[Swan-dev] include -NONE- when logging AEAD proposals?
Andrew Cagney
andrew.cagney at gmail.com
Wed Sep 23 01:52:34 UTC 2020
On Tue, 22 Sep 2020 at 21:36, Paul Wouters <paul at nohats.ca> wrote:
> On Tue, 22 Sep 2020, Andrew Cagney wrote:
>
> > Now that the parser can accept <aead>-NONE- <prf>-<dh>, should "NONE" be
> included when logging those proposals? For instance:
> >
> > OLD:
> > algparse -v2 'ike=aes_gcm-sha1-dh21'
> > AES_GCM_16-HMAC_SHA1-DH21
> > algparse -v2 'ike=aes_gcm_16-none-hmac_sha1-dh21'
> > AES_GCM_16-HMAC_SHA1-DH21
> >
> > NEW:
> > algparse -v2 'ike=aes_gcm-sha1-dh21'
> > AES_GCM_16-NONE-HMAC_SHA1-DH21
> > algparse -v2 'ike=aes_gcm_16-none-hmac_sha1-dh21'
> > AES_GCM_16-NONE-HMAC_SHA1-DH21
> >
> > the main reason is to avoid any confusion over how integrity is being
> computed.
>
> I think that would be good, yes.
>
> > As a follow-up, what about non-AEAD algorithms; which get really
> unwieldy.
>
> I'm not sure what you mean?
>
algparse -v2 'ike=aes-sha2-dh31'
AES_CBC-HMAC_SHA2_256-DH31
vs the canonical:
algparse -v2 'ike=aes-sha2-dh31'
AES_CBC-HMAC_SHA2_256_128-HMAC_SHA2_256-DH31
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20200922/595db396/attachment.html>
More information about the Swan-dev
mailing list