[Click] Click Ipsec
Markku Savela
Markku.Savela at vtt.fi
Mon Jan 30 02:48:39 EST 2012
Even if based on Openssl, it appears to be some copy/paste error
then. In sha1_impl
#define SHA_CBLOCK 64
#define SHA_LBLOCK 16
#define SHA_BLOCK 16
The code I proposed to be fixed is feeding the HMAC pads into hash
algorithm. Obviously, the whole pad (SHA_CBLOCK == 64) should be
fed in, instead of only the first 16 bytes (SHA_BLOCK).
On 01/27/2012 05:32 PM, Dimitris Syrivelis wrote:
> Hi Markku,
>
> The code fragment you are referring to, is copied as is from Eric Young's
> Openssl library Implementation. In comments there is a notice about using this
> library and i confirm that this code fragment is from there. The last time i
> checked, IPsec flow was working on click ver 1.8. You have to set up a
> configuration that uses SA tables as depicted in the example
> simple_ipsec.click
> and documentation.
>
> Dimitris
>
>> Hi,
>>
>> Has anyone actually worked on those elements? I just tried the HMAC,
>> and couldn't get it to match my other implementation. On quick browse,
>> it looks like it's using wrong constant in few places (SHA_BLOCK where
>> SHA_CBLOCK should be?). Haven't really tried this yet -- will return
>> to issue next week...
>>
>>
>>
>> @@ -97,12 +97,12 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key,
>> int len)
>> for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
>> pad[i]=0x36^ctx->key[i];
>> SHA1_init(&ctx->i_ctx);
>> - SHA1_update(&ctx->i_ctx,pad,SHA_BLOCK);
>> + SHA1_update(&ctx->i_ctx,pad,SHA_CBLOCK);
>>
>> for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
>> pad[i]=0x5c^ctx->key[i];
>> SHA1_init(&ctx->o_ctx);
>> - SHA1_update(&ctx->o_ctx,pad,SHA_BLOCK);
>> + SHA1_update(&ctx->o_ctx,pad,SHA_CBLOCK);
>> }
>> memcpy((void *)&ctx->md_ctx,(void*)&ctx->i_ctx,sizeof(SHA1_ctx));
>> }
>>
>> _______________________________________________
>> click mailing list
>> click at amsterdam.lcs.mit.edu
>> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
>>
>
>
More information about the click
mailing list