Hi Jean-Francois, > In 'src/libstrongswan/crypto/prf_plus.c:get_bytes()' if 'this->counter' > wraps, the feature is disabled.
Yes, it just switches to the non-counter mode (IKEv1 variant). > The RFC says " The prf+ function is not defined beyond 255 times the > size of the prf function output." however when wrapping occurs, we can > set 'this->counter' to 0x01 since the behavior is not defined anyway. > What do you think ? What exactly would the benefit be of that (compared to the current behavior)? To be honest, I'd actually prefer if get_bytes() just returned FALSE once it wrapped. Regards, Tobias
