ikev1: Assume a default key length of 128-bit for AES-CBC
authorTobias Brunner <tobias@strongswan.org>
Thu, 13 Aug 2015 16:54:34 +0000 (18:54 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 17 Aug 2015 15:13:50 +0000 (17:13 +0200)
Some implementations don't send a Key Length attribute for AES-128.
This was allowed for IKE in early drafts of RFC 3602, however, some
implementations also seem to do it for ESP, where it never was allowed.
And the final version of RFC 3602 demands a Key Length attribute for both
phases so they shouldn't do it anymore anyway.

Fixes #1064.

src/libcharon/encoding/payloads/proposal_substructure.c

index 48dcfeb..65ce667 100644 (file)
@@ -914,6 +914,11 @@ static void add_to_proposal_v1_ike(proposal_t *proposal,
 
        if (encr != ENCR_UNDEFINED)
        {
+               if (encr == ENCR_AES_CBC && !key_length)
+               {       /* some implementations don't send a Key Length attribute for
+                        * AES-128, early drafts of RFC 3602 allowed that */
+                       key_length = 128;
+               }
                proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, encr, key_length);
        }
 }
@@ -962,6 +967,12 @@ static void add_to_proposal_v1(proposal_t *proposal,
                                                                        transform->get_transform_id(transform));
                if (encr)
                {
+                       if (encr == ENCR_AES_CBC && !key_length)
+                       {       /* some implementations don't send a Key Length attribute for
+                                * AES-128, early drafts of RFC 3602 allowed that for IKE, some
+                                * also seem to do it for ESP */
+                               key_length = 128;
+                       }
                        proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, encr,
                                                                        key_length);
                }