[Bug 263379] [regression] [ipsec] compatibility broken between stable/12 and stable/13 opencrypto in AEAD mode

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 19 Apr 2022 04:36:22 UTC

--- Comment #9 from Eugene Grosbein <eugen@freebsd.org> ---
(In reply to John Baldwin from comment #8)

> Static keys are not good for AES-GCM or AES-CTR as the sequence number can rollover yes.

Maybe it's worth mentioning in the setkey(8), too.

> stable/13 should work fine with ETA combos such as AES-CBC with SHA1/256/512 HMACs.

But it does not for me.

> Note that the key for AES-CBC is shorter than for AES-CTR/GCM as it is "only" the actual AES key (so 16, 24, or 32 bytes) and doesn't include the extra 4 bytes for the implicit part of the IV.

I am aware of this.

> (And setkey just reports "EINVAL" for all manner of errors, so it's rather hard to figure out why setkey fails in my experience, so my best guess is you are reusing the GCM key but need to remove the last 4 bytes.)

First, I did modify the key to shorter it. Second, setkey utility has its own
syntax checks that include checks for the length and it does not even try to
sent ADD request to the kernel for wrong key length issuing a bit more readable
error with line number of /etc/ipsec.conf

> The kyua tests test AES-CBC (both 128 and 256 bit keys) with SHA1-HMAC and SHA2-256-HMAC.

Would you please point me to the corresponding kyua test?

You are receiving this mail because:
You are on the CC list for the bug.