[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Straw Poll and Alignment
z'.bAtgTM!+iq2$yXiv4gf<:D*rZ-|f$\YQi7"D"=CG!JB?[^_7v>8Mm;z:NJ7pss)l__Cw+.>xUJ)
did@Pr9
Date: Thu, 13 Feb 1997 13:06:08 -0500
Sender: chk@rafael.rnd.border.com
Everyone seems to be 'voting' for a 32-bit counter *and* truncating the
SHA-1 output to 128 bits. However:
THIS BREAKS 64 BIT ALIGNMENT!!!!!
The diagram, again (thanks, Robert Glenn!):
01234567012345670123456701234567
+------+-------+-------+-------+
| NH | Len | Reserved | 32 bits
+------+-------+-------+-------+
| SPI | 32 bits
+------+-------+-------+-------+
| Replay Prev. Counter | 32 bits
+------+-------+-------+-------+
| |
| HMAC |
| Value | 128 bits
| |
+------+-------+-------+-------+
total: 224 bits --- not multiple of 64
We can *either* have a 32-bit counter, *or* a truncated SHA-1 hash. Using
both breaks alignment. (Remember, AH is required for IPv6, and IPv6 requires
64-bit alignment on all options.)
I postulate that the current straw poll is meaningless, because we're
ignoring the fundamental alignment problem. The options, as I see them, are:
AH + SPI + 32-bit replay + 32-bit pad + HMAC-MD5 256 bits
AH + SPI + 32-bit replay + HMAC-SHA-1 256 bits
or
AH + SPI + 64-bit replay + HMAC-MD5 256 bits
AH + SPI + 64-bit replay + truncated HMAC-SHA1 256 bits
All other combinations of replay and hashes break alignment, or require
additional padding.
If I remember correctly, the truncated SHA-1 discussion started from the
fact that AH + SPI + SHA-1 == 224 bits, which is also not 64-bit aligned.
The proposed solution was to truncate the SHA-1 output to 128 bits, giving a
192 bit packet (which is aligned). And that, in turn, led to the AH 64-bit
replay counter; it preserves the alignment!
Can we *please* start over on this straw poll now?
--
C. Harald Koch chk@utcc.utoronto.ca +1 416 813 2054 (voice)
"I don't suffer from insanity; I revel in it!"
-Karen Murphy <karenm@descartes.com>