git.ipfire.org Git - thirdparty/strongswan.git/commit

author	Tobias Brunner <tobias@strongswan.org>
	Wed, 4 Apr 2018 16:08:11 +0000 (18:08 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Thu, 12 Apr 2018 14:07:13 +0000 (16:07 +0200)
commit	5a7b0be2949bc7a1ff68c097fe1cac3fac70184e
tree	1c8f91f943a710e2ed5c85772ed65d76c00de044	tree \| snapshot
parent	b2163409ccfa0d3cf250ec920bb378a937801bf8	commit \| diff

proposal: Don't specify key length for ChaCha20/Poly1305

This algorithm uses a fixed-length key and we MUST NOT send a key length
attribute when proposing such algorithms.

While we could accept transforms with key length this would only work as
responder, as original initiator it wouldn't because we won't know if a
peer requires the key length. And as exchange initiator (e.g. for
rekeyings), while being original responder, we'd have to go to great
lengths to store the condition and modify the sent proposal to patch in
the key length. This doesn't seem worth it for only a partial fix.
This means, however, that ChaCha20/Poly1305 can't be used with previous
releases (5.3.3 an newer) that don't contain this fix.

Fixes #2614.

Fixes: 3232c0e64ed1 ("Merge branch 'chapoly'")

src/libcharon/sa/keymat.c		diff \| blob \| blame \| history
src/libstrongswan/crypto/proposal/proposal.c		diff \| blob \| blame \| history
src/libstrongswan/crypto/proposal/proposal_keywords_static.txt		diff \| blob \| blame \| history
src/libstrongswan/tests/suites/test_proposal.c		diff \| blob \| blame \| history