First 12 bytes getting decrypted wrong in 3Des-CBC...
Using 24 bytes key and IV is 8 octet.
Whole ESP payload is decypted fine except first 12 bytes...
I am able to decrypt received packets on machine B send by M/c A and
comparing it with original packet prior to encryption on M/c A shows that first 12 bytes are not same..
Does first block in ESP payload need some special handling apart from rest of payload.
Any pointer for same will be helpful...
Details are as below.
I am trying to achieve Ipsec functionality using fast-path application
which will do encryption/decryption using some hardware(Cavium)
specific API.
This application will by-pass the IP layer of kernel..
Keys for start-up are pre-shared.
Communication is done between two machine A and B.
On Machine A running i386 linux, SA/SP database are updated using
setkey utility and packets is encrypted/decrypted using kernel Ipsec.
On Machine B Cavium h/w, keys are pre-shared to application performing
Ipsec functionlity...
Example:
M/c A configuration:
add 50.50.50.51 50.50.50.53 esp 15701 -E 3des-cbc "0123456789abcdef12345678";
spdadd 10.10.10.20 10.10.10.21 any -P out ipsec
esp/tunnel/50.50.50.51 50.50.50.53/require
Cheers
Mukesh
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
