Hi all,
I've got a question about implementing combined mode algorithm to be
used in IPsec.
This particular algorithm provides integrity only for data that is
encrypted.
So I need a way (i.e. place ) to store replicated the SPI and Sequence
Number.
>From the current source code of OpenSolaris I can see 2 ways to achieve
this goal.
The first one is to modify the source code in such way that will allow
to allocate additional space in the Payload Data for storing replicated
SPI and Sequence Number.
The number of bytes to allocate will be given in algorithm description (
i.e. ipsecalgs file or the source can be different). It also includes
modification to various calculations which will be affected by this
desicion.
The second one is to use ICV field in a custom way.
Classical packet structure:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Security Parameters Index (SPI) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+---
| IV (optional) | ^ p
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | a
| Rest of Payload Data (variable) | | y
~ ~ | l
| | | o
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | a
| | TFC Padding * (optional, variable) | v d
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+---
| | Padding (0-255 bytes) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | Pad Length | Next Header |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Integrity Check Value-ICV (variable) |
~ ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Replicate the SPI and Sequence Number and store them as a part of the ICV.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | Padding | Actual Integrity |
~ SPI | SeqNum | (0 - N bytes) | Check Value-ICV (variable) ~
| | | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The ICV length is a sum of lengths of the above mentioned fields ( SPI,
SeqNum, Padding, Actual ICV)
Though (to the best of my knowledge) this way doesn't violate any
recomendation from RFC 4303. It seems just ugly to me:)
The actual question is what is the best way to implement
the combined mode algorithm which provides integrity only for data that
is encrypted ?
TIA.
Best regards,
alexz.
