proposal: Don't specify key length for ChaCha20/Poly1305
This algorithm uses a fixed-length key and we MUST NOT send a key length
attribute when proposing such algorithms.
While we could accept transforms with key length this would only work as
responder, as original initiator it wouldn't because we won't know if a
peer requires the key length. And as exchange initiator (e.g. for
rekeyings), while being original responder, we'd have to go to great
lengths to store the condition and modify the sent proposal to patch in
the key length. This doesn't seem worth it for only a partial fix.
This means, however, that ChaCha20/Poly1305 can't be used with previous
releases (5.3.3 an newer) that don't contain this fix.
Fixes #2614.
Fixes: 3232c0e64e
("Merge branch 'chapoly'")
This commit is contained in:
parent
b2163409cc
commit
5a7b0be294
|
@ -65,6 +65,7 @@ int keymat_get_keylen_encr(encryption_algorithm_t alg)
|
|||
keylen_entry_t map[] = {
|
||||
{ENCR_DES, 64},
|
||||
{ENCR_3DES, 192},
|
||||
{ENCR_CHACHA20_POLY1305, 256},
|
||||
};
|
||||
int i;
|
||||
|
||||
|
|
|
@ -956,7 +956,7 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
|
|||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
|
||||
break;
|
||||
case ENCR_CHACHA20_POLY1305:
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 0);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
|
|
|
@ -78,7 +78,7 @@ aes256gcm128, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256
|
|||
aes128gmac, ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128
|
||||
aes192gmac, ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192
|
||||
aes256gmac, ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256
|
||||
chacha20poly1305, ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 256
|
||||
chacha20poly1305, ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 0
|
||||
blowfish, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128
|
||||
blowfish128, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128
|
||||
blowfish192, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192
|
||||
|
|
|
@ -281,6 +281,19 @@ START_TEST(test_unknown_transform_types_select_success)
|
|||
}
|
||||
END_TEST
|
||||
|
||||
START_TEST(test_chacha20_poly1305_key_length)
|
||||
{
|
||||
proposal_t *proposal;
|
||||
uint16_t alg, ks;
|
||||
|
||||
proposal = proposal_create_from_string(PROTO_IKE, "chacha20poly1305-prfsha256-ecp256");
|
||||
proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &ks);
|
||||
ck_assert_int_eq(alg, ENCR_CHACHA20_POLY1305);
|
||||
ck_assert_int_eq(ks, 0);
|
||||
assert_proposal_eq(proposal, "IKE:CHACHA20_POLY1305/PRF_HMAC_SHA2_256/ECP_256");
|
||||
proposal->destroy(proposal);
|
||||
}
|
||||
END_TEST
|
||||
|
||||
|
||||
Suite *proposal_suite_create()
|
||||
|
@ -313,5 +326,9 @@ Suite *proposal_suite_create()
|
|||
tcase_add_test(tc, test_unknown_transform_types_select_success);
|
||||
suite_add_tcase(s, tc);
|
||||
|
||||
tc = tcase_create("chacha20/poly1305");
|
||||
tcase_add_test(tc, test_chacha20_poly1305_key_length);
|
||||
suite_add_tcase(s, tc);
|
||||
|
||||
return s;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue