[strongSwan-dev] PRF+ and wrapping
Jean-Francois HREN
jean-francois.hren at stormshield.eu
Thu Oct 17 15:01:20 CEST 2019
Thank you for the reply.
This behavior was asked to us by ANSSI (French Cybersecurity agency) so it might make some sense but I'm no expert on the subject.
However they also told us that wrapping should not happen so returning FALSE is surely good enough.
Thank you,
Jean-François
De: "Tobias Brunner" <tobias at strongswan.org>
À: "jean-francois hren" <jean-francois.hren at stormshield.eu>, "dev" <dev at lists.strongswan.org>
Envoyé: Jeudi 17 Octobre 2019 14:09:29
Objet: Re: [strongSwan-dev] PRF+ and wrapping
Hi Jean-Francois,
> In 'src/libstrongswan/crypto/prf_plus.c:get_bytes()' if 'this->counter'
> wraps, the feature is disabled.
Yes, it just switches to the non-counter mode (IKEv1 variant).
> The RFC says " The prf+ function is not defined beyond 255 times the
> size of the prf function output." however when wrapping occurs, we can
> set 'this->counter' to 0x01 since the behavior is not defined anyway.
> What do you think ?
What exactly would the benefit be of that (compared to the current
behavior)?
To be honest, I'd actually prefer if get_bytes() just returned FALSE
once it wrapped.
Regards,
Tobias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20191017/23fad7bc/attachment.html>
More information about the Dev
mailing list