Hi Michal,Sorry we missed on the information in detail.Please find the attached test topology used, packet dumps and the respective SA ann SPD information that was usedThe encrypted data that we got from sniffing the network did not match the encrypted results from eaytest utility( on linux).Surprizing results were that the first 8bytes of the encrypted data was matching in both the cases. but the subsequent data was not maching.Since the algorithm used here was 3DES which operates on the 8byte quadwords . so when open ssl encrypted the first quadwords using the 192bit key and 64 bit IV (check the encrypted packet for the IV that was generated by linux and we used it for SSL) the first quadword got encrypted correctly.For subsequent iterations the the previous quadword of the cypher text is used as IV. We presume that there is some difference in the two implmentation in which this cypher test is used as IV although therfc2405 The ESP DES-CBC Cipher Algorithm With Explicit IV.txt does not talk about any such varience in the implemnentationIt would be really great if you can help us solve this mysteryThanks and Regradsbill
Michal Ludvig <michal@logix.cz> wrote:On Mon, 4 Oct 2004, Bill Parera wrote:
> Output from the OpenSSL for the 3DES (CBC mode) encryption does not
> match the output of the Linux/ NetBSD implementations. What could be the
> reasons for the same.Any pointer >>>>
Different keys, different IVs, ...
Without further details we'd need a crystal ball to guess ;-)
Michal Ludvig
--
* A mouse is a device used to point at the xterm you want to type in.
* Personal homepage - http://www.logix.cz/michal
ALL-NEW Yahoo! Messenger - all new features - even more fun!
> ATTACHMENT part 2 application/msword name=TestTopology.doc
18:47:22.321998 00:d0:b7:3f:35:c1 > 00:e0:18:90:01:b7, ethertype IPv4 (0x0800), length 202: IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto 50, length: 188) 192.168.100.20 > 192.168.102.11: ESP(spi=0x00002694,seq=0x1)
0x0000: 4500 00bc 0000 4000 3f32 ef9f c0a8 6414 E.....@.?2....d.
0x0010: c0a8 660b 0000 2694 0000 0001 a5a6 55fb ..f...&.......U.
0x0020: 2a24 5e70 5984 152a ae09 ba66 ac66 c830 *$^pY..*...f.f.0
0x0030: cecf f4ce a101 da64 9b40 e000 a522 c0da .......d.@..."..
0x0040: 7bfb 17ab e4a4 ceb1 bf9a f049 bd7e e914 {..........I.~..
0x0050: 0fc0 1826 3d5a 65e6 5aff 81ce a0ff fe08 ...&=Ze.Z.......
0x0060: 3aba a036 b7eb 5411 6643 a248 7c65 01b7 :..6..T.fC.H|e..
0x0070: 1ed7 9a3f fe27 44fc 11d8 a9df abdc 717f ...?.'D.......q.
0x0080: 40ce 2ad1 b2ae ce0a 929b 4f8e afc3 98b9 @.*.......O.....
0x0090: 567c d0db e5f4 87ba da94 f985 be66 9ac0 V|...........f..
0x00a0: 89b0 76f3 c2b1 e158 b261 8001 b7df 8e85 ..v....X.a......
0x00b0: b1ab b6b0 6e44 86f7 6e82 0ecc ....nD..n...
18:47:22.322767 00:e0:18:90:01:b7 > 00:d0:b7:3f:35:c1, ethertype IPv4 (0x0800), length 202: IP (tos 0x0, ttl 62, id 20769, offset 0, flags [none], proto 50, length: 188) 192.168.102.11 > 192.168.100.20: ESP(spi=0x00002695,seq=0x1)
0x0000: 4500 00bc 5121 0000 3e32 df7e c0a8 660b E...Q!..>2.~..f.
0x0010: c0a8 6414 0000 2695 0000 0001 61c5 424c ..d...&.....a.BL
0x0020: a043 6e7e e4c1 202d 8363 f657 c098 3429 .Cn~...-.c.W..4)
0x0030: 6e6f cef1 9fd4 3231 4abe a953 e084 8875 no....21J..S...u
0x0040: 7a18 2b27 cf2a 2b5a 252e 4863 314b 243f z.+'.*+Z%.Hc1K$?
0x0050: 2ff7 6ceb 3a4e de34 f713 a681 3049 882f /.l.:N.4....0I./
0x0060: c641 613c 03a6 4d97 1378 ed7f 4607 292a .Aa<..M..x..F.)*
0x0070: e3ac f1fc e5d8 20c2 ae3c cb5f bb9c 58a9 .........<._..X.
0x0080: 492c 9ba0 7c63 90bf a9e0 c9ee f09d aa94 I,..|c..........
0x0090: 5977 3060 3bc2 47ae 723b d93a 83ec 6805 Yw0`;.G.r;.:..h.
0x00a0: 6f6a d60a 88a7 e5c8 c537 f487 088e 055f oj.......7....._
0x00b0: 2a2c 399e 582b 7975 5849 1c28 *,9.X+yuXI.(
18:47:22.321710 00:0b:db:70:16:39 > 00:50:bf:e4:50:a8, ethertype IPv4 (0x0800), length 162: IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 1, length: 148) 192.168.101.31 > 192.168.104.31: icmp 128: echo request seq 0
0x0000: 4500 0094 0000 4000 4001 ebd9 c0a8 651f E.....@.@.....e.
0x0010: c0a8 681f 0800 c323 aa18 0000 2479 5441 ..h....#....$yTA
0x0020: 30fb 0b00 0809 0a0b 0c0d 0e0f 1011 1213 0...............
0x0030: 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 .............!"#
0x0040: 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 $%&'()*+,-./0123
0x0050: 3435 3637 3839 3a3b 3c3d 3e3f 4041 4243 456789:;<=>?@ABC
0x0060: 4445 4647 4849 4a4b 4c4d 4e4f 5051 5253 DEFGHIJKLMNOPQRS
0x0070: 5455 5657 5859 5a5b 5c5d 5e5f 6061 6263 TUVWXYZ[\]^_`abc
0x0080: 6465 6667 6869 6a6b 6c6d 6e6f 7071 7273 defghijklmnopqrs
0x0090: 7475 7677 tuvw
18:47:22.323016 00:50:bf:e4:50:a8 > 00:0b:db:70:16:39, ethertype IPv4 (0x0800), length 162: IP (tos 0x0, ttl 62, id 25372, offset 0, flags [none], proto 1, length: 148) 192.168.104.31 > 192.168.101.31: icmp 128: echo reply seq 0
0x0000: 4500 0094 631c 0000 3e01 cabd c0a8 681f E...c...>.....h.
0x0010: c0a8 651f 0000 cb23 aa18 0000 2479 5441 ..e....#....$yTA
0x0020: 30fb 0b00 0809 0a0b 0c0d 0e0f 1011 1213 0...............
0x0030: 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 .............!"#
0x0040: 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 $%&'()*+,-./0123
0x0050: 3435 3637 3839 3a3b 3c3d 3e3f 4041 4243 456789:;<=>?@ABC
0x0060: 4445 4647 4849 4a4b 4c4d 4e4f 5051 5253 DEFGHIJKLMNOPQRS
0x0070: 5455 5657 5859 5a5b 5c5d 5e5f 6061 6263 TUVWXYZ[\]^_`abc
0x0080: 6465 6667 6869 6a6b 6c6d 6e6f 7071 7273 defghijklmnopqrs
0x0090: 7475 7677 tuvw
192.168.102.11 192.168.100.20
esp mode=tunnel spi=9879(0x00002697) reqid=1237(0x000004d5)
E: des-cbc 54414849 54455354
A: hmac-sha1 54414849 54455354 38394142 43444546 30313233
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Sep 24 15:43:56 2004 current: Sep 24 16:18:01 2004
diff: 2045(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=3 pid=13377 refcnt=0
192.168.102.11 192.168.100.20
esp mode=tunnel spi=9877(0x00002695) reqid=1235(0x000004d3)
E: 3des-cbc 54414849 54455354 38394142 43444546 4748494a 4b4c4d4e
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Sep 24 15:43:56 2004 current: Sep 24 16:18:01 2004
diff: 2045(s) hard: 0(s) soft: 0(s)
last: Sep 24 15:49:45 2004 hard: 0(s) soft: 0(s)
current: 2496(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 5 hard: 0 soft: 0
sadb_seq=2 pid=13377 refcnt=0
192.168.100.20 192.168.102.11
esp mode=tunnel spi=9878(0x00002696) reqid=1236(0x000004d4)
E: des-cbc 54414849 54455354
A: hmac-sha1 54414849 54455354 38394142 43444546 30313233
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Sep 24 15:43:56 2004 current: Sep 24 16:18:01 2004
diff: 2045(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=1 pid=13377 refcnt=0
192.168.100.20 192.168.102.11
esp mode=tunnel spi=9876(0x00002694) reqid=1234(0x000004d2)
E: 3des-cbc 54414849 54455354 38394142 43444546 4748494a 4b4c4d4e
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Sep 24 15:43:55 2004 current: Sep 24 16:18:01 2004
diff: 2046(s) hard: 0(s) soft: 0(s)
last: Sep 24 15:49:45 2004 hard: 0(s) soft: 0(s)
current: 2700(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 5 hard: 0 soft: 0
sadb_seq=0 pid=13377 refcnt=0
192.168.104.31[any] 192.168.101.0/24[any] any
in prio def ipsec
esp/tunnel/192.168.102.11-192.168.100.20/unique:1235
created: Sep 24 15:43:56 2004 lastused:
lifetime: 0(s) validtime: 0(s)
spid=5528 seq=3 pid=13378
refcnt=1
192.168.104.32[any] 192.168.101.0/24[any] any
in prio def ipsec
esp/tunnel/192.168.102.11-192.168.100.20/unique:1237
created: Sep 24 15:43:56 2004 lastused:
lifetime: 0(s) validtime: 0(s)
spid=5544 seq=2 pid=13378
refcnt=1
192.168.101.0/24[any] 192.168.104.31[any] any
out prio def ipsec
esp/tunnel/192.168.100.20-192.168.102.11/unique:1234
created: Sep 24 15:43:56 2004 lastused: Sep 24 15:55:08 2004
lifetime: 0(s) validtime: 0(s)
spid=5521 seq=1 pid=13378
refcnt=1
192.168.101.0/24[any] 192.168.104.32[any] any
out prio def ipsec
esp/tunnel/192.168.100.20-192.168.102.11/unique:1236
created: Sep 24 15:43:56 2004 lastused:
lifetime: 0(s) validtime: 0(s)
spid=5537 seq=0 pid=13378
refcnt=1