tcpdump mailing list archives
Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5
From: Michael Mueller <m.mueller99 () kay-mueller de>
Date: Fri, 24 Sep 2004 14:39:48 +0200
Sorry, I forgot to append the patch.
Tcpdump -E doesn't work for 3des-cbc encryption with hmac-md5 authentication (tested with tcpdump-2004.09.22 on Linux 2.6). The reason is that in esp_print_decode_onesecret(), print-esp.c authlen is left 0 instead of setting it to 12 for *-cbc encryptions. The 12 byte authlen is required forhmac-md5 by rfc2403 hmac-sha1 by rfc2404and seems to have the same value for other authentication algorithms too. I don't think that authlen should depend on the encryption algorithm used. I append a patch that sets it to 12. I hope that this is good for all cases. Otherwise specifying authlen on the command line would be an alternative.Michael - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
*** print-esp.c.orig Thu Sep 23 17:28:12 2004 --- print-esp.c Fri Sep 24 13:57:35 2004 *************** static void esp_print_decode_onesecret(n *** 223,229 **** int len; size_t i; const EVP_CIPHER *evp; - int authlen = 0; /* skip any blank spaces */ while (isspace((unsigned char)*decode)) --- 223,228 ---- *************** static void esp_print_decode_onesecret(n *** 242,248 **** "-hmac96")) { p = strstr(decode, "-hmac96"); *p = '\0'; - authlen = 12; } if (strlen(decode) > strlen("-cbc") && !strcmp(decode + strlen(decode) - strlen("-cbc"), "-cbc")) { --- 241,246 ---- *************** static void esp_print_decode_onesecret(n *** 259,265 **** } sa1.evp = evp; ! sa1.authlen = authlen; sa1.ivlen = EVP_CIPHER_iv_length(evp); colon++; --- 257,263 ---- } sa1.evp = evp; ! sa1.authlen = 12; sa1.ivlen = EVP_CIPHER_iv_length(evp); colon++;
- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- tcpdump -E doesn't work for 3des-cbc/hmac-md5 Michael Mueller (Sep 24)
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Michael Mueller (Sep 24)