[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Fwd: Processing of ESP packet
>X-Originating-IP: [67.118.241.65]
>From: "bepsy paul" <bepsyp@hotmail.com>
>Subject: Processing of ESP packet
>Date: Fri, 13 Dec 2002 11:29:16 -0800
>X-OriginalArrivalTime: 13 Dec 2002 19:29:16.0652 (UTC)
>FILETIME=[ECF18AC0:01C2A2DD]
>X-Spam-Status: NO
>X-Scanned-By: MIMEDefang 2.19 (www . roaringpenguin . com / mimedefang)
>Status:
>
>
>
> I am Bepsy and doing IPsec development in a small company. I got
>your mail id from ipsec@lists.tislabs.com mailing list. I am not
>able to join this group. That's why I am writing to you.
>
> I have a simple doubt in the inbound ESP/AH packet processing. I
>have negotiated the IKE SA and IPSec SA. My IPSec SA looks like
>this.
>
>SPI=0xd930f1db 0.0.0.0/32>10.1.0.171/32 ESP
>AUTHKEY=0x9a4bdd1830b7bb24783353cdacd4f45c872e496,160bits
>AUTH HMAC-SHA1 REPLAY 32
>ENCRYPTKEY=0xf09aa0fe1aa253d7e630e8bacf19e096cbc0452a1e5f3c6,192bits
>ENCRYPT 3DES-CBC
>IV=0xa98dcb69b26cb19,64
>LIFE_ADD_TIME_HARD 120
>
> When I get the inbound ESP packet, first I have to do the digest
>verification,right? For that, do I have to use the AUTHKEY in the
>SA? I am using openssl-crypto for my cryptographic operations. Do
>you know how I can pass this AUTHKEY to EVP_DigestUpdate() function?
>If yes, please reply to me. Do you have a sample inbound packet
>processing code? If yes, would you mind sending to me?
>
> If you could, please forward this question to the mailing list so
>that I may get suggestions from others also.
>
>Thanking you in advance,
>
>Best Regards,
>Bepsy
>
>
>
>
>
>_________________________________________________________________
>Help STOP SPAM with the new MSN 8 and get 2 months FREE*
>http://join.msn.com/?page=features/junkmail