[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

8 byte aligement in ISAKMP

To: isakmp-oakley@cisco.com, ipsec@tis.com
Subject: 8 byte aligement in ISAKMP
From: Naganand Doraswamy <naganand@ftp.com>
Date: Thu, 23 Jan 1997 17:02:44 -0500
Sender: owner-ipsec@ex.tis.com

When the ISAKMP packet is not 8 byte aligned, we pad it with zero's to make
it 8 byte aligned before we encrypt it during Oakley QM. Some packets
require that we calculate hash on the payloads so that the other end can
also authenticate us. When we calculate, do we also consider the padding? It
is better that we consider the padding as well as it will be easier to
verify on the other end. All we have to do is to calculate the length of the
data on which to calcuate hash is (payload_len - isakmp header_len - hash
payload_len - hash_data_len). We dont have to parse the ISAKMP payload to
find out the lenght of the data on which to calculate hash. That way, if the
hash fails we can drop the packet immediatly.

On the other hand, if we dont use the pad in calculating hash, then the last
byte of the hash should represent the lenght of the pad as that will help in
calculating the lenght of the data on which to calculate hash.

Comments?
Naganand

Follow-Ups:

Re: 8 byte aligement in ISAKMP

From: Daniel Harkins <dharkins@cisco.com>

Prev by Date: RE: IPsec hardware accelerators (Rainbow warning)
Next by Date: Re: 8 byte aligement in ISAKMP
Prev by thread: Re: Negotiated Hash Algorithms in ISAKMP/OAKLEY
Next by thread: Re: 8 byte aligement in ISAKMP
Index(es):
- Main
- Thread