[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to pass AES rounds number through PF_KEY interface



Andrew Wenlang Zhu wrote:

> Since the AES rounds number MAY be negotiated according to the
> Internet Draft <<The AES Cipher Algorithm and Its Use With IPsec>>
> <draft-ietf-ipsec-cipher-aes-cbc-03.txt>,

If so, methinks the draft should change. In the original Rijndael
spec, and I presume in the final AES, the number of rounds depends
on key (and, for original Rijndael, block) size, but does not vary
other than that.

There should never be a need to negotiate or set number of rounds.
Set the key size (for AES, block size is fixed at 128) and the
number of rounds is determined.

I think it's 10, 12, 14 for 128, 192, 256, but I haven't got the
spec to hand and am not entirely certain. 

> I need to find a way to pass the rounds number from IKE to kernel
> to install the SA. Unfortunately, I can not
> find a pre-defined parameter to transfer this number.
> 
> How do you transfer the AES rounds number in PF_KEY?