ikev1: Assume a default key length of 128-bit for AES-CBC

Some implementations don't send a Key Length attribute for AES-128.
This was allowed for IKE in early drafts of RFC 3602, however, some
implementations also seem to do it for ESP, where it never was allowed.
And the final version of RFC 3602 demands a Key Length attribute for both
phases so they shouldn't do it anymore anyway.

Fixes #1064.

1 files changed, 11 insertions, 0 deletions

diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c
index 48dcfeb24..65ce667c7 100644
--- a/src/libcharon/encoding/payloads/proposal_substructure.c
+++ b/src/libcharon/encoding/payloads/proposal_substructure.c
@@ -914,6 +914,11 @@ static void add_to_proposal_v1_ike(proposal_t *proposal,
 
 	if (encr != ENCR_UNDEFINED)
 	{
+		if (encr == ENCR_AES_CBC && !key_length)
+		{	/* some implementations don't send a Key Length attribute for
+			 * AES-128, early drafts of RFC 3602 allowed that */
+			key_length = 128;
+		}
 		proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, encr, key_length);
 	}
 }
@@ -962,6 +967,12 @@ static void add_to_proposal_v1(proposal_t *proposal,
 									transform->get_transform_id(transform));
 		if (encr)
 		{
+			if (encr == ENCR_AES_CBC && !key_length)
+			{	/* some implementations don't send a Key Length attribute for
+				 * AES-128, early drafts of RFC 3602 allowed that for IKE, some
+				 * also seem to do it for ESP */
+				key_length = 128;
+			}
 			proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, encr,
 									key_length);
 		}