https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201447
Bug ID: 201447
Summary: aes-gcm corrupted packet
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
With a simple static ipsec setup, packet are corrupted (during encryption or
decryption):
[root@ENCryptor]~# cat /etc/setkey.conf
flush;
spdflush;
spdadd 1.0.0.0/8 3.0.0.0/8 any -P out ipsec esp/tunnel/2.2.2.2-2.2.2.3/require;
spdadd 3.0.0.0/8 1.0.0.0/8 any -P in ipsec esp/tunnel/2.2.2.3-2.2.2.2/require;
add 2.2.2.2 2.2.2.3 esp 0x1000 -E aes-gcm-16
0x3ffe05014819ffff3ffe05014819ffff;
add 2.2.2.3 2.2.2.2 esp 0x1001 -E aes-gcm-16
0x3ffe05014819ffff3ffe05014819ffff;
[root@DECryptor]~# cat /etc/setkey.conf
flush;
spdflush;
spdadd 1.0.0.0/8 3.0.0.0/8 any -P in ipsec esp/tunnel/2.2.2.2-2.2.2.3/require;
spdadd 3.0.0.0/8 1.0.0.0/8 any -P out ipsec esp/tunnel/2.2.2.3-2.2.2.2/require;
add 2.2.2.2 2.2.2.3 esp 0x1000 -E aes-gcm-16
0x3ffe05014819ffff3ffe05014819ffff;
add 2.2.2.3 2.2.2.2 esp 0x1001 -E aes-gcm-16
0x3ffe05014819ffff3ffe05014819ffff;
packet generated, but result on DECryptor side:
[root@DECryptor]~# netstat -ssp esp
esp:
3527445 packets dropped; bad encryption detected
3581287 packets in
1933894980 bytes in
ESP output histogram:
aes-gcm-16: 3581287
Pcap file available here:
http://dev.bsdrp.net/r285336-aes-gcm-16.pcap
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"
