[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Ipsec] Paddding Issue in AES-XCBC-MAC-96 with IPSEC (RFC 3566)
Hi,
RFC 3566 (AES-XCBC-MAC-96 Algorithm and Its Use with IPSec) states
that :
Case 1:
if the size of last block of message is 128 bits :
do
E[n] = Encryption (M[n] XOR E[n-1] XOR K2) with K1
Case2:
if the size of last block of message is less than 128 bits:
do
i)Pad M[n] with a '1'bit followed by '0'bits to make M[n] to be a
block size of 128 bits.
ii) E[n] = Encryption (M[n] XOR E[n-1] XOR K3 ) with K1
where
M[n] - the last block of message
E[n] - the AESXCBC-MAC value
E[n-1] = encrypted output of the previous block
K1 - AES Encryption Key K1
K2 - derived key from K1.
Encryption - AES Encryption
The above is explained in RFC 3566 in section 4 .
My Doubt:
As per RFC 2402 - AH Protocol, if the IP packet length does not
match the blocksize of the auth algorithm, implicit padding is done with
zeros.
1) Hence if AES-XCBCMAC is chosen in AH then , is it that always Case 1
occurs??
Kindly clarify my understanding.
2) When will Case 2 occur?
thanks in advance.
navin
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec