDIATE_EXCHANGE_SUPPORTED Notify messages. The numbers were assigned by IANA.
- Changes were made in source files (programs/pluto/ikev2_*.c) where IKEv2 is implemented. For now, only a single round of Intermediate Exchanges is supported, since the post-quantum cryptographic algorithms are not yet a part of NSS API.
- New state transitions were added in programs/pluto/ikev2.c to support Intermediate Exchange.
- New connection option was added which can be configured with intermediate=yes.
- Test suite changes.
Future work
- Interoperability test with Elvis Plus
Source code
Code commit : https://github.com/yulia-kuz/libreswan/commit/3af9f006f3f3150d66e8144cb243c00ae9ff3eb0
The implementation for this project is done by Yulia Kuzovkova (ukuzovkova@gmail.com) under the mentorship of Sahana Prasad and Paul Wouters and sponsored by Google as part of Google Summer of Code 2020 Program.