Re: linux-ipsec: problems, part 3

-----BEGIN PGP SIGNED MESSAGE----- To: Henry Spencer <henry@zoo.utoronto.ca> Subject: Re: linux-ipsec: problems, part 3 Cc: Linux IPsec <linux-ipsec@clinet.fi>
Date: 03/04/98, 22:01:39

In message <Pine.BSI.3.91.980304212518.10676A-100000@zoo.utoronto.ca>, Henry Sp encer writes:
>We were taken somewhat by surprise by leading zeros in a command argument
>causing octal conversion, although this probably qualifies as a defect
>in the documentation rather than in the code.

That's probably a result of strtoul() I'd imagine.

>The modern fashion in manual key setup is very much to use separate keys
>for ESP authentication and encryption. Our code's slice-and-dice
>approach, dividing up a single chunk of key bits, is not fundamentally
>*wrong*, but the lack of docs on just how the slicing is done makes it
>very difficult to figure out how to configure the thing to match somebody
>else's (i.e., some other implementor's) two-key setup.

Been a while since I was there (and then only shortly), but I think the s&d happens by using the first 24 bytes of the keying material as 3DES key and then the whole key is fed to the HMAC key generation. It's been a while, so I may be remembering an old version though.

>"no tdb for spi=___" wins the Cryptic Message Of The Day prize.

For incoming packets, this means someone's sending us packets with an SPI we haven't setup. For outgoing packets, it means we're trying to send packets using an SPI (SA) we haven't really setup. - -Angelos

-----BEGIN PGP SIGNATURE-----

Version: 2.6.3i
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

iQCVAwUBNP4Vk70pBjh2h1kFAQGrpwP/Xs+hgTWVWyhWQVHOwa0j2nlD6hQqunBs iFShbrR2QLTSBobb78WA9qk2/lbbDkBxHmx0O6ydYKnlKD0anyYpg4M6mqK2HZvn J5LSRLfuIhhAwo5vbDm111c8d4hnIbf2vy+JI4esPGY5nXiqNwuwfm0lE9Wg6Om5 cepWfjxSdRA=
=UzKh
-----END PGP SIGNATURE----- Received on Wed Mar 4 22:47:14 1998