From 5cf82de69a6f55209555c1dcbe16f955a398ec41 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 9 May 2022 11:49:50 +0200 Subject: [PATCH] proposal: Demote AES-XCBC/CMAC PRFs in default proposal These are rarely used, so strictly propose HMAC-based PRFs first. References strongswan/strongswan#1026 References strongswan/strongswan#1044 --- src/libstrongswan/crypto/proposal/proposal.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/src/libstrongswan/crypto/proposal/proposal.c b/src/libstrongswan/crypto/proposal/proposal.c index 85db91f251..6375830130 100644 --- a/src/libstrongswan/crypto/proposal/proposal.c +++ b/src/libstrongswan/crypto/proposal/proposal.c @@ -1114,6 +1114,7 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) break; case AUTH_HMAC_MD5_96: /* no, thanks */ + break; default: break; } @@ -1130,6 +1131,20 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) case PRF_HMAC_SHA2_256: case PRF_HMAC_SHA2_384: case PRF_HMAC_SHA2_512: + add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0); + break; + default: + break; + } + } + enumerator->destroy(enumerator); + + /* Round 2 adds rarely used algorithms with at least 128 bit strength */ + enumerator = lib->crypto->create_prf_enumerator(lib->crypto); + while (enumerator->enumerate(enumerator, &prf, &plugin_name)) + { + switch (prf) + { case PRF_AES128_XCBC: case PRF_AES128_CMAC: add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0); @@ -1140,7 +1155,7 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) } enumerator->destroy(enumerator); - /* Round 2 adds algorithms with less than 128 bit security strength */ + /* Round 3 adds algorithms with less than 128 bit security strength */ enumerator = lib->crypto->create_prf_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &prf, &plugin_name)) { -- 2.47.2