Thank you for the reply. This behavior was asked to us by ANSSI (French Cybersecurity agency) so it might make some sense but I'm no expert on the subject. However they also told us that wrapping should not happen so returning FALSE is surely good enough.
Thank you, Jean-François De: "Tobias Brunner" <[email protected]> À: "jean-francois hren" <[email protected]>, "dev" <[email protected]> Envoyé: Jeudi 17 Octobre 2019 14:09:29 Objet: Re: [strongSwan-dev] PRF+ and wrapping Hi Jean-Francois, > In 'src/libstrongswan/crypto/prf_plus.c:get_bytes()' if 'this->counter' > wraps, the feature is disabled. Yes, it just switches to the non-counter mode (IKEv1 variant). > The RFC says " The prf+ function is not defined beyond 255 times the > size of the prf function output." however when wrapping occurs, we can > set 'this->counter' to 0x01 since the behavior is not defined anyway. > What do you think ? What exactly would the benefit be of that (compared to the current behavior)? To be honest, I'd actually prefer if get_bytes() just returned FALSE once it wrapped. Regards, Tobias
