[Swan-dev] include -NONE- when logging AEAD proposals?
Paul Wouters
paul at nohats.ca
Wed Sep 23 03:09:46 UTC 2020
On Tue, 22 Sep 2020, Andrew Cagney wrote:
> On Tue, 22 Sep 2020 at 21:36, Paul Wouters <paul at nohats.ca> wrote:
> On Tue, 22 Sep 2020, Andrew Cagney wrote:
>
> > Now that the parser can accept <aead>-NONE- <prf>-<dh>, should "NONE" be included when logging those proposals? For
> instance:
> >
> > OLD:
> > algparse -v2 'ike=aes_gcm-sha1-dh21'
> > AES_GCM_16-HMAC_SHA1-DH21
> > algparse -v2 'ike=aes_gcm_16-none-hmac_sha1-dh21'
> > AES_GCM_16-HMAC_SHA1-DH21
> >
> > NEW:
> > algparse -v2 'ike=aes_gcm-sha1-dh21'
> > AES_GCM_16-NONE-HMAC_SHA1-DH21
> > algparse -v2 'ike=aes_gcm_16-none-hmac_sha1-dh21'
> > AES_GCM_16-NONE-HMAC_SHA1-DH21
> >
> > the main reason is to avoid any confusion over how integrity is being computed.
>
> I think that would be good, yes.
>
> > As a follow-up, what about non-AEAD algorithms; which get really unwieldy.
>
> I'm not sure what you mean?
>
>
> algparse -v2 'ike=aes-sha2-dh31'
> AES_CBC-HMAC_SHA2_256-DH31
>
> vs the canonical:
>
> algparse -v2 'ike=aes-sha2-dh31'
> AES_CBC-HMAC_SHA2_256_128-HMAC_SHA2_256-DH31
Oh I see. do we repeat the PRF after INTEG because these are always the
same in the non-AEAD case. I think I'm fine not doing it, since we don't
support prf != integ unless AEAD. It would be more consistent to do it.
I have no strong opinion on what's better.
Paul
More information about the Swan-dev
mailing list