tcpdump mailing list archives
Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5
From: Michael Mueller <m.mueller99 () kay-mueller de>
Date: Fri, 24 Sep 2004 14:39:48 +0200
Sorry, I forgot to append the patch.
Tcpdump -E doesn't work for 3des-cbc encryption with hmac-md5 authentication (tested with tcpdump-2004.09.22 on Linux 2.6). The reason is that in esp_print_decode_onesecret(), print-esp.c authlen is left 0 instead of setting it to 12 for *-cbc encryptions. The 12 byte authlen is required forhmac-md5 by rfc2403 hmac-sha1 by rfc2404and seems to have the same value for other authentication algorithms too. I don't think that authlen should depend on the encryption algorithm used. I append a patch that sets it to 12. I hope that this is good for all cases. Otherwise specifying authlen on the command line would be an alternative.Michael - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
*** print-esp.c.orig Thu Sep 23 17:28:12 2004
--- print-esp.c Fri Sep 24 13:57:35 2004
*************** static void esp_print_decode_onesecret(n
*** 223,229 ****
int len;
size_t i;
const EVP_CIPHER *evp;
- int authlen = 0;
/* skip any blank spaces */
while (isspace((unsigned char)*decode))
--- 223,228 ----
*************** static void esp_print_decode_onesecret(n
*** 242,248 ****
"-hmac96")) {
p = strstr(decode, "-hmac96");
*p = '\0';
- authlen = 12;
}
if (strlen(decode) > strlen("-cbc") &&
!strcmp(decode + strlen(decode) - strlen("-cbc"), "-cbc")) {
--- 241,246 ----
*************** static void esp_print_decode_onesecret(n
*** 259,265 ****
}
sa1.evp = evp;
! sa1.authlen = authlen;
sa1.ivlen = EVP_CIPHER_iv_length(evp);
colon++;
--- 257,263 ----
}
sa1.evp = evp;
! sa1.authlen = 12;
sa1.ivlen = EVP_CIPHER_iv_length(evp);
colon++;
- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- tcpdump -E doesn't work for 3des-cbc/hmac-md5 Michael Mueller (Sep 24)
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Michael Mueller (Sep 24)