MIT is not the Author of this software and disclaims any liability relating to it.
This software is subject to U.S. Export Control regulations and is only available to U.S. Persons.
The implementation as released does not implement the complete ISAKMP protocol. Currently the delete and modify functions are not available, and not all exchange types are supported. We are working to complete the implementation, and making numerous improvements. Another release, including better documentation, will be made available the second week of April.
This package is export-controlled, and should be treated as such. In particular, the software cannot be released to non-US citizens, nor distributed to a non-us site. In a future release, we will unbundle the cryptographic software, and the ISAKMP engine and policy server will not be restricted by export control.
Also, all of the software in this package is provided under the following disclaimer:
/* * This software was written by the Office of Information Security Computer * Science Research of the US Department of Defense. * * DISCLAIMER OF LIABILITY: * * THIS SOFTWARE IS PROVIDED BY THE DEPARTMENT OF DEFENSE ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE DEPARTMENT OF DEFENSE BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */You may retrieve the software here.
The negotiation server provided in this release does not adhere to the one specified in the ISAKMP internet draft. It is an implementation of a more sophisticated Domain of Interpretation (DOI), including complex situations and proposals. The April release will include another negotiation server, implementing the DOI found in the ISAKMP appendix.
Finally, this software is a proof of concept, not a fully secure solution. In order to expedite the prototyping, certain liberties are taken, such as storing private keys in publically accessable files. These shortcomings will obviously be addressed before a secure solution is deployed.
Here is a description of the top-level directories: - include various include files common to all modules - isakmp the isakmp protocol engine - neg_server an instance of a DOI - the policy that drives isakmp, plus cryptographic support - libsadb code to interface the negotiation server and an IPSEC sadb - cryptoki an implementation of PKCS #11, used by our negotiation server - data various policy files, key files, and certificates - crypt_support legacy cryptographic support code. generally superceded by cryptoki, but I can't get rid of it just yet.
We are very interested in both bug reports, and suggestions for improving the package. We will try to respond as quickly as possible to all input (We will respond faster to patches :-)