[strongSwan-dev] PRF+ and wrapping

Tobias Brunner tobias at strongswan.org
Mon Oct 21 12:37:27 CEST 2019


Hi Jean-Fran├žois,

> This behavior was asked to us by ANSSI (French Cybersecurity agency) so
> it might make some sense but I'm no expert on the subject.
> However they also told us that wrapping should not happen so returning
> FALSE is surely good enough.

OK, I've pushed a change that lets the methods fail after the counter
wrapped to the prf-plus-wrap branch [1].

Regards,
Tobias

[1]
https://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/prf-plus-wrap


More information about the Dev mailing list