[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: length of IV in ESP_NULL cipher

To: Tarun Ahuja <tarun.ahuja@cavium.com>
Subject: Re: length of IV in ESP_NULL cipher
From: Scott Fluhrer <sfluhrer@cisco.com>
Date: Thu, 8 Jan 2004 16:39:55 -0800 (PST)
Cc: ipsec@lists.tislabs.com
In-reply-to: <0ac801c3d640$98c6eb10$b110a8c0@Tarun>
References: <0ac801c3d640$98c6eb10$b110a8c0@Tarun>
Sender: owner-ipsec@lists.tislabs.com

On Thu, 8 Jan 2004, Tarun Ahuja wrote:

> Hi all
>
> What should be the length of the IV in case of NULL cipher when using ESP
> protocol?
>
> As per RFC 2410
> "Because of the stateless nature of the NULL encryption algorithm, it is not
> necessary to transmit an IV or similar cryptographic
> synchronization data on a per packet (or even a per SA) basis".

To quote later on in RFC 2410:

   To facilitate interoperability, the IV size for this algorithm MUST
   be zero (0) bits.

>
> Which essentially means the length of the IV should be 0 but FreeSWAN uses a
> length of 4bytes IV (equal to blocksize) for NULL cipher.

Well, either FreeSWAN is broke (at least in this respect) or you are
mistaken about the operation of the FreeSWAN code.

-- 
scott

Follow-Ups:
- Re: length of IV in ESP_NULL cipher
  - From: Paul Koning <pkoning@equallogic.com>

References:
- length of IV in ESP_NULL cipher
  - From: "Tarun Ahuja" <tarun.ahuja@cavium.com>

Prev by Date: length of IV in ESP_NULL cipher
Next by Date: Re: IKEv1 and multiple SAs ?
Previous by thread: length of IV in ESP_NULL cipher
Next by thread: Re: length of IV in ESP_NULL cipher
Index(es):
- Date
- Thread