[Ipsec] CCM: AAD construction

To: <ipsec at ietf.org>
Subject: [Ipsec] CCM: AAD construction
From: "Bansal, Yogesh" <yogesh.bansal at intel.com>
Date: Wed, 6 Apr 2005 13:30:24 -0700
Cc: "Raghunandan, Makaram" <makaram.raghunandan at intel.com>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: IP Security <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
Sender: ipsec-bounces at ietf.org
Thread-index: AcU653YNjZEox9K1QzSLw6pl2tD1FA==
Thread-topic: CCM: AAD construction

Group - 

I have few questions on CCM & it's use in IPSec ESP mode. The questions
are related to construction of AAD blocks required for authentication
purposes.

1) Construction of AAD blocks in CCM in general

RFC 3610 specifies construction of B_0, B_1 blocks 
The construction of B_0 has been clearly defined. This block is followed
by length encoding of "a" followed by "a" itself, as per the following
paragraph in the spec:
 
Blocks encoding a are formed by concatenating this string that encodes
l(a) with a itself, and splitting the result into 16-octet blocks, and
then padding the last block with zeros if necessary. These blocks are
appended to the first block B_0.

Does this mean the following:

B_1 = encoding(l(a)) || a || pad (to the next 16 octet block )

Hence, the AAD block stream then consists of 
B_0 || B_1 || m_0 || m_1 ... || m_n (padding, if required) 


[Q] Please confirm whether the interpretation of B_1 construction is
correct. 


2) Construction of AAD blocks in IPSec ESP mode 

Does B_1 definition mean the following in IPSec ESP mode 
AAD_IPSec = SPI || SEQ_Num

B_1 = encoding (l (AAD_IPSec)) ||  AAD_IPsec || pad (to the next 16
octet block) 

[Q] Please confirm construction of B_1 block in IPSec mode is correct.

3) Computing CBC-MAC in CCM Mode With IPsec ESP
CCM spec (RFC 3610) implies that authentication is done on the plain
text (and not the cipher text). 

However, IPSec ESP mode states that encryption is done prior to
authentication. Does this order change in the
draft-ietf-ipsec-ciph-aes-ccm-05.txt, meaning that authentication is
done after CTR-encryption? If so, is the CBC-MAC encrypted again. 

My interpretation is that the order still remains the same as specified
in RFC 3610, i.e. authentication is on  plain text and not cipher text. 

[Q] Please indicate what is the correct order of processing on the
outbound side.

Thanks for your time. 

Regards,
Yogesh 


_______________________________________________
Ipsec mailing list
Ipsec at ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

Follow-Ups:
- Re: [Ipsec] CCM: AAD construction
  - From: Stephen Kent

Prev by Date: RE: [Ipsec] doubts about IKEv2 implementation
Next by Date: Re: [Ipsec] Number of SPD Policies
Previous by thread: [Ipsec] doubts about IKEv2 implementation
Next by thread: Re: [Ipsec] CCM: AAD construction
Index(es):
- Date
- Thread

[Ipsec] CCM: AAD construction

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.