READMe-ipsec_alg.txt       --Juanjo <jjo-ipsec@mendoza.gov.ar> $Date: 2002/07/12 19:09:08 $
====================         Linux IP Aliasing creator, IPMASQ 2.2 Maintainer

Modular ALGO support version 0.8.0 for freeswan-1.98b.
PLEASE read CHANGES.ipsec_alg file for updates.

* New IKE (Phase1) algos:
  Encrypt : AES, Twofish, Serpent, Blowfish, CAST
  Auth:     SHA2

* New ESP (Phase2 or manual) kernel algos:
  Encrypt : AES [*] , Twofish, Serpent, Blowfish [*], CAST [*]
  Auth:     SHA2, MD5 [*], SHA1 [*].

  [*] uses x86 assembler implementation if possible

* New DH and PFS groups: 2048, 3072, 4096

***                                                     ***
*** AES ESP achieves 2x to 3x SPEED INCREASE over 3DES  ***
***                                                     ***

All algorithms (including DH groups) _per_connection_ selectable.
Alternative x509 pluto patch with same features.

Tested on linux 2.4.18/i386, 2.4.9-31/i386; 2.2.16/s390 (surprise! :)

* Known userbase:
  + Debian 3.0 distro, since Mar 2002 
  + Devil-linux distro, since Jun 2002 <heiko@zuerker.org>

* Highlights
  + *optimized* AES cipher can achieve 2x to 3x SPEED INCREASE (or CPU unhog),
    thus converting (see docs/performance.html) CPU=C*25 to 

       CPU [mhz]= C [mbit/s] *10 

    thus, you can almost saturate a 100mbit/s link with 1GHz PIII with
    these new ESP cipher modules.

  + interop: patched/stock freeswan, OpenBSD 3.0, FreeBSD-4.5 and SSH Sentinel
    * PLEASE READ AHEAD (TABLE) *

  + IKE encrypt algos: AES, Twofish, Serpent, Blowfish.
    with configurable keylen, eg: aes128 ... aes256

  + IKE hash algos: SHA2.

  + ESP modular ciphers and authenticators (generic KLIPS hooks)
    ie. just do:  modprobe ipsec_aes

  + ESP encrypt algos: AES, Serpent, Twofish, Blowfish, CAST and
    (modularized) 3DES; configurable keylen, eg: aes128 ... aes256

  + ESP auth algos: SHA2, SHA1, MD5, RIPEMD  and (experimental) XCBC_MAC_AES

  + x509 coexistance  (alternative pluto patch)

  + timing tests support (raw algo speed):

  	modprobe ipsec_aes test=1; dmesg | tail -10
	modprobe ipsec_3des test=1; dmesg | tail -10

  + New pluto features
    . create P1 proposals from ike= config parameter (eg: ike=aes128-sha)
    . create P2 proposals from esp= config parameters (eg: esp=aes128-sha1 ) ANDed
      with kernel algos actually present.
    . IKE: show algos status (ipsec auto --status | egrep IKE)
    . ESP: show algos status (ipsec auto --status | egrep ESP)
    . IKE, ESP: show algos for each conn. 
    	  ipsec auto --status | egrep algo.*newe
    . ESP: get informed of new runtime algos available upon
      module loading/unloading (from kernel SADB_REGISTER)
    . new IKE algos get added from ./pluto/alg/*ike_alg*

  + manual conn support for all algorithms (with same esp string)
    . allow manual conns with same algorithm strings as pluto, reads
      /proc/net/pf_key_supported to validate algorithm "presence" and
      key sizes (and thus "predict" EINVAL errors).

* KLIPS Changes (for developers):
  + truely non-invasive patch
  + generalized algo hook for ESP encrypt and auth
  + ipsec_alg object linked (pointed) from ipsec_sa
  + generic ESP algo [un]registration dispatches SADB_REGISTER msg
    with new algos info, which is fully parsed by patched pluto.
  + loaded modules will "override" stock ones (get linked and called first)
  + actual WORKING implemented algos: 
    encrypt: AES, Twofish, Serpent, Blowfish, 3DES (discont'd: CAST)
    auth:    SHA2, SHA1, MD5, XCBC_MAC_AES (discont'd: RIPEMD)

************************************************************************
Interop TESTS (besides self-to-self)
  FSW           : stock freeswan 1.98b
  OBSD          : OpenBSD 3.0
  FBSD		: FreeBSD 4.5 (KAME)
  SSHs          : SSH Sentinel 1.3

-------------- ----------------------------------------------------------------
#ESP encryption algos:                                     
-Algorithm x86asm module-name    dotconf            interop tests
 AES           y  ipsec_aes      esp=aes                OBSD FBSD SSHs *(3,4)
 3DES          y  ipsec_3des     esp=3des           FSW OBSD FBSD SSHs
 SERPENT       n  ipsec_serpent  esp=serpent        -
 NULL          -  ipsec_null     esp=null           -
 BLOWFISH      y  ipsec_blowfish esp=blowfish           OBSD FBSD SSHs *(3,5)
 CAST          y  ipsec_cast     esp=cast               OBSD FBSD SSHs *(3,6)
 TWOFISH       n  ipsec_twofish  esp=twofish                  --  SSHs
--------------
#ESP authentication algos:
-Algorithm x86asm module-name    dotconf            interop tests
 SHA2_256      n  ipsec_sha2     esp=<enc>-sha2_256 -
 SHA2_512      n  ipsec_sha2     esp=<enc>-sha2_512 -
 SHA1          y  ipsec_sha1     esp=<enc>-sha1     FSW OBSD FBSD SSHs
 MD5           y  ipsec_md5      esp=<enc>-md5      FSW OBSD FBSD SSHs
 RIPEMD        y  ipsec_ripemd   esp=<enc>-ripemd       OBSD             (*1)
 XCBC_MAC_AES  y  ipsec_aes      esp=<enc>-id9      -                    (*2)
-------------- ---------------------------------------------------------------
#IKE encryption algos:
-Algorithm x86asm  dotconf            interop tests
 AES           -   ike=aes128              --  FBSD SSHs
 BLOWFISH      -   ike=blowfish128        OBSD FBSD SSHs
 CAST          -   ike=cast128            OBSD FBSD SSHs (*3)
 TWOFISH       -   ike=twofish128          --   --  SSHs
 3DES          -   ike=3des              ---stock-algo---
--------------
#IKE hash algos:
-Algorithm x86asm  dotconf            interop tests
 MD5           -   ike=<enc>-md5         ---stock-algo---
 SHA1          -   ike=<enc>-sha         ---stock-algo---
 SHA2_256      -   ike=<enc>-sha2_256      --  FBSD  -- 
 SHA2_512      -   ike=<enc>-sha2_512      --   --   --  FBSD/KAME fails
-------------- ---------------------------------------------------------------
x86-asm       : if arch==i586/i686 it uses optimized assembler 
                you can disable with   env NO_ASM=1 make ...

(*1) only with OBSD as initiatior, fails if passive
(*2) experimental  (draft-ietf-ipsec-ciph-aes-xcbc-mac-00.txt), working Ok
     enable with:  "modprobe ipsec_aes auth_id=<n>" and n<=8, 
     I privately test with n=9, and put  "esp=aes-id9" in dotconf.
(*3) only with SSHs as responder because SSHs makes a proposal with 
     OAKLEY_ENCRYPTION_ALGORITHM=65289.
     SOLUTION: apply extras/patch-ssh-sentinel-IKE2.diff to allow
     SSHs originated SAs (it justs make pluto know about 65289),
     of course, will still negotiate OAKLEY_3DES_CBC.
     ^^THIS INFO MAYBE OUTDATED^^
     
(*4) for SSHs and FBSD: specify "esp=aes128" in dotconf
(*5) for FBSD and OBSD: specify "esp=blowfish128" in dotconf
(*6) dis-continued after 0.7.3


_Algorithm sources taken from_:
OpenSSL      : sha1, md5, ripemd, blowfish, cast
Brian Gladman: aes
Crypto-API   : twofish, serpent
FreeSWAN     : 3des
Jari Ruusu   : aes (gnu asm), sha2
Nigel Metheringham: aes-opt (asm) at libaes.sourceforge.net
************************************************************************

Available under GPL at
Original sites:
	http://www.irrigacion.gov.ar/juanjo/ipsec/
	http://www.osep.mendoza.gov.ar/juanjo/ipsec/
Mirrors:
	(CA)    http://nyetwork.org/ipsec/aes/
	(UK)    ftp://zeniii.linux.org.uk/pub/linux/crypto/ipsec/
	(BR)	http://ipsecaes.fase.com.br/

$Id: README.ipsec_alg,v 1.1.2.22 2002/07/12 19:09:08 jjo Exp $