[strongSwan-dev] PRF+ and wrapping
tobias at strongswan.org
Thu Oct 17 14:09:29 CEST 2019
> In 'src/libstrongswan/crypto/prf_plus.c:get_bytes()' if 'this->counter'
> wraps, the feature is disabled.
Yes, it just switches to the non-counter mode (IKEv1 variant).
> The RFC says " The prf+ function is not defined beyond 255 times the
> size of the prf function output." however when wrapping occurs, we can
> set 'this->counter' to 0x01 since the behavior is not defined anyway.
> What do you think ?
What exactly would the benefit be of that (compared to the current
To be honest, I'd actually prefer if get_bytes() just returned FALSE
once it wrapped.
More information about the Dev