[Swan-dev] new test failures

Paul Wouters paul at nohats.ca
Wed Feb 13 19:46:37 UTC 2019

On Wed, 13 Feb 2019, Andrew Cagney wrote:

> So looking at the parser, officially, for IKE, it expected:
>  encr-prf-dh
> but, unofficially, it could also parse (I don't think this was documented?):
>  encr-prf-integ-dh
> if we reverse things vis:
>  encr-integ-[prf]-dh
> then proposals like:
>   aes-sha1
> all still work fine - prf can be painfully derived from integ, but:
>   aes_gcm-sha1
> would break; force aes_gcm-none-sha1, or require some heuristic to
> figure out <integ> should be skipped.

Sure, so I guess encr-prf[-integ]-dh it is. I mean prf should be integ
in all non-aead cases anyway. At least, we used to only support those
and I wouldn't mind to keep it that way. I dont think we ever tested
prf != integ on non-AEAD. So be careful allowing that now without a
bunch of a new tests.

so what happens now with ike=aes-sha2-sha2-dh14 ?


More information about the Swan-dev mailing list