Hi,
I tried decoding ESP packets using ipsec-secgw.
Security association was done using strongswan.
Some issues I noticed was that the security key (aes) was 192 bit (not 128 of
256)
Similarly the authentication key (hmac sha) was 384 instead of 128 or 256.
Is this sample app capable of decrypting and authenticating ESP packets with
such keys?
This is what SA looked like:
src 30.30.20.11 dst 30.30.30.10
proto esp spi 0xcaa695f2 reqid 1 mode tunnel
replay-window 32 flag af-unspec
auth-trunc hmac(sha384)
0x55a470aaa48e5100494ce02cdbea1856436b8f88b9daf1072469dc5ab5ae6056be4eaa574254b1667b418e977c92ea74
192
enc cbc(aes) 0x43ed51b8bf2ab8f3d9a7477e9c542dae7ab8fe2bf404a1ad
anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000
This is the configuration I pushed to file for decoding:
#SP IPv4 rules
#Decryption rule
sp ipv4 in esp protect 3399914994 pri 3 dst 10.220.42.0/24 sport 0:65535 dport
0:65535
sa in 3399914994 cipher_algo aes-256-cbc cipher_key
00:00:00:00:00:00:00:00:43:ED:51:B8:BF:2A:B8:F3:D9:A7:47:7E:9C:54:2D:AE:7A:B8:FE:2B:F4:04:A1:AD
\
auth_algo null \
mode ipv4-tunnel src 30.30.20.11 dst 30.30.30.10 \
port_id 1 \
type no-offload \
#Routing rules
rt ipv4 dst 10.220.42.0/24 port 0
#Neighbour rule syntax
neigh port 0 f2:e0:f6:21:e0:70
Regards,
Surajit
