Date: Wed, 03 Dec 2008 09:00:50 +0800 From: wang_jiabo <jiabwang@redhat.com> To: Christian Weisgerber <naddy@mips.inka.de> Cc: freebsd-net@freebsd.org Subject: Re: [ipsec] aes-ctr question Message-ID: <4935DA42.2010804@redhat.com> In-Reply-To: <gh44rc$11fc$1@lorvorc.mips.inka.de> References: <49349E26.30002@redhat.com> <gh44rc$11fc$1@lorvorc.mips.inka.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Christian Weisgerber wrote: > wang_jiabo <jiabwang@redhat.com> wrote: > > >> following is my setkey configration. I can get SAD and SPD. but when I >> run " ping6 -I rl0 3ffe:501:ffff:103:20a:ebff:fe85:9e56 " on FreeBSD >> FreeBSD report: kernel: esp_aesctr_decrypt aes-ctr:payload length must >> be multiple of 16 >> kernel: decrypt fail in IPv6 ESP input : >> > > (I cannot comment on this problem. Looks like a padding bug.) > > >> add 3ffe:501:ffff:103:20a:ebff:fe85:9e56 >> 3ffe:501:ffff:104:21d:fff:fe19:59fc esp 0x1000 -m tunnel -E aes-ctr >> "ipv6readylogoaes2to1" -A hmac-sha1 "ipv6readylogsha12to1"; >> > > Do not use AES-CTR with static keys! Re-use of keys with a stream > cipher will allow listeners to recover the plaintext. > (See section 7 of RFC 3686.) > > but when I use " ping6 -I rl0 -s 11(or 12,13,14) 3ffe:501:ffff:103:20a:ebff:fe85:9e56" it is no problem
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4935DA42.2010804>