The first -pre release of fwknop-2.5 is available for download:
There are still a few things that will be added to this release, and
they are being tracked in github here:
The big news for 2.5 is the addition of the following:
- HMAC support for both Rijndael and GPG encrypted SPA packets. The
implementation is done in the encrypt-then-authenticate model which
does not suffer from padding oracle attacks. This requires the usage
of a separate HMAC key, but is highly recommended for several reasons
including the execution of more simplistic code (relative to the
encryption algorithms themselves) for verification of SPA packet
authenticity before decryption on the server side.
- Test suite support for both Rijndael and HMAC comparisons against
OpenSSL. This allows fwknop to continue to have very lightweight
inclusion of code to implement Rijndael and HMAC, but leverage the
OpenSSL community as a verification that fwknop's usage conforms to
how OpenSSL does things.
- The fwknop project is now using Coverity for static analysis, and
several bugs have been fixed.
A note on backwards compatibility: if you are using Rijndael for SPA
encryption instead of GPG, then by default SPA packets created by
2.5-pre1 are not compatible with older versions of fwknop. This is due
to a change in how fwknop deals with Rijndael in CBC mode relating to
the generation of the initialization vector along with a change relative
to keys > 16 bytes. There is a "legacy" encryption mode that helps to
maintain backwards compatibility, but it isn't documented well yet. My
recommendation right now is that if you want to upgrade, then upgrade
both the server and all clients to 2.5-pre1. For the final 2.5 release
there will be comprehensive material on how to navigate backwards
Here is the complete ChangeLog so far:
As always, please let me know if there are any issues.