[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snap-users
Subject:    (KAME-snap 9505) Re: AES-CTR: alignment of padding
From:       Yukiyo Akisada <Yukiyo.Akisada () jp ! yokogawa ! com>
Date:       2007-03-09 8:51:49
Message-ID: 20070309175149.18074bc0.Yukiyo.Akisada () jp ! yokogawa ! com
[Download RAW message or body]

Hi, itojun.

No problem.
I can wait.

I hope you you'll get well soon.

Thanks,

On Fri,  9 Mar 2007 17:25:07 +0900 (JST)
itojun@itojun.org (Jun-ichiro itojun Hagino) wrote:

> > > I found a problem about AES-CTR in FreeBSD 6.1-RELEASE.
> > > And kame-20070301-freebsd54-snap.tgz also has the same problem.
> > > 
> > > esp_aesctr_encrypt() function in sys/netinet6/esp_aesctr.c says,
> > > 
> > >     352      if ((m->m_pkthdr.len - bodyoff) % blocklen) {
> > >     353          ipseclog((LOG_ERR, "esp_aesctr_encrypt %s: "
> > >     354              "payload length must be multiple of %lu\n",
> > >     355              algo->name, (unsigned long)algo->padbound));
> > >     356          m_freem(m);
> > >     357          return EINVAL;
> > >     358      }
> > > 
> > > And the actual message of dmesg is
> > > 
> > >     esp_aesctr_decrypt aes-ctr: payload length must be multiple of 16
> > > 
> > > Of course, block size of AES-CTR is 16 bytes,
> > > but alignment can be different from block size by RFC.
> 
> 	yes, it is a bug.  but to be honest it is not nice of AESCTR document
> 	to override ESP base document.
> 	at this moment i got my right hand injured so i cannot debug it.
> 	pls wait for 4 weeks or wait for someone else to come up with a patch.
> 
> itojun
> 


------------------------------------------------------------------------
Yukiyo Akisada <Yukiyo.Akisada@jp.yokogawa.com>
[prev in list] [next in list] [prev in thread] [next in thread]