[strongSwan-dev] PRF+ and wrapping

Tobias Brunner tobias at strongswan.org
Thu Oct 17 14:09:29 CEST 2019

Hi Jean-Francois,

> In 'src/libstrongswan/crypto/prf_plus.c:get_bytes()' if 'this->counter'
> wraps, the feature is disabled.

Yes, it just switches to the non-counter mode (IKEv1 variant).

> The RFC says " The prf+ function is not defined beyond 255 times the
> size of the prf function output." however when wrapping occurs, we can
> set 'this->counter' to 0x01 since the behavior is not defined anyway.
> What do you think ?

What exactly would the benefit be of that (compared to the current

To be honest, I'd actually prefer if get_bytes() just returned FALSE
once it wrapped.


More information about the Dev mailing list