[strongSwan] length of TRANSFORM_ATTRIBUTE substructure list invalid
Martin Willi
martin at strongswan.org
Mon Dec 20 10:49:02 CET 2010
Hi Bijan,
> Could you please find the reason why it is not responding?
The transform attribute encoding of the AES_CBC transform looks
completely wrong. I'd expect a key-length attribute.
> parsing rule 0 ATTRIBUTE_FORMAT
> => 0
The AF flag is not set, indicating that the length-or-value field
contains the length of additionally appended data. The key-length
attribute would encode the value directly, hence sets this flag to 1.
> parsing rule 1 ATTRIBUTE_TYPE
> => 7424
> parsing rule 2 ATTRIBUTE_LENGTH_OR_VALUE
> => 128
The type is not key-length (14), and the only thing correct is probably
the value (but is actually interpreted as length).
You should discuss this issue with Juniper.
Regards
Martin
More information about the Users
mailing list