[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ipsec] Paddding Issue in AES-XCBC-MAC-96 with IPSEC (RFC3566)
At 9:18 PM +0530 8/11/04, Navin Kumar wrote:
> <SNIP>
>
>My Doubt:
>
>As per RFC 2402 - AH Protocol, if the IP packet length does not
>match the blocksize of the auth algorithm, implicit padding is done with
>zeros.
>
>1) Hence if AES-XCBCMAC is chosen in AH then , is it that always Case 1
>occurs??
> Kindly clarify my understanding.
The authors described a generic padding mechanism for use of the
algorithm, not one tailored to use in the AH context. So, I'd say
the right answer is to interpret this as CASE 1, i.e., the implicit
padding provided by AH makes the input to the algorithm always appear
as a full, final block.
Steve
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec