tcpdump mailing list archives
Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5
From: Michael Richardson <mcr () sandelman ottawa on ca>
Date: Tue, 05 Oct 2004 16:44:35 -0400
-----BEGIN PGP SIGNED MESSAGE-----
"Michael" == Michael Mueller <m.mueller99 () kay-mueller de> writes:
Michael> Are you sure you tested 3des-cbc with hmac-md5 or with some
Michael> other authentication algorithm? I don't doubt that for some
Michael> other authentication algorithms where authlen is set
Michael> correctly your code works fine.
every night, 170 different test cases for Openswan.
please:
marajade-[~/src/tcpdump/tcpdump] mcr 1003 %cd tests
marajade-[src/tcpdump/tcpdump/tests] mcr 1005 %sh esp2.sh
test esp2...reading from file 08-sunrise-sunset-esp2.pcap, link-type EN10MB (Ethernet)
passed.
If this doesn't match what you are trying to do, then please provide
a new pcap file that does. I think you just missed the "96" at the end
of the algorithm name.
That may be a bug that we go ahead without it.
(96bits = 12 bytes)
Michael> For *-cbc algorithms the problem seems to be that
Michael> decryption starts at the end of the encrypted area and
Michael> works its way backwards to the start. If authlen is wrong
Michael> everything is decrypted into garbage. This is because the
Michael> encrypted blocks are chained and a block can only be
Michael> decrypted if the previous block (the one behind) was
Michael> decrypted sucessfully.
No, that's not correct at all.
Encryption and decryption proceed in the same direction.
The problem is that the last two bytes of the plaintext are special
in ESP. Last byte is the next-protocol (usually 4), and next to last
is the number of pad bytes.
- --
] "Elmo went to the wrong fundraiser" - The Simpson | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr () xelerance com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQWMHsoqHRg3pndX9AQF6CQQAvKniMYSmTvfVWA1b1bebeRXCU6l6eLBw
PLN+AyB3AfxrWkN7SE/XztJzIcMaPBucVo6gSkq4w5toqcTorGXTLgQffZjvOh1x
xhU90hgKabAw3x5v5C0OnpO6kt6S3JesOIcmO0bWxyWoZL73g/qfyPYYkQSFzCyB
ykzbr5zfRu4=
=NnsY
-----END PGP SIGNATURE-----
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Michael Mueller (Oct 05)
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Guy Harris (Oct 05)
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Michael Mueller (Oct 05)
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Michael Richardson (Oct 05)
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Michael Mueller (Oct 05)
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Michael Richardson (Oct 05)
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Michael Mueller (Oct 06)
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Guy Harris (Oct 05)