[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: length of IV in ESP_NULL cipher

To: tarun.ahuja@cavium.com
Subject: Re: length of IV in ESP_NULL cipher
From: Paul Koning <pkoning@equallogic.com>
Date: Fri, 9 Jan 2004 10:09:57 -0500
Cc: ipsec@lists.tislabs.com
References: <0ac801c3d640$98c6eb10$b110a8c0@Tarun><Pine.GSO.4.58.0401081638360.29410@irp-view4.cisco.com>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Scott" == Scott Fluhrer <sfluhrer@cisco.com> writes:

 Scott> On Thu, 8 Jan 2004, Tarun Ahuja wrote:

 >> Which essentially means the length of the IV should be 0 but
 >> FreeSWAN uses a length of 4bytes IV (equal to blocksize) for NULL
 >> cipher.

 Scott> Well, either FreeSWAN is broke (at least in this respect) or
 Scott> you are mistaken about the operation of the FreeSWAN code.

Agreed.  I'm pretty sure I had our (Xedia) implementation talking to
FreeSWAN some years ago, so my suspicion is that the implementation is
actually correct.

Are you looking at the packet length when you made this observation?
Remember that ESP_NULL DOES require padding (to multiples of four)
because that's the minimum requirement in ESP independent of cipher.
I think I have seen implementations (at least back in 1999 or so) that
got this wrong.

    paul

Follow-Ups:
- Re: length of IV in ESP_NULL cipher
  - From: "Tarun Ahuja" <tarun.ahuja@cavium.com>

References:
- length of IV in ESP_NULL cipher
  - From: "Tarun Ahuja" <tarun.ahuja@cavium.com>
- Re: length of IV in ESP_NULL cipher
  - From: Scott Fluhrer <sfluhrer@cisco.com>

Prev by Date: Re: length of IV in ESP_NULL cipher
Next by Date: Re: IKEv1 and multiple SAs ?
Previous by thread: Re: length of IV in ESP_NULL cipher
Next by thread: Re: length of IV in ESP_NULL cipher
Index(es):
- Date
- Thread