tcpdump mailing list archives
Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5
From: Michael Mueller <m.mueller99 () kay-mueller de>
Date: Tue, 05 Oct 2004 17:06:16 +0200
Michael,Are you sure you tested 3des-cbc with hmac-md5 or with some other authentication algorithm? I don't doubt that for some other authentication algorithms where authlen is set correctly your code works fine.
For *-cbc algorithms the problem seems to be that decryption starts at the end of the encrypted area and works its way backwards to the start. If authlen is wrong everything is decrypted into garbage. This is because the encrypted blocks are chained and a block can only be decrypted if the previous block (the one behind) was decrypted sucessfully.
Michael Michael Richardson wrote:
-----BEGIN PGP SIGNED MESSAGE-----"Guy" == Guy Harris <guy () alum mit edu> writes:>> Are there any positive or negative reactions to this? Will >> somebody fix it? Guy> I'd check in the patch if somebody resolved the issue Guy> either by saying that 12 is the right authlen for all Guy> encryption algorithms, saying it's not and supplying a way Guy> (including a patch) to figure out what the right authlen is, or Guy> saying it's not, saying you can't determine it from the packet Guy> contents, and supplying a patch to add the authentication I was puzzled by the report, since I wrote the code and use the codein a zillion test cases, but willing to accept it that maybe I never cared if the end of the packet was correctly determined.Well, actually, you can't find the next-header value if you don't remove the authentication data. The test case tests/esp1.sh does:tcpdump -t -n -E "0x12345678@192.1.2.45 3des-cbc-hmac96:0x4043434545464649494a4a4c4c4f4f515152525454575758" -r 02-sunrise-sunset-esp.pcapI'm confused about the statement that the authlen isn't set. Perhaps it is really that the algorithm has not been set correct by th reporters. - -- ] "Elmo went to the wrong fundraiser" - The Simpson | firewalls [ ] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[ ] mcr () xelerance com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.2.2 (GNU/Linux) Comment: Finger me for keys iQCVAwUBQWKj/4qHRg3pndX9AQGlKQQAhBAE+iVPn0qA5xHN0TRirFK+GBAfFYFQ t1/Ilp9rTQBVgzg6NyKAmT9NZbgFrU7tqjcV4FSRr8l/MQjLJkmIQhTFOELPqMqZ Y9G5Qf7Kwaey9WKJ2dA0KTUx9BN2aP+2H2kv2tPF+pjHZA5qX3x+7VrR6hXX79Qa Gs1Od8uvE+4= =y0SG -----END PGP SIGNATURE----- - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Michael Mueller (Oct 05)
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Guy Harris (Oct 05)
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Michael Mueller (Oct 05)
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Michael Richardson (Oct 05)
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Michael Mueller (Oct 05)
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Michael Richardson (Oct 05)
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Michael Mueller (Oct 06)
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Guy Harris (Oct 05)