Dan McDonald wrote: > On Tue, May 15, 2007 at 05:02:51PM +0400, lamo at ccs.ru wrote: >> Hi all, >> >> I've got a question about implementing combined mode algorithm to be >> used in IPsec. > > Is it a well-known algorithm? We haven't used any such algorithms in our > IPsec yet - your experience would benefit the community.
No. It's not a well-known algorithm. But the ability to use such type of combined mode algorithm is written in RFC 4303. I think it'd be great to have OpenSolaris IPsec implementation to support *both* types of combined mode algorithm (if it turns to be possible, because it may be too algorithm-specific). >> This particular algorithm provides integrity only for data that is >> encrypted. So I need a way (i.e. place ) to store replicated the SPI and >> Sequence Number. > > <SNIP!> > > Take a look at RFC 4106 (AES-GCM for ESP). They seem to indicate using a > scheme similar to your first choice. > I've read it before starting my work ( as well as RFC 4309 - AES CCM). And it's an example of the other type of the combined mode algorithm i.e. integrity for (data that is encrypted + additional data which is not encrypted). The same is true for rfc 4309. Please, correct me if I'm wrong. > If there's shortcomings for combined-mode algorithms in our ESP, ESP's > interfaces to/from the Crypto Framework, or both, this would be a fine time > to address 'em. > > Off the top of my head: > > - I *think* ipsecalgs(1M) may need to be extended to indicate a > combined-mode cipher. Right now I think we assume all the world's > CBC, which isn't accurate. > > - We may need help in the IPsec-to-Crypto interfaces. I know the > crypto folks are working on AES-CCM for reasons not related to > IPsec. It's most likely we could get RFC 4309 (AES-CCM with ESP) > working before RFC 4106 (AES-GCM). To the best of my knowledge, atm, you have to do nothing (global) to current IPsec implementation to use AES-CCM and AES-GCM besides actually writing this algorithms' kernel modules:) But to add the second type we ( community if you offer us such opportunity of course) have to discuss the best way to modify current IPsec implementation and (very probably) IPsec-to-Crypto interfaces. It will depend upon the way we choose to implement (i.e. just extendind the Payload Data or provide additional space which will be on of the argument to kCF functions or another way). > > If you're ready to get combined-mode ciphers working with ESP, we're ready to > help. It's an architectural issue, so we'll need to ARC it, but don't let > that bother you. I'm ready:) > Thanks! > Dan > Thank you. alexz.
