[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: How to pass AES rounds number through PF_KEY interface



Title: RE: How to pass AES rounds number through PF_KEY interface

Sandy,

You are correct. In the final AES FIPS, rounds are not negotiable -- they depend strictly on key size. And you remembered the round counts correctly.



> -----Original Message-----
> From: Sandy Harris [mailto:sandy@storm.ca]
> Sent: Tuesday, March 12, 2002 3:39 PM
> Cc: ipsec@lists.tislabs.com
> Subject: Re: How to pass AES rounds number through PF_KEY interface
>
>
> Andrew Wenlang Zhu wrote:
>
> > Since the AES rounds number MAY be negotiated according to the
> > Internet Draft <<The AES Cipher Algorithm and Its Use With IPsec>>
> > <draft-ietf-ipsec-cipher-aes-cbc-03.txt>,
>
> If so, methinks the draft should change. In the original Rijndael
> spec, and I presume in the final AES, the number of rounds depends
> on key (and, for original Rijndael, block) size, but does not vary
> other than that.
>
> There should never be a need to negotiate or set number of rounds.
> Set the key size (for AES, block size is fixed at 128) and the
> number of rounds is determined.
>
> I think it's 10, 12, 14 for 128, 192, 256, but I haven't got the
> spec to hand and am not entirely certain.
>
> > I need to find a way to pass the rounds number from IKE to kernel
> > to install the SA. Unfortunately, I can not
> > find a pre-defined parameter to transfer this number.
> >
> > How do you transfer the AES rounds number in PF_KEY?
>