[Ipsec] Paddding Issue in AES-XCBC-MAC-96 with IPSEC (RFC 3566)

[Navin Kumar <navink@intoto.com>]

Hi,
  RFC 3566 (AES-XCBC-MAC-96 Algorithm and Its Use with IPSec) states 
that :

Case 1:

if the size of last block of message is 128 bits :
do  

E[n] =  Encryption (M[n] XOR E[n-1] XOR K2) with  K1 

Case2:
if the size of last block of message is less than 128 bits:
do

i)Pad M[n] with a '1'bit  followed by '0'bits to make M[n] to be a 
block size of 128 bits.
ii) E[n] = Encryption (M[n] XOR E[n-1] XOR K3 ) with  K1

where 
M[n] -  the last block of message 
E[n] - the AESXCBC-MAC value
E[n-1] = encrypted output of the previous block
K1 - AES Encryption Key K1
K2 - derived key from K1.
Encryption - AES Encryption

The above is explained in RFC 3566 in section 4 .

My Doubt:

As per RFC 2402 - AH Protocol, if the IP packet length does not  
match the blocksize of the auth algorithm, implicit padding is done with 
zeros. 

1) Hence if AES-XCBCMAC is chosen in AH then , is it that always Case 1 
occurs??
   Kindly clarify my understanding.   

2) When will Case 2 occur?


thanks in advance.

navin




_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec