On Fri, 28 Sep 2018 at 19:02, D. Hugh Redelmeier <[email protected]> wrote:
> Current oddity: the payload size is padded before fragmentation and
> after. I imagine that only after is correct.
Kind of. It does the following:
- the SK payload length without integrity and padding is saved
const unsigned int len = pbs_offset(&e_pbs_cipher);
- everything is closed which adds padding and space for integrity and
leaves the outermost REPLY_STREAM PBS containing the final packet size
- the final packet size is then used to decide if fragmentation is needed
if (should_fragment_ike_msg(cst, pbs_offset(&reply_stream), TRUE)) {
- when fragmenting, since LEN is used, the original SK padding is ignored
setchunk(payload, e_pbs_cipher.start, len);
so while padding the unencrypted packet may not be needed, it sure
makes the math of computing the message size easier. I'll likely
assimilate len and add some notes.
BTW, and when fragmenting, this payload gets lost:
if (IMPAIR(ADD_UNKNOWN_PAYLOAD_TO_AUTH)) {
if (!ship_v2UNKNOWN(&rbody, "AUTH request")) {
return STF_INTERNAL_ERROR;
}
}
The fragmentation code (reasonably) assumes that everything is inside
of the SK payload.
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
