[Swan-dev] should CHACHA20_POLY1305 include the redundant 256-bit key length?
Andrew Cagney
andrew.cagney at gmail.com
Thu Jul 26 23:50:26 UTC 2018
Here's a failing interop:
Jul 26 12:49:49 08[CFG] received proposals: ESP:CHACHA20_POLY1305/NO_EXT_SEQ
Jul 26 12:49:49 08[CFG] configured proposals:
ESP:NULL/HMAC_MD5_96/NO_EXT_SEQ, ESP:NULL/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:NULL_AES_GMAC_128/NO_EXT_SEQ,
ESP:CHACHA20_POLY1305_256/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192
/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
Jul 26 12:49:49 08[IKE] no acceptable proposal found
and here's one that worked:
Jul 26 19:46:40 13[CFG] received proposals: ESP:CHACHA20_POLY1305_256/NO_EXT_SEQ
Jul 26 19:46:40 13[CFG] configured proposals:
ESP:NULL/HMAC_MD5_96/NO_EXT_SEQ, ESP:NULL/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:NULL_AES_GMAC_128/NO_EXT_SEQ,
ESP:CHACHA20_POLY1305_256/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192
/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
Jul 26 19:46:40 13[CFG] selected proposal: ESP:CHACHA20_POLY1305_256/NO_EXT_SEQ
On Thu, 26 Jul 2018 at 14:32, Andrew Cagney <andrew.cagney at gmail.com> wrote:
>
> https://www.rfc-editor.org/errata/eid5441
>
> As you can tell from the errata, I don't think the key length should
> be sent. Unfortunately, strongswan requires it.
>
> Andrew
More information about the Swan-dev
mailing list