Mailinglist Archive: opensuse-bugs (4247 mails)

< Previous Next >
[Bug 1019412] ip xfrm auth-trunc off by 32-bits
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Mon, 16 Jan 2017 22:14:47 +0000
  • Message-id: <bug-1019412-21960-kj0hO2PzU6@http.bugzilla.suse.com/>
http://bugzilla.suse.com/show_bug.cgi?id=1019412
http://bugzilla.suse.com/show_bug.cgi?id=1019412#c5

--- Comment #5 from Jason Mader <jmader2@xxxxxxx> ---
(In reply to Jan Engelhardt from comment #4)
I hope I got this right.. you execute

... "hmac(sha256)" 0xsomevalue 128

but get back

... "hmac(sha256)" 0xsomevalue 96?

That might be a kernel issue. On 4.8.X (yes, it's not the default openSUSE),
I observe that 128 stays 128:

# ip x s a src ::2 dst ::3 proto ah spi 0xa auth-trunc "hmac(sha256)" 0 128
# ip x s
...
auth-trunc hmac(sha256) 0x30 128

(0 -> 0x30 because '0' has ASCII code 0x30)

No, it's more like I execute

... "hmac(sha256)" 0xsomevalue 128

get back

... "hmac(sha256)" 0xsomevalue 128

but then on the wire see 160 bits for the ICV. (And it happens to be that with
FreeBSD which is doing the correct ICV for hmac(256) the packet is rejected.)

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >