[Bug 201447] aes-gcm corrupted packet
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Jul 9 23:49:39 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201447
Bug ID: 201447
Summary: aes-gcm corrupted packet
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: freebsd-bugs at FreeBSD.org
Reporter: olivier at cochard.me
CC: gnn at FreeBSD.org
With a simple static ipsec setup, packet are corrupted (during encryption or
decryption):
[root at ENCryptor]~# cat /etc/setkey.conf
flush;
spdflush;
spdadd 1.0.0.0/8 3.0.0.0/8 any -P out ipsec esp/tunnel/2.2.2.2-2.2.2.3/require;
spdadd 3.0.0.0/8 1.0.0.0/8 any -P in ipsec esp/tunnel/2.2.2.3-2.2.2.2/require;
add 2.2.2.2 2.2.2.3 esp 0x1000 -E aes-gcm-16
0x3ffe05014819ffff3ffe05014819ffff;
add 2.2.2.3 2.2.2.2 esp 0x1001 -E aes-gcm-16
0x3ffe05014819ffff3ffe05014819ffff;
[root at DECryptor]~# cat /etc/setkey.conf
flush;
spdflush;
spdadd 1.0.0.0/8 3.0.0.0/8 any -P in ipsec esp/tunnel/2.2.2.2-2.2.2.3/require;
spdadd 3.0.0.0/8 1.0.0.0/8 any -P out ipsec esp/tunnel/2.2.2.3-2.2.2.2/require;
add 2.2.2.2 2.2.2.3 esp 0x1000 -E aes-gcm-16
0x3ffe05014819ffff3ffe05014819ffff;
add 2.2.2.3 2.2.2.2 esp 0x1001 -E aes-gcm-16
0x3ffe05014819ffff3ffe05014819ffff;
packet generated, but result on DECryptor side:
[root at DECryptor]~# netstat -ssp esp
esp:
3527445 packets dropped; bad encryption detected
3581287 packets in
1933894980 bytes in
ESP output histogram:
aes-gcm-16: 3581287
Pcap file available here:
http://dev.bsdrp.net/r285336-aes-gcm-16.pcap
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list