[strongSwan] failure with ike using sha2

Fri Mar 27 16:12:04 CET 2015

Hi,
Thanks for the information.  How do I find out which plugin to try?

Bettina

-----Original Message-----
From: users-bounces at lists.strongswan.org [mailto:users-bounces at lists.strongswan.org] On Behalf Of Noel Kuntze
Sent: Friday, March 27, 2015 11:12 AM
To: users at lists.strongswan.org
Subject: Re: [strongSwan] failure with ike using sha2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,

That sounds like the plugin that provides those algorithms is broken.
You can try to work around that by making charon load another plugin, which provides the PRF algorithms for those signature algorithms, before the one you are using right now.

Mit freundlichen Grüßen/Regards,
Noel Kuntze

Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 27.03.2015 um 16:05 schrieb Ko, HsuenJu:
> Hi ,
> 
> I got error of “key derivation failed” when I configured ike using sha2.  I don’t have problem with md5 or sha1.  And I am using strongswan 5.1.1. Here is the corresponding log.  Can someone tell me what I did wrong or is this a bug?
> 
>  
> 
> Thanks!
> 
> Bettina
> 
>  
> 
>  
> 
> ike=aes128-sha256-modp2048!
> 
>  
> 
> Mar 27 10:15:41 11[IKE] SKEYSEED => 32 bytes @ 0x41c89760
> 
> Mar 27 10:15:41 11[IKE]    0: 40 06 D6 2C 40 06 D8 24 40 F5 00 20 41 C7 BB 20  @.., at ..$@.. A..
> 
> Mar 27 10:15:41 11[IKE]   16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
> 
> Mar 27 10:15:41 11[IKE] key derivation failed
> 
>  
> 
>  
> 
> ike=aes128-sha384-modp2048!
> 
>  
> 
> Mar 27 10:46:03 09[IKE] SKEYSEED => 48 bytes @ 0x41c8bf70
> 
> Mar 27 10:46:03 09[IKE]    0: 43 36 20 31 35 20 31 34 20 30 42 20 38 38 20 36  C6 15 14 0B 88 6
> 
> Mar 27 10:46:03 09[IKE]   16: 46 20 43 38 20 38 45 20 35 34 20 42 44 20 38 42  F C8 8E 54 BD 8B
> 
> Mar 27 10:46:03 09[IKE]   32: 20 31 46 20 32 38 20 36 44 20 33 41 20 20 2E 2E   1F 28 6D 3A  ..
> 
> Mar 27 10:46:03 09[IKE] key derivation failed
> 
>  
> 
> ike=aes128-sha512-modp2048!
> 
>  
> 
> Mar 27 10:48:17 09[IKE] SKEYSEED => 64 bytes @ 0x41c8bf70
> 
> Mar 27 10:48:17 09[IKE]    0: 31 45 20 38 33 20 31 33 20 38 39 20 31 36 20 34  1E 83 13 89 16 4
> 
> Mar 27 10:48:17 09[IKE]   16: 36 20 35 32 20 32 30 20 39 34 20 31 43 20 44 36  6 52 20 94 1C D6
> 
> Mar 27 10:48:17 09[IKE]   32: 20 38 39 20 37 38 20 42 43 20 39 41 20 20 69 2E   89 78 BC 9A  i.
> 
> Mar 27 10:48:17 09[IKE]   48: 2E 2E 2E 2E 46 52 20 2E 2E 2E 2E 78 2E 2E 0A 20  ....FR ....x...
> 
> Mar 27 10:48:17 09[IKE] key derivation failed
> 
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVFXMnAAoJEDg5KY9j7GZYNVsP/3cRYJuUPFrzdqD9a+ZkVrYZ
ObZd8GvKILYj71OEO3yRrUB8zTUqVmBVbmBJ+EMKrLJRfDLZlooFu31LQkp7H4pJ
xYT3K7bPBz5hFQD8x8gt13z61Xrt/QIALvul2heyvM/BdH817Dm03Fzfa9J+rXVa
K7d5ZlNJbLmMzBnN+KCXMsb46ntqrjf34wNokyQ5bFxfnStoFIG5KhrRojkybLN/
LG+mITUFNqOLIy+kMRavxejx4ylwvF4Ev6nlDVgJFD/lj0d+hlrZugpONaojuXYd
2FW8sQk2d2YznjJu61rwP4LearObFONsjzfaEwB6CQDZIgaRf2MhVHrOJxoXzdH1
qGEuNcbhFhXNeAYsZb9UnpHGHw/l7zumuQY+xXIbRlBaIY6RYTb4psq7RVuowSyx
YbT00ftK6kC3rACbnPg6eRBTQkuTH5Yr5xeSyBUbr6usJOMhSrJqkq2d6EVt7XFT
KVCX+GUazShrYG+R5lhKk2lcetKSISgQ2xKb3Fxi0OIrgzrp37h0U8578WEq/TGC
JtX3/zZpzV278UkhTEpZFsTBwW0+COh1BQUcYOchnhyV+dlDEuPCwQjuxvuJbA3V
hVlpc8x4qH9GIVCYeTim4csYP/ttZOwetCq0CALjBAHKxz78z4monbHgtFeSizgu
LBJgRXQrpq5HhxY/8+Cc
=BVxp
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users at lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users