From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 13 Aug 2015 16:54:34 +0000 (+0200)
Subject: ikev1: Assume a default key length of 128-bit for AES-CBC
X-Git-Tag: 5.3.3dr6~25
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=636b2e9b2ae29012b82901e6e5d85a159c359478;p=thirdparty%2Fstrongswan.git

ikev1: Assume a default key length of 128-bit for AES-CBC

Some implementations don't send a Key Length attribute for AES-128.
This was allowed for IKE in early drafts of RFC 3602, however, some
implementations also seem to do it for ESP, where it never was allowed.
And the final version of RFC 3602 demands a Key Length attribute for both
phases so they shouldn't do it anymore anyway.

Fixes #1064.
---

diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c
index 48dcfeb24d..65ce667c76 100644
--- a/src/libcharon/encoding/payloads/proposal_substructure.c
+++ b/src/libcharon/encoding/payloads/proposal_substructure.c
@@ -914,6 +914,11 @@ static void add_to_proposal_v1_ike(proposal_t *proposal,
 
 	if (encr != ENCR_UNDEFINED)
 	{
+		if (encr == ENCR_AES_CBC && !key_length)
+		{	/* some implementations don't send a Key Length attribute for
+			 * AES-128, early drafts of RFC 3602 allowed that */
+			key_length = 128;
+		}
 		proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, encr, key_length);
 	}
 }
@@ -962,6 +967,12 @@ static void add_to_proposal_v1(proposal_t *proposal,
 									transform->get_transform_id(transform));
 		if (encr)
 		{
+			if (encr == ENCR_AES_CBC && !key_length)
+			{	/* some implementations don't send a Key Length attribute for
+				 * AES-128, early drafts of RFC 3602 allowed that for IKE, some
+				 * also seem to do it for ESP */
+				key_length = 128;
+			}
 			proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, encr,
 									key_length);
 		}