[strongSwan] length of TRANSFORM_ATTRIBUTE substructure list invalid

Martin Willi martin at strongswan.org
Mon Dec 20 10:49:02 CET 2010

Hi Bijan,

> Could you please find the reason why it is not responding? 

The transform attribute encoding of the AES_CBC transform looks
completely wrong. I'd expect a key-length attribute.

>   parsing rule 0 ATTRIBUTE_FORMAT
>    => 0

The AF flag is not set, indicating that the length-or-value field
contains the length of additionally appended data. The key-length
attribute would encode the value directly, hence sets this flag to 1.

>   parsing rule 1 ATTRIBUTE_TYPE
>    => 7424
>   parsing rule 2 ATTRIBUTE_LENGTH_OR_VALUE
>    => 128

The type is not key-length (14), and the only thing correct is probably
the value (but is actually interpreted as length).

You should discuss this issue with Juniper.


More information about the Users mailing list