Skip to content

GSoC 2027: Code Project Ideas DRAFT

Andrew Cagney edited this page May 14, 2026 · 1 revision

Libreswan is an Internet Key Exchange (IKE) implementation that runs on Linux, FreeBSD, NetBSD and OpenBSD.

While the original IKE and IPsec protocols were drafted in 1998, the need to deal with an ever changing and increasingly hostile world, drives the continuous evolution of these standards. New features, such as hybrid post-quantum key exchange, are being added; while old features, such as support for weak cryptographic algorithms are been removed. For more background on Libreswan see the History Page.

The Project Ideas listed below have been selected by Libreswan's core developers with this evolution in mind. They provide both a technical challenge, and a way to participate in The Internet's development. The mentors also have a personal interest in seeing these projects through to completion.

If you see a project that looks interesting, or you just have questions, then see the Contributor Guidance for next steps.

It isn't a requirement at you pick one of the ideas below - we also welcome new ideas. For instance, additional draft RFCs that could form the basis of a project can be found here)!

Use all exchanged messages when computing the authentication MAC

Required Skills: C, UNIX programming

Preferred Skills: Network protocols, Cryptographic fundamentals, RFC interpretation

Libreswan Mentors: Andrew Cagney, Paul Wouters

Project size: 175 hours

Difficulty: Medium

Draft RFC: Downgrade Prevention for the Internet Key Exchange Protocol Version 2 (IKEv2)

Description

IKEv2, when authenticating a peer, computes the MAC (message authentication code) using only two of the four messages that have been exchanged during the IKE negotiation. This proposed RFC adds an extension so that an authenticated peer uses all four of the exchanged messages in the MAC calculation.

Please note that this is an internet standards draft. Someone implementing this might find issues with the draft protocol for which they would need to communicate with the author of the draft to resolve.

The deliverables are:

  • addition to Libreswan's configuration (ipsec.conf), including documentation (ipsec.conf.8)

  • modifications to negotiate the new mechanism

  • modifications to (conditionally) compute the new MAC

  • additions to the test-suite

The proposal should address each of these areas.

FAQ
HOWTO
GSoC 2027
GSoC 2026
Completed Projects

IRC

Hacking
Testing
KVM Test Framework
Internals
Security
Meetups

This Sidebar was generated using make.

Clone this wiki locally