[Swan-dev] decryption could change selected state transition

Andrew Cagney andrew.cagney at gmail.com
Mon Feb 16 23:02:23 EET 2015

(fortunately several things combine to prevent it actually happening)

The ikev2 state machine uses the unencrypted payload to find the
correct state transition and then calls that transition's processor.

The processor, should the packet contain an SK payload, will then:

- decrypt the SK payload
- call ikev2_process_decrypted_payloads to decode the SK contents

Problem is, ikev2_process_decrypted_payloads does the following:

- unpacks the payload saving the result (good)

- starting with the previously selected transition, search the state
transition table for a transition that matches the payload contents;
if a match is found the message digest is updated

- if no transition matches, issue an error/fail for the last bad match

It's that middle bit that is wrong.  It is there so that the
transition search code can look deeper into a packet for the correct
match (for instance a INIT response with a COOKIE or INVALID_KE

Fortunately, none of the transitions involving an encrypted payload
have SMF2_CONTINUE_MATCH set so it won't happen.

confusing - to me the code iterating through the table should be kept
separate (which means splitting up the function)


More information about the Swan-dev mailing list