[Bug 201447] aes-gcm corrupted packet

Thu Jul 9 23:49:39 UTC 2015

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201447

            Bug ID: 201447
           Summary: aes-gcm corrupted packet
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: olivier at cochard.me
                CC: gnn at FreeBSD.org

With a simple static ipsec setup, packet are corrupted (during encryption or
decryption):

[root at ENCryptor]~# cat /etc/setkey.conf
flush;
spdflush;
spdadd 1.0.0.0/8 3.0.0.0/8 any -P out ipsec esp/tunnel/2.2.2.2-2.2.2.3/require;
spdadd 3.0.0.0/8 1.0.0.0/8 any -P in ipsec esp/tunnel/2.2.2.3-2.2.2.2/require;
add 2.2.2.2 2.2.2.3 esp 0x1000 -E aes-gcm-16
0x3ffe05014819ffff3ffe05014819ffff;
add 2.2.2.3 2.2.2.2 esp 0x1001 -E aes-gcm-16
0x3ffe05014819ffff3ffe05014819ffff;

[root at DECryptor]~# cat /etc/setkey.conf
flush;
spdflush;
spdadd 1.0.0.0/8 3.0.0.0/8 any -P in ipsec esp/tunnel/2.2.2.2-2.2.2.3/require;
spdadd 3.0.0.0/8 1.0.0.0/8 any -P out ipsec esp/tunnel/2.2.2.3-2.2.2.2/require;
add 2.2.2.2 2.2.2.3 esp 0x1000 -E aes-gcm-16
0x3ffe05014819ffff3ffe05014819ffff;
add 2.2.2.3 2.2.2.2 esp 0x1001 -E aes-gcm-16
0x3ffe05014819ffff3ffe05014819ffff;

packet generated, but result on DECryptor side:

[root at DECryptor]~# netstat -ssp esp
esp:
        3527445 packets dropped; bad encryption detected
        3581287 packets in
        1933894980 bytes in
        ESP output histogram:
                aes-gcm-16: 3581287

Pcap file available here:

http://dev.bsdrp.net/r285336-aes-gcm-16.pcap

-- 
You are receiving this mail because:
You are the assignee for the bug.