[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
problem with HMAC precomputes.
Hello all,
I'm doing a project on Ipsecurity and have come
across a
problem. I'm sure some of you can help me with an
answer
Many Crypto Accelerator Chips expect Ipsec
application to
supply inner and outer digests of HMAC
Authentication only once when Key is formed or a New SA is created, and they use
those digests to Authenticate or to calculate ICV of packet using HMAC. Again
Application need to supply inner and outer digests only if keys is changed
or New SA is formed.
RFC 2104 on HMAC Keyed Hashing tells that
packet processing using authentication mechanism of HMAC computation
using MD5 or SHA can be enhanced by having precomputed inner and outer
digests of
(K XOR ipad and K XOR opad , where K is Authentication Key, ipad 0x36 and opad is 0x5c as
defined in RFC2104)
K_ipad and K_opad zero padded
strings.
So that we need to to precompute these values
only once when keys are created and can be used directly when there
is a packet to process thus avoiding two hashes on Kipad and Kopad for every
packet. however RFC does not tell about exact method of precomputing inner and
outer digests of HMAC computation only once and using them untill key is
changed.
In my case Authentication is failing because I'm
not able to precompute the inner and outer digests correctly :( .
because, I dont have
clear Idea on this aspect.
Can you tell me how it can be done ? I mean what is
the Exact method to do this?
How Precomputed hashes on Kipad and Kopad are used
for Authenticating packet?
Thank You
Lokesh