[strongSwan] failure with ike using sha2

Andreas Steffen andreas.steffen at strongswan.org
Fri Mar 27 22:00:46 CET 2015


Hi Bettina,

are you sure that you loaded the sha2 plugin because the HMAC-SHA2
algorithms for the prf_plus seem to fail. ipsec statusall should list
the sha2 plugin.

Regards

Andreas

On 03/27/2015 04:05 PM, Ko, HsuenJu wrote:
> Hi ,
> 
> I got error of “key derivation failed” when I configured ike using sha2.
>  I don’t have problem with md5 or sha1.  And I am using strongswan
> 5.1.1. Here is the corresponding log.  Can someone tell me what I did
> wrong or is this a bug?
> 
>  
> 
> Thanks!
> 
> Bettina
> 
>  
> 
>  
> 
> ike=aes128-sha256-modp2048!
> 
>  
> 
> Mar 27 10:15:41 11[IKE] SKEYSEED => 32 bytes @ 0x41c89760
> 
> Mar 27 10:15:41 11[IKE]    0: 40 06 D6 2C 40 06 D8 24 40 F5 00 20 41 C7
> BB 20  @.., at ..$@.. A..
> 
> Mar 27 10:15:41 11[IKE]   16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 00 00  ................
> 
> Mar 27 10:15:41 11[IKE] key derivation failed
> 
>  
> 
>  
> 
> ike=aes128-sha384-modp2048!
> 
>  
> 
> Mar 27 10:46:03 09[IKE] SKEYSEED => 48 bytes @ 0x41c8bf70
> 
> Mar 27 10:46:03 09[IKE]    0: 43 36 20 31 35 20 31 34 20 30 42 20 38 38
> 20 36  C6 15 14 0B 88 6
> 
> Mar 27 10:46:03 09[IKE]   16: 46 20 43 38 20 38 45 20 35 34 20 42 44 20
> 38 42  F C8 8E 54 BD 8B
> 
> Mar 27 10:46:03 09[IKE]   32: 20 31 46 20 32 38 20 36 44 20 33 41 20 20
> 2E 2E   1F 28 6D 3A  ..
> 
> Mar 27 10:46:03 09[IKE] key derivation failed
> 
>  
> 
> ike=aes128-sha512-modp2048!
> 
>  
> 
> Mar 27 10:48:17 09[IKE] SKEYSEED => 64 bytes @ 0x41c8bf70
> 
> Mar 27 10:48:17 09[IKE]    0: 31 45 20 38 33 20 31 33 20 38 39 20 31 36
> 20 34  1E 83 13 89 16 4
> 
> Mar 27 10:48:17 09[IKE]   16: 36 20 35 32 20 32 30 20 39 34 20 31 43 20
> 44 36  6 52 20 94 1C D6
> 
> Mar 27 10:48:17 09[IKE]   32: 20 38 39 20 37 38 20 42 43 20 39 41 20 20
> 69 2E   89 78 BC 9A  i.
> 
> Mar 27 10:48:17 09[IKE]   48: 2E 2E 2E 2E 46 52 20 2E 2E 2E 2E 78 2E 2E
> 0A 20  ....FR ....x...
> 
> Mar 27 10:48:17 09[IKE] key derivation failed
> 
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
> 


-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150327/a157312e/attachment-0001.bin>


More information about the Users mailing list