[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: padding in quick mode



At 06:57 AM 7/23/02 , Benzy Gabay wrote:
>Clear DayHi,
>
>Does anyone knows what should be the padding in quick mode packets while
>using DES , 3DES, AES ?
If, by quick mode packets, you mean the IKE packets that make up a quick mode exchange, then the padding method is:

  All padding bytes, except for the last one, contain 0x00. The last byte of the padding contains the number of the padding bytes used, excluding the last one. Note that this means there will always be padding.

  Or, in other words, [00 00 .. 00 NN], where NN is one less than the total number of bytes of padding.  You can have, at most, 1 block of padding.  See RFC2409 for more details.


If you mean the IPSec packets, then the padding method is:

   The Padding bytes are initialized with a series of (unsigned, 1-byte) integer values. The first padding byte appended to the plaintext is numbered 1, with subsequent padding bytes making up a monotonically increasing sequence: 1, 2, 3, ... 

  Or, in other words, [01 02 03 .. NN], where NN is the total number of bytes of padding.  If desired, you can have more than 1 block of padding.  See RFC2406 for more details.


>Which type of modulo should I use (8 , 16, etc')
If you mean block size, then DES, 3DES has 8 byte blocks, and AES has 16 byte blocks.


-- 
scott