[Swan-dev] pluto: IKEv2: create functions for boilerplate for starting and ending SK/SKF payloads; Was: [Swan-commit] Changes to ref refs/heads/master

Andrew Cagney andrew.cagney at gmail.com
Thu Oct 4 18:44:24 UTC 2018

On Fri, 28 Sep 2018 at 19:02, D. Hugh Redelmeier <hugh at mimosa.com> wrote:

> Current oddity: the payload size is padded before fragmentation and
> after.  I imagine that only after is correct.

Kind of.  It does the following:

- the SK payload length without integrity and padding is saved
    const unsigned int len = pbs_offset(&e_pbs_cipher);

- everything is closed which adds padding and space for integrity and
leaves the outermost REPLY_STREAM PBS containing the final packet size

- the final packet size is then used to decide if fragmentation is needed
    if (should_fragment_ike_msg(cst, pbs_offset(&reply_stream), TRUE)) {

- when fragmenting, since LEN is used, the original SK padding is ignored
        setchunk(payload, e_pbs_cipher.start, len);

so while padding the unencrypted packet may not be needed, it sure
makes the math of computing the message size easier.  I'll likely
assimilate len and add some notes.

BTW, and when fragmenting, this payload gets lost:

        if (!ship_v2UNKNOWN(&rbody, "AUTH request")) {
            return STF_INTERNAL_ERROR;

The fragmentation code (reasonably) assumes that everything is inside
of the SK payload.

More information about the Swan-dev mailing list