[Swan-dev] new test failures

Andrew Cagney andrew.cagney at gmail.com
Thu Feb 14 19:27:04 UTC 2019

I've pushed the following changes:

- only allow both <integ> and <prf> when impaired (this "feature" was
never announced in CHANGES)

- only show a proposals integrity when it, encryption, and PRF aren't consistent
  (and the only way to do that is with --impair)

And I've parked a change so things are pretty much always ordered
<encr>-<integ>-... vis:

algparse -v2 'ike=aes_gcm-sha1-dh14'
algparse -v2 'ike=aes_gcm-none-sha1-dh14'

(I suspect it should print AES_GCM-none-... to)

> > so what happens now with ike=aes-sha2-sha2-dh14 ?
> algparse -v2 'ike=aes-sha2-sha2-dh14'
>     AES_CBC-HMAC_SHA2_256-MODP2048
> i.e., it hides integrity HMAC_SHA2_256_128 because it was derived from the PRF.
> I'll change fmt_proposal() to do this more generally - provided all
> the integrity algorithms are 1:1 derived from a PRF then they are
> hidden.
> (I tried hacking things so <aead>-none-<prf>-... <aead>-<prf>- and
> <encr>-<integ>-... work but it gets messy)

More information about the Swan-dev mailing list