[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: [Ipsec] Clarification on rfc4543
From: "Ray Savarda" <rsavarda () hifn ! com>
Date: 2006-06-22 19:46:44
Message-ID: 5FF564CB81DEE64EB76254D49013DC3362A51B () RTPXCH01 ! tbu ! com
[Download RAW message or body]
--===============0153608520==
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C69634.976FA47F"
This is a multi-part message in MIME format.
Excuse me if this has been asked/answered already, but I spent a fair
amount of time looking and didn't find any previous conversations
regarding it anywhere online.
In RFC4543, Section 3.5, Figure 4, it (to me, anyway) clearly shows the
IV included in the ICV calculation for ENCR_NULL_AUTH_AES_GMAC.
Section 3.3 also specifies that the AAD includes the payload, and 3.1
specifies that the IV is included in the ESP payload, collectively
implying the IV is included in the AAD.
However, in section 7, second sentence, we have:
" In ENCR_NULL_AUTH_AES_GMAC, the IV is not included in either the
plaintext or the additional authenticated data."
Am I misinterpreting something?
Also, is it correct to assume that in AH mode, since the IV is present
at the beginning of the ICV field in the AH header, that it is also
included in the ICV calculation for that mode?
Lastly (bear with me), any chance there are a couple sample test vectors
available somewhere that would help ensure there is no ambiguity in the
interpretation of these new ESP/AH Algorithms?
Thanks!
Ray
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2873" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2><SPAN class=688033319-22062006>Excuse me if this
has been asked/answered already, but I spent a fair amount of time looking and
didn't find any previous conversations regarding it anywhere
online.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=688033319-22062006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=688033319-22062006>In RFC4543, Section
3.5, Figure 4, it (to me, anyway) clearly shows the IV included in the ICV
calculation for ENCR_NULL_AUTH_AES_GMAC. </SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=688033319-22062006>Section 3.3 also
specifies that the AAD includes the payload, and 3.1 specifies that the IV
is included in the ESP payload, collectively implying the IV is included in
the AAD.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=688033319-22062006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=688033319-22062006>However, in section
7, second sentence, we have:</SPAN></FONT></DIV>
<DIV><FONT><SPAN class=688033319-22062006>
<P><FONT face=Arial><FONT size=2><SPAN class=688033319-22062006>" </SPAN>In
ENCR_NULL_AUTH_AES_GMAC, the IV<SPAN class=688033319-22062006> </SPAN>is not
included in either the plaintext or the additional<SPAN
class=688033319-22062006> </SPAN>authenticated data.<SPAN
class=688033319-22062006>"</SPAN></FONT></FONT></P></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=688033319-22062006>Am I misinterpreting
something? </SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=688033319-22062006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=688033319-22062006>Also, is it correct
to assume that in AH mode, since the IV is present at the beginning of the ICV
field in the AH header, that it is also included in the ICV calculation for that
mode? </SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=688033319-22062006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=688033319-22062006>Lastly (bear with
me), any chance there are a couple sample test vectors available somewhere
that would help ensure there is no ambiguity in the interpretation of these new
ESP/AH Algorithms? </SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=688033319-22062006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN
class=688033319-22062006>Thanks!</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=688033319-22062006>Ray</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=688033319-22062006></SPAN></FONT> </DIV></BODY></HTML>
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec
--===============0153608520==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic