Crypto and IPSec Merged into 2.5

Corbet writes "Linus has just merged the new crypto API and IPSec implementation into his 2.5 BitKeeper tree. This is the first time that serious cryptographic code has made an appearance in the mainline kernel, and it will hopefully lead to more secure communications for all Linux users in the future."

Re:Excellent - no more FreeSWAN patches

[LWolenczak]

somewhat, but from what I read bout a week and a half ago... the ipsec impmentation that they are putting in does not yet support ipv4 transport.... ie is useless unless you have hosts fully using ipv6 on both sides of the tunnel. Keep in mind, its not frees/wan, its from the linux ipv6 project.

With the atitude that the frees/wan project maintains, we will never see freeswan merged with mainstream kernel... hell... they still refuse to take patches from us citiziens and residents (that includes linus)

Re:exportation issues?

[JKR]

The requirements have been relaxed recently; see here for more details. In particular:

Also in 740.13, to, in part, take into account the "open source" approach to software development, unrestricted encryption source code not subject to an express agreement for the payment of a licensing fee or royalty for commercial production or sale of any product developed using the source code can, without review, be released from "EI" controls and exported and reexported under License Exception TSU.

Jon.

If I want IPSec stuff

[smnolde]

I'll stick with FreeBSD thanks. And then there's OpenBSD and NetBSD for fully implemented IPSec and IPv6.

FreeSWAN barely talks to anything but itself, yet I can get FreeBSD's IPSec to talk to Cisco routers and do other things. Other things that are well-documented too, and there are no physical tussles over the code and where it goes.

For FreeBSD, I add IPSEC, IPSEC_DEBUG, and IPSEC_ESP to the kernel, recompile and install the kernel, and I'm ready to go. Adding IPv6 support is equally simple.

Plus, most of the applications that I use (mail, irc, ssh, etc...) already use both tcp4 and tcp6 sockets.

You linux guys are still lagging (IMO) with IPSec.

Whatever.

Re:If I want IPSec stuff

[isa-kuruption]

I agree! The linux kernel is at least 2 years behind in any IPsec implementation compared to OpenBSD or even FreeBSD. What's going on here? Does that make sense? Usually it's the Linux folks that are ahead of the game, but not this time.

I guess the Linux folks wanted to make EXTRA SURE they didn't leave any BSD code in the kernel without a copyright before they added it to CVS.

Go ahead... troll me! I dare you!

Re:If I want IPSec stuff

This is complete FUD. Freeswan interoperates with almost all implementations.

See http://www.freeswan.org/freeswan_trees/freeswan-1. 97/doc/interop.html
and http://www.hsc.fr/ressources/ipsec/ipsec2001/#succ ess for details.

I have used both OpenBSD VPN and Freeswan many times. IMHO
OpenBSD completly sucks. Debugging is a pain in the neck.
Freeswan is both easier to configure and debug. Error messages
are informative. OpenBSD messages are not.

IMHO, you do not know what you are talking about. Maybe
you've never used FreeBSD also.

Re:If I want IPSec stuff

[velkro]

FreeS/WAN doesn't talk to anything but itself? Stop spreading bullshit around, unless you're a farmer.


Here is a massive document with 25-30 other products listed, with instructions, sample configs, and links to more information.

Looking for FreeSWAN? Try freeswan.ca

[caluml]

I only found this out recently, but the freeswan.org site lags behind the actual development of freeswan quite a lot. A nice friendly guy runs freeswan.ca, and keeps it chockablock with all the latest patches and stuff.

I've mirrored the downloads as they're so useful.

Re:Kernel bloat ?

[LordHunter317]

No, the whole kernel is about 32MB source. Binary is far smaller.

Don't compare a 43 MB binary download to a 32MB source download. That's apples to oranges.

Re:Too bad it's not Freeswan

Uh, calling FreeSWAN a "full" implementation is very misleading. Its IKE does not support Aggressive Mode which is pretty much a requirement for virtually every Hardware IPSEC VPN out there.

FreeSWAN may be good for crypto, but bad for actually getting your work done. Regardless, the new IPSec code gets the hard part integrated, an ipv4 implementation should be trivial.

Re:Kernel bloat ?

[GreyWolf3000]

If you roll your own, it is possible to get a working Linux system as small as you want, depending on the functionality. 5MB for a webserver--before compression!

Sources themselves are huge compared to the bins they create especially considering source trees for projects like the kernel and X, which have support for many architectures. Much of the source code doesn't even get into the binary in the end.

Re:Kernel bloat ?

[LordHunter317]

The bzip2 is 32MB. Get a real compression mechanism.

Unzipped only counts in terms of disc space. 160MB is small change for most machines. If its not, compile the kernel somewhere else and ship it over.
Still, it further proves my point, because that means we're goign from 160MB source to 10MB compiled code.

My whole point is people bitch about bloat when the kernel is anything but bloated. For all the stuff it contains (which is a lot), submitted by all those different people (which is a lot), its incredibly lean.

Re:Excellent - no more FreeSWAN patches

No, the ipsec in the kernel is actually IPv4 specific at the moment. It is NOT the USAGI IPv6 IPSEC code.

Re:bad idea..

[kasperd]

Yes. IIRC IPSec originated as a part of the IPv6 specification. Since then it has been backported to IPv4. This is a little unfortunate because that might actually slow down the transition from IPv4 to IPv6. Had IPv6 been a requirement to use IPSec, we might have seen IPv6 getting adopted a little faster.

Re:VPN w/Firewall

[velkro]

FreeS/WAN + NAT-Traversal patch manages this fine, by encapsulating the packets in UDP.

Re:Too bad it's not Freeswan

IPSec depends on authenticating both ends of the tunnel as opposed to most https connections. FreeSWAN's preferred method is to hardcode the static IP addresses of both endpoints in the configuration. The sad reality is that most workers have a dynamic address even on a broadband connection.

Aggressive Mode gets around this by collapsing two steps of the negotiation and transmitting a username in the clear. This is considered "insecure" by the FreeSwan team.

What's more "insecure"? Using AM or using a broken implementation of PPTP?

Re:Kernel bloat ?

[jim3e8]

If you want to see bloat, take a look at the commercial UNIXes.
For example, on a random HP 11.0 box here:

-rwxr-xr-x 1 root sys 18946872 May 9 08:43 /stand/vmunix

That is a 19 megabyte binary kernel. It would be interesting to see how big the source is...

Re:Kernel bloat ?

[rgmoore]

But the 32MB is for the compressed source, not for the binary. By the time you've compiled and compressed the binary image, it's typically down to about 5-700 KB, and I'd assume that if you have an embedded system with clearly defined minimal hardware you can probably get it a bit smaller than that. It's certainly not tiny, but the size of the end product (which is what really matters for the vast majority of people) is very reasonable.

Re:VPN w/Firewall

NAT-Traversal patch for FreeS/WAN is available at http://open-source.arkoon.net/

Re:Too bad it's not Freeswan

[hardaker]

You'll be glad to know that the Cerberus/PlutoPlus implementations done by NIST are going to be more widely available in the near future. Specifically, I've been working on extending them to support large-scale configuration management of it. I ported the cerberus (read: ipsec) support to the 2.4 kernel, and am wrapping up the final details at the moment. The good news about it is that it's not done in the hacky way that freeswan did stuff. I'll be creating a sourceforge project for it within the week (I have a deadline to do it by next week), so look for it shortly.

I actually tried to approach the FreeSWAN folk to considering instrumenting their code with our policy-role-based configuration management support infrastructure, but they said "no US no way" and I didn't really have a choice if I wanted my patches rolled back into the project. The Cerberus and PlutoPlus developers, on the other hand, have been much more polite and helpful.

Re:Excellent - no more FreeSWAN patches

The patches are not supplied by the ipv6 (USAGI) people.

The new IPSEC code is writen by Dave Miller and Alexey Kuznetsov.

Re:Kernel bloat ?

[cjpez]

I don't think trimming off architectures alone would save that much. The 2.4.19 tbz2 is about 25MB. I untarred it, stripped out all arches !i386, retarred, and the resulting tarball was still about 21MB. Not that big of a difference; you're still downloading 21 megs. What's the extra four, really?

pez@arrakis:~/tmp/kernel$ ls -l
total 46628
drwxr-sr-x 2 pez pez 4096 Oct 30 11:40 ./
drwxr-sr-x 10 pez pez 4096 Oct 30 11:29 ../
-rw-r--r-- 1 pez pez 21630684 Oct 30 11:35 linux-2.4.19-i386.tar.bz2
-rw-r--r-- 1 pez pez 26042494 Oct 30 11:40 linux-2.4.19.tar.bz2

Re:Kernel bloat ?

[rplacd]

It's most likely because adding IPSEC adds your build time. Also, few people use it.

A problem with KAME IPSEC (and, I think, pretty much every non-free/swan IPSEC implementation) is that they don't do opportunistic encryption. You need pre-arranged certs or shared keys. If it did have something like that, I bet more people would use IPSEC by default.

(Annoying problem if people do start doing that: tcpdump becomes pretty much useless as a diagnostics tool.)

There's more to cryptoAPI then IPsec/VPN

[jlcooke]

The cryptoAPI is the real kicker here folks.

Once cryptoAPI is in the kernel, /dev/random will no longer us its own crypto librtaries (SHA-1). IPSec will not use its own crypto (well, freeswan will because they feel there's value there).

CryptoAPI will also permit people to have encrypted filesystems, swap partitions, even BOOT partitions.

Present applications include: eliminate duplicated code, harmonize/facilitate crypto in the kernel, encrypted file systems, swap paritions, cdroms, etc., "turnkey" ipsec

Later applications include: load-time code-signing (that is all binaries and .so's can have their digital signature verified before execution), and other majic stuff.

JLC