-
Notifications
You must be signed in to change notification settings - Fork 264
GSoC 2027: Code Project Ideas DRAFT
Libreswan is an Internet Key Exchange (IKE) implementation that runs on Linux, FreeBSD, NetBSD and OpenBSD.
While the original IKE and IPsec protocols were drafted in 1998, the need to deal with an ever changing and increasingly hostile world, drives the continuous evolution of these standards. New features, such as hybrid post-quantum key exchange, are being added; while old features, such as support for weak cryptographic algorithms are been removed. For more background on Libreswan see the History Page.
The Project Ideas listed below have been selected by Libreswan's core developers with this evolution in mind. They provide both a technical challenge, and a way to participate in The Internet's development. The mentors also have a personal interest in seeing these projects through to completion.
If you see a project that looks interesting, or you just have questions, then see the Contributor Guidance for next steps.
It isn't a requirement at you pick one of the ideas below - we also welcome new ideas. For instance, additional draft RFCs that could form the basis of a project can be found here)!
Required Skills: C, UNIX programming
Preferred Skills: Network protocols, Cryptographic fundamentals, RFC interpretation
Libreswan Mentors: Andrew Cagney, Paul Wouters
Project size: 175 hours
Difficulty: Medium
Draft RFC: Downgrade Prevention for the Internet Key Exchange Protocol Version 2 (IKEv2)
IKEv2, when authenticating a peer, computes the MAC (message authentication code) using only two of the four messages that have been exchanged during the IKE negotiation. This proposed RFC adds an extension so that an authenticated peer uses all four of the exchanged messages in the MAC calculation.
Please note that this is an internet standards draft. Someone implementing this might find issues with the draft protocol for which they would need to communicate with the author of the draft to resolve.
The deliverables are:
-
addition to Libreswan's configuration (ipsec.conf), including documentation (ipsec.conf.8)
-
modifications to negotiate the new mechanism
-
modifications to (conditionally) compute the new MAC
-
additions to the test-suite
The proposal should address each of these areas.
Completed Projects
Hacking
Internals
Security
This Sidebar was generated using make.