Fwd: Processing of ESP packet

[Stephen Kent <kent@xxxxxxx>]

> X-Originating-IP: [67.118.241.65]
> From: "bepsy paul" <bepsyp@xxxxxxxxxxx>
> Subject: Processing of ESP packet
> Date: Fri, 13 Dec 2002 11:29:16 -0800
> X-OriginalArrivalTime: 13 Dec 2002 19:29:16.0652 (UTC) 
> FILETIME=[ECF18AC0:01C2A2DD]
> X-Spam-Status: NO
> X-Scanned-By: MIMEDefang 2.19 (www . roaringpenguin . com / mimedefang)
> Status:  
>
>
>
>    I am Bepsy and doing IPsec development in a small company. I got 
> your mail id from ipsec@xxxxxxxxxxxxxxxxx mailing list. I am not 
> able to join this group. That's why I am writing to you.
>
>   I have a simple doubt in the inbound ESP/AH packet processing. I 
> have negotiated the IKE SA and IPSec SA.  My IPSec SA looks like 
> this.
>
> SPI=0xd930f1db 0.0.0.0/32>10.1.0.171/32 ESP
> AUTHKEY=0x9a4bdd1830b7bb24783353cdacd4f45c872e496,160bits
> AUTH HMAC-SHA1 REPLAY 32 
> ENCRYPTKEY=0xf09aa0fe1aa253d7e630e8bacf19e096cbc0452a1e5f3c6,192bits
> ENCRYPT 3DES-CBC
> IV=0xa98dcb69b26cb19,64
> LIFE_ADD_TIME_HARD 120
>
>   When I get the inbound ESP packet, first I have to do the digest 
> verification,right? For that, do I have to use the AUTHKEY in the 
> SA? I am using openssl-crypto for my cryptographic operations. Do 
> you know how I can pass this AUTHKEY to EVP_DigestUpdate() function? 
> If yes, please reply to me. Do you have a sample inbound packet 
> processing code? If yes, would you mind sending to me?
>
>   If you could, please forward this question to the mailing list so 
> that I may get suggestions from others also.
>
> Thanking you in advance,
>
> Best Regards,
> Bepsy
>
>
>
>
>
> _________________________________________________________________
> Help STOP SPAM with the new MSN 8 and get 2 months FREE* 
> http://join.msn.com/?page=features/junkmail