[Swan-dev] pluto/netkey-algo-cast-01

D. Hugh Redelmeier hugh at mimosa.com
Wed Apr 2 07:31:55 EEST 2014

This gets an assertion failure for me.  Is this currently normal?

The problem is with
	passert(st->st_esp.keymat_len == key_len + ei->authkeylen);

I don't think my current changes are the source of the problem.

For what it's worth,
    st->st_esp.keymat_len == 36
    ei->authkeylen is 20
    key_len is optimized away :-(

the ei->transid is 6 which is ESP_CAST

==> odd fact: ESP cast is defined twice!
	linux/include/libreswan/ipsec_xform.h:74:#define ESP_CAST 6
	linux/include/libreswan/ipsec_policy.h:107:	ESP_CAST=6,
    Same is true for a lot of related symbols.
    This seems like a bad idea.

key_len starts out as
	st->st_esp.attrs.transattrs.enckeylen / BITS_PER_BYTE

This is 0.  I'd guess that this is wrong.  I don't know CAST, but if I
had to guess, it ought to be 16.  At least some other part of the code
thinks so (based on the assertion).

Note: I've only done enough analysis to convince myself that it
probably isn't due to the changes that I'm working on.
I'm willing to pick this up later, once my current dust has settled.

More information about the Swan-dev mailing list