On Tue, May 15, 2007 at 05:02:51PM +0400, lamo at ccs.ru wrote:
> Hi all,
>
> I've got a question about implementing combined mode algorithm to be
> used in IPsec.
Is it a well-known algorithm? We haven't used any such algorithms in our
IPsec yet - your experience would benefit the community.
> This particular algorithm provides integrity only for data that is
> encrypted. So I need a way (i.e. place ) to store replicated the SPI and
> Sequence Number.
<SNIP!>
Take a look at RFC 4106 (AES-GCM for ESP). They seem to indicate using a
scheme similar to your first choice.
If there's shortcomings for combined-mode algorithms in our ESP, ESP's
interfaces to/from the Crypto Framework, or both, this would be a fine time
to address 'em.
Off the top of my head:
- I *think* ipsecalgs(1M) may need to be extended to indicate a
combined-mode cipher. Right now I think we assume all the world's
CBC, which isn't accurate.
- We may need help in the IPsec-to-Crypto interfaces. I know the
crypto folks are working on AES-CCM for reasons not related to
IPsec. It's most likely we could get RFC 4309 (AES-CCM with ESP)
working before RFC 4106 (AES-GCM).
If you're ready to get combined-mode ciphers working with ESP, we're ready to
help. It's an architectural issue, so we'll need to ARC it, but don't let
that bother you.
Thanks!
Dan
