[strongSwan] Default PRF algorithm selection

Emeric POUPON emeric.poupon at stormshield.eu
Thu Oct 30 17:03:36 CET 2014 

Hello,

Refering to the documentation of the "ike" token:

"The ability to configure a PRF algorithm different to that defined for integrity protection was added with 5.0.2.
If no PRF is configured, the algorithms defined for integrity are proposed as PRF. The prf keywords are the same as
the integrity algorithms, but have a prf prefix (such as prfsha1, prfsha256 or prfaesxcbc)."

The problem is there are some integrity algorithms that do not have PRF equivalent algorithms.

Therefore, I get this kind of failures on 5.2.0:

MD5_128:
Oct 30 15:55:28 16[CFG] <1> received proposals: IKE:AES_CBC_128/HMAC_MD5_128/MODP_1024, IKE:BLOWFISH_CBC_128/HMAC_SHA1_160/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_160/MODP_1024
Oct 30 15:55:28 16[CFG] <1> configured proposals: IKE:AES_CBC_128/HMAC_MD5_128/MODP_1024, IKE:BLOWFISH_CBC_128/HMAC_SHA1_160/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_160/MODP_1024
Oct 30 15:55:28 16[CFG] <1> selected proposal: IKE:AES_CBC_128/HMAC_MD5_128/MODP_1024
Oct 30 15:55:28 16[LIB] <1> size of DH secret exponent: 1023 bits
Oct 30 15:55:28 16[IKE] <1> no PSEUDO_RANDOM_FUNCTION selected
Oct 30 15:55:28 16[IKE] <1> key derivation failed
Oct 30 15:55:28 16[ENC] <1> added payload of type NOTIFY to message
Oct 30 15:55:28 16[ENC] <1> added payload of type NOTIFY to message
Oct 30 15:55:28 16[ENC] <1> generating IKE_SA_INIT response 0 [ N(NO_PROP) ]

SHA1_160:
Oct 30 15:53:11 05[CFG] <2> received proposals: IKE:AES_CBC_128/HMAC_SHA1_160/MODP_1024, IKE:BLOWFISH_CBC_128/HMAC_SHA1_160/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_160/MODP_1024
Oct 30 15:53:11 05[CFG] <2> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_160/MODP_1024, IKE:BLOWFISH_CBC_128/HMAC_SHA1_160/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_160/MODP_1024
Oct 30 15:53:11 05[CFG] <2> selected proposal: IKE:AES_CBC_128/HMAC_SHA1_160/MODP_1024
Oct 30 15:53:11 05[LIB] <2> size of DH secret exponent: 1023 bits
Oct 30 15:53:11 05[IKE] <2> no PSEUDO_RANDOM_FUNCTION selected
Oct 30 15:53:11 05[IKE] <2> key derivation failed
Oct 30 15:53:11 05[ENC] <2> added payload of type NOTIFY to message
Oct 30 15:53:11 05[ENC] <2> added payload of type NOTIFY to message
Oct 30 15:53:11 05[ENC] <2> generating IKE_SA_INIT response 0 [ N(NO_PROP) ]

If I switch to regular sha1 or md5 integrity algorithms, it is working just fine.
Same thing if I force the prf algorithm to prfmd5 or prfsha1.

Sounds like a regression: how was this supposed to work before the 5.0.2 version?

Best Regards,

Emeric

More information about the Users mailing list