[Swan-dev] Does IKEv2's CAST-128 require a Key Length attribute

[Paul Wouters]

Yes send it to ensure the other end knows the only key size we are willing to do.

If we didn’t already sent it, maybe add an option to assume our default key size ?

Sent from my phone

> On Jul 27, 2018, at 12:35, Andrew Cagney <andrew.cagney at gmail.com> wrote:
> 
> (yes, I know its about to get killed)
> 
> I've been checking our algorithms for when key-length is included and
> cast came up, it currently includes a key length.  I suspect it is
> optional.
> 
> First there's clause #1, even though the underlying algorithm requires
> a fixed 128-bit key, this clause doesn't apply as rfc2451 specifies
> that different key-lengths can be negotiated:
> 
>   o  The Key Length attribute MUST NOT be used with transforms that use
>      a fixed-length key.  For example, this includes ENCR_DES,
>      ENCR_IDEA, and all the Type 2 (Pseudorandom Function) and Type 3
>      (Integrity Algorithm) transforms specified in this document.  It
>      is recommended that future Type 2 or 3 transforms do not use this
>      attribute.
> 
> Then there's clause #2, I argue that it doesn't apply 'just because I
> think clause #3 is a better fit'':
> 
>   o  Some transforms specify that the Key Length attribute MUST be
>      always included (omitting the attribute is not allowed, and
>      proposals not containing it MUST be rejected).  For example, this
>      includes ENCR_AES_CBC and ENCR_AES_CTR.
> 
> This leaves clause #3, since in rfc2451 it is described as
> variable-length and is shown with a default key, I'm thinking this is
> the one that applies:
> 
>   o  Some transforms allow variable-length keys, but also specify a
>      default key length if the attribute is not included.  For example,
>      these transforms include ENCR_RC5 and ENCR_BLOWFISH.
> 
> SNAFU
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev