[Swan-dev] Does IKEv2's CAST-128 require a Key Length attribute

Andrew Cagney andrew.cagney at gmail.com
Fri Jul 27 19:35:59 UTC 2018

(yes, I know its about to get killed)

I've been checking our algorithms for when key-length is included and
cast came up, it currently includes a key length.  I suspect it is

First there's clause #1, even though the underlying algorithm requires
a fixed 128-bit key, this clause doesn't apply as rfc2451 specifies
that different key-lengths can be negotiated:

   o  The Key Length attribute MUST NOT be used with transforms that use
      a fixed-length key.  For example, this includes ENCR_DES,
      ENCR_IDEA, and all the Type 2 (Pseudorandom Function) and Type 3
      (Integrity Algorithm) transforms specified in this document.  It
      is recommended that future Type 2 or 3 transforms do not use this

Then there's clause #2, I argue that it doesn't apply 'just because I
think clause #3 is a better fit'':

   o  Some transforms specify that the Key Length attribute MUST be
      always included (omitting the attribute is not allowed, and
      proposals not containing it MUST be rejected).  For example, this
      includes ENCR_AES_CBC and ENCR_AES_CTR.

This leaves clause #3, since in rfc2451 it is described as
variable-length and is shown with a default key, I'm thinking this is
the one that applies:

   o  Some transforms allow variable-length keys, but also specify a
      default key length if the attribute is not included.  For example,
      these transforms include ENCR_RC5 and ENCR_BLOWFISH.


More information about the Swan-dev mailing list