subject:"\[strongSwan\] Signature verification failed"

[strongSwan] Signature verification failed

2009-09-03 Thread vivek bairathi

Hi,

Thanks for your reply.

I am trying to establish SA between two machines of which one is QNX
machine and the other is Linux machine. I am able to transmit the
IKE_SA_INIT request and response messages from one machine to another
but when IKE_AUTH request is received by any of the machine it says
that the signature verification failed.

Here are the logs of IKE_AUTH request message sent from QNX machine to
linux machine:-

IKE_AUTH request message sent by QNX machine:-

(gdb) x/208b data.ptr

0x808c7c0:  0x670x410xc80xe90xb40x1f0x510x61

0x808c7c8:  0x8c0x410xa50x410x490xa00x5b0x21

0x808c7d0:  0x2e0x200x230x080x000x000x000x01

0x808c7d8:  0x000x000x000xdc0x230x000x000xc0

0x808c7e0:  0x9f0x800xd50x480x140x850x2a0xe0

0x808c7e8:  0x210x5b0x300x680xd30xf10xe60xff

0x808c7f0:  0xa40x410xfa0x030x530x6c0x9a0xe9

0x808c7f8:  0x550xce0x4b0x320x890x040x270xc3

0x808c800:  0x270x080x1d0xf50x880x2b0x600xd1

0x808c808:  0xc70x740xe60x4e0x130x470x060xf7

0x808c810:  0xdf0xfe0xb80x850xc10x300x650x91

0x808c818:  0x3e0xef0x120xce0xda0x070x7d0xd6

0x808c820:  0x1a0x9c0xfe0x280x840x420xa80x43

0x808c828:  0xd10x900x090xbe0x2d0xf30x610x8a

0x808c830:  0x3c0xf50xa70x450x450x390x010x1b

0x808c838:  0x800x110xd50x7b0xad0x5c0x090xef

0x808c840:  0xd10x070xab0x330x450xd80xeb0x9c

0x808c848:  0xe10xb30xc00xe80x830xb10x010x1f

0x808c850:  0x870xec0xe80x190xeb0xec0xa30xf1

0x808c858:  0x780x570xa70x1b0xfb0x0b0xba0x2b

0x808c860:  0xce0x0c0xb40x630xd60xc00x460xa8

0x808c868:  0x890x060xec0x160x8a0xf50x160x2c

0x808c870:  0xf40xeb0xb10xa00x640x070xc60x9b

0x808c878:  0x290x240x230xe80x350xcf0xca0x79

0x808c880:  0xd50x5a0x2f0x7e0x7d0x240x8d0x7b

0x808c888:  0x080x560x0f0xf80x590x990xe60xfc




signature sent from QNX machine to the linux machine in the IKE_AUTH message:-

(gdb) x/12b signature.ptr

0x808c890:  0xe70x530xd30x870x8b0x160xe20xda

0x808c898:  0x650x230xe30x45





Here's the log on the Linux machine of the IKE_AUTH request received
from QNX machine:-


Sep  3 00:00:21 ggn-pg-001 charon: 07[NET] received IPv4 packet = 252
bytes @ 0xb5553e04

Sep  3 00:00:21 ggn-pg-001 charon: 07[NET]0: 45 00 00 FC 0B 1C 00
00 40 11 B6 62 0A 76 D1 BA  e...@..b.v..

Sep  3 00:00:21 ggn-pg-001 charon: 07[NET]   16: 0A 76 D1 CC 11 94 11
94 00 E8 63 47 00 00 00 00  .vcG

Sep  3 00:00:21 ggn-pg-001 charon: 07[NET]   32: 67 41 C8 E9 B4 1F 51
61 8C 41 A5 41 49 A0 5B 21  gAQa.A.AI.[!

Sep  3 00:00:21 ggn-pg-001 charon: 07[NET]   48: 2E 20 23 08 00 00 00
01 00 00 00 DC 23 00 00 C0  . #.#...

Sep  3 00:00:21 ggn-pg-001 charon: 07[NET]   64: 9F 80 D5 48 14 85 2A
E0 21 5B 30 68 D3 F1 E6 FF  ...H..*.![0h

Sep  3 00:00:21 ggn-pg-001 charon: 07[NET]   80: A4 41 FA 03 53 6C 9A
E9 55 CE 4B 32 89 04 27 C3  .A..Sl..U.K2..'.

Sep  3 00:00:21 ggn-pg-001 charon: 07[NET]   96: 27 08 1D F5 88 2B 60
D1 C7 74 E6 4E 13 47 06 F7  '+`..t.N.G..

Sep  3 00:00:21 ggn-pg-001 charon: 07[NET]  112: DF FE B8 85 C1 30 65
91 3E EF 12 CE DA 07 7D D6  .0e..}.

Sep  3 00:00:21 ggn-pg-001 charon: 07[NET]  128: 1A 9C FE 28 84 42 A8
43 D1 90 09 BE 2D F3 61 8A  ...(.B.C-.a.

Sep  3 00:00:21 ggn-pg-001 charon: 07[NET]  144: 3C F5 A7 45 45 39 01
1B 80 11 D5 7B AD 5C 09 EF  ..EE9.{.\..

Sep  3 00:00:23 ggn-pg-001 charon: 07[NET]  160: D1 07 AB 33 45 D8 EB
9C E1 B3 C0 E8 83 B1 01 1F  ...3E...

Sep  3 00:00:23 ggn-pg-001 charon: 07[NET]  176: 87 EC E8 19 EB EC A3
F1 78 57 A7 1B FB 0B BA 2B  xW.+

Sep  3 00:00:23 ggn-pg-001 charon: 07[NET]  192: CE 0C B4 63 D6 C0 46
A8 89 06 EC 16 8A F5 16 2C  ...c..F,

Sep  3 00:00:23 ggn-pg-001 charon: 07[NET]  208: F4 EB B1 A0 64 07 C6
9B 29 24 23 E8 35 CF CA 79  d...)$#.5..y

Sep  3 00:00:23 ggn-pg-001 charon: 07[NET]  224: D5 5A 2F 7E 7D 24 8D
7B 08 56 0F F8 59 99 E6 FC  .Z/~}$.{.V..Y...

Sep  3 00:00:23 ggn-pg-001 charon: 07[NET]  240: E7 53 D3 87 8B 16 E2
DA 65 23 E3 45  .S..e#.E

Sep  3 00:00:23 ggn-pg-001 charon: 07[NET] received packet: from
10.118.209.186[4500] to 10.118.209.204[4500]

Sep  3 00:00:23 ggn-pg-001 charon: 07[NET] waiting for data on raw sockets

Sep  3

Re: [strongSwan] Signature verification failed

2009-09-03 Thread vivek bairathi

Hi,

I just got the solution of my problem. Its actually the problem of
endianness as the endianness is not getting set in the sha1_hasher.c
and also the code on qnx is compiled using armbe which is big endian.
So I just set the BIG_ENDIAN in the sha1_hasher.c and finally the
authentication is successful.

But now I am getting a new error, as soon as the CHILD_SA is created
the linux machine sends a delete request for the CHILD_SA to the qnx
machine. I don't know why this is happening. My ikeliftime, keylife
and rekeymargin are all in hours so how could this happen.

Can you tell me or give a possible condition because of which this is
happening and ofcourse if possible a solution also?

Thanks  Regards,
Vivek

On 9/3/09, vivek bairathi bairathi.vi...@gmail.com wrote:
 Hi,

 Thanks for your reply.

 I am trying to establish SA between two machines of which one is QNX
 machine and the other is Linux machine. I am able to transmit the
 IKE_SA_INIT request and response messages from one machine to another
 but when IKE_AUTH request is received by any of the machine it says
 that the signature verification failed.

 Here are the logs of IKE_AUTH request message sent from QNX machine to
 linux machine:-

 IKE_AUTH request message sent by QNX machine:-

 (gdb) x/208b data.ptr

 0x808c7c0:  0x670x410xc80xe90xb40x1f0x51
 0x61

 0x808c7c8:  0x8c0x410xa50x410x490xa00x5b
 0x21

 0x808c7d0:  0x2e0x200x230x080x000x000x00
 0x01

 0x808c7d8:  0x000x000x000xdc0x230x000x00
 0xc0

 0x808c7e0:  0x9f0x800xd50x480x140x850x2a
 0xe0

 0x808c7e8:  0x210x5b0x300x680xd30xf10xe6
 0xff

 0x808c7f0:  0xa40x410xfa0x030x530x6c0x9a
 0xe9

 0x808c7f8:  0x550xce0x4b0x320x890x040x27
 0xc3

 0x808c800:  0x270x080x1d0xf50x880x2b0x60
 0xd1

 0x808c808:  0xc70x740xe60x4e0x130x470x06
 0xf7

 0x808c810:  0xdf0xfe0xb80x850xc10x300x65
 0x91

 0x808c818:  0x3e0xef0x120xce0xda0x070x7d
 0xd6

 0x808c820:  0x1a0x9c0xfe0x280x840x420xa8
 0x43

 0x808c828:  0xd10x900x090xbe0x2d0xf30x61
 0x8a

 0x808c830:  0x3c0xf50xa70x450x450x390x01
 0x1b

 0x808c838:  0x800x110xd50x7b0xad0x5c0x09
 0xef

 0x808c840:  0xd10x070xab0x330x450xd80xeb
 0x9c

 0x808c848:  0xe10xb30xc00xe80x830xb10x01
 0x1f

 0x808c850:  0x870xec0xe80x190xeb0xec0xa3
 0xf1

 0x808c858:  0x780x570xa70x1b0xfb0x0b0xba
 0x2b

 0x808c860:  0xce0x0c0xb40x630xd60xc00x46
 0xa8

 0x808c868:  0x890x060xec0x160x8a0xf50x16
 0x2c

 0x808c870:  0xf40xeb0xb10xa00x640x070xc6
 0x9b

 0x808c878:  0x290x240x230xe80x350xcf0xca
 0x79

 0x808c880:  0xd50x5a0x2f0x7e0x7d0x240x8d
 0x7b

 0x808c888:  0x080x560x0f0xf80x590x990xe6
 0xfc




 signature sent from QNX machine to the linux machine in the IKE_AUTH
 message:-

 (gdb) x/12b signature.ptr

 0x808c890:  0xe70x530xd30x870x8b0x160xe2
 0xda

 0x808c898:  0x650x230xe30x45





 Here's the log on the Linux machine of the IKE_AUTH request received
 from QNX machine:-


 Sep  3 00:00:21 ggn-pg-001 charon: 07[NET] received IPv4 packet = 252
 bytes @ 0xb5553e04

 Sep  3 00:00:21 ggn-pg-001 charon: 07[NET]0: 45 00 00 FC 0B 1C 00
 00 40 11 B6 62 0A 76 D1 BA  e...@..b.v..

 Sep  3 00:00:21 ggn-pg-001 charon: 07[NET]   16: 0A 76 D1 CC 11 94 11
 94 00 E8 63 47 00 00 00 00  .vcG

 Sep  3 00:00:21 ggn-pg-001 charon: 07[NET]   32: 67 41 C8 E9 B4 1F 51
 61 8C 41 A5 41 49 A0 5B 21  gAQa.A.AI.[!

 Sep  3 00:00:21 ggn-pg-001 charon: 07[NET]   48: 2E 20 23 08 00 00 00
 01 00 00 00 DC 23 00 00 C0  . #.#...

 Sep  3 00:00:21 ggn-pg-001 charon: 07[NET]   64: 9F 80 D5 48 14 85 2A
 E0 21 5B 30 68 D3 F1 E6 FF  ...H..*.![0h

 Sep  3 00:00:21 ggn-pg-001 charon: 07[NET]   80: A4 41 FA 03 53 6C 9A
 E9 55 CE 4B 32 89 04 27 C3  .A..Sl..U.K2..'.

 Sep  3 00:00:21 ggn-pg-001 charon: 07[NET]   96: 27 08 1D F5 88 2B 60
 D1 C7 74 E6 4E 13 47 06 F7  '+`..t.N.G..

 Sep  3 00:00:21 ggn-pg-001 charon: 07[NET]  112: DF FE B8 85 C1 30 65
 91 3E EF 12 CE DA 07 7D D6  .0e..}.

 Sep  3 00:00:21 ggn-pg-001 charon: 07[NET]  128: 1A 9C FE 28 84 42 A8
 43 D1 90 09 BE 2D F3 61 8A  ...(.B.C-.a.

 Sep  3 00:00:21 ggn-pg-001 charon: 07[NET]  144: 3C F5 A7 45 45 39 01
 1B 80 11 D5 7B AD 5C 09 EF  ..EE9.{.\..

 Sep  3 00:00:23 ggn-pg-001 charon: 07[NET]  160: D1 07 AB 33 45 D8 EB
 9C E1 B3 C0 E8 83 B1 01 1F

Re: [strongSwan] Signature verification failed

2009-09-03 Thread Andreas Steffen

Hi Vivek,

could you send a log file generated with the options

charondebug=chd 2, knl2

on the linux machine so the reason for the delete becomes
apparent.

Regards

Andreas

vivek bairathi wrote:
 Hi,
 
 I just got the solution of my problem. Its actually the problem of
 endianness as the endianness is not getting set in the sha1_hasher.c
 and also the code on qnx is compiled using armbe which is big endian.
 So I just set the BIG_ENDIAN in the sha1_hasher.c and finally the
 authentication is successful.
 
 But now I am getting a new error, as soon as the CHILD_SA is created
 the linux machine sends a delete request for the CHILD_SA to the qnx
 machine. I don't know why this is happening. My ikeliftime, keylife
 and rekeymargin are all in hours so how could this happen.
 
 Can you tell me or give a possible condition because of which this is
 happening and ofcourse if possible a solution also?
 
 Thanks  Regards,
 Vivek

==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org

Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

[strongSwan] Signature verification failed

Re: [strongSwan] Signature verification failed

Re: [strongSwan] Signature verification failed

3 matches

Site Navigation

Mail list logo

Footer information