| < draft-ietf-ipsecme-chacha20-poly1305-04.txt | draft-ietf-ipsecme-chacha20-poly1305-05.txt > | |||
|---|---|---|---|---|
| Network Working Group Y. Nir | Network Working Group Y. Nir | |||
| Internet-Draft Check Point | Internet-Draft Check Point | |||
| Intended status: Standards Track April 26, 2015 | Intended status: Standards Track April 27, 2015 | |||
| Expires: October 28, 2015 | Expires: October 29, 2015 | |||
| ChaCha20, Poly1305 and their use in IKE & IPsec | ChaCha20, Poly1305 and their use in IKE & IPsec | |||
| draft-ietf-ipsecme-chacha20-poly1305-04 | draft-ietf-ipsecme-chacha20-poly1305-05 | |||
| Abstract | Abstract | |||
| This document describes the use of the ChaCha20 stream cipher along | This document describes the use of the ChaCha20 stream cipher along | |||
| with the Poly1305 authenticator, combined into an AEAD algorithm for | with the Poly1305 authenticator, combined into an AEAD algorithm for | |||
| the Internet Key Exchange protocol (IKEv2) and for IPsec. | the Internet Key Exchange protocol (IKEv2) and for IPsec. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| skipping to change at page 1, line 32 ¶ | skipping to change at page 1, line 32 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on October 28, 2015. | This Internet-Draft will expire on October 29, 2015. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2015 IETF Trust and the persons identified as the | Copyright (c) 2015 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 9, line 41 ¶ | skipping to change at page 9, line 41 ¶ | |||
| also the same. | also the same. | |||
| o Because the key and nonce are the same, so is the one-time | o Because the key and nonce are the same, so is the one-time | |||
| Poly1305 key. | Poly1305 key. | |||
| o The packet with be an Informational request carrying a single | o The packet with be an Informational request carrying a single | |||
| payload: A Notify payload with type SET_WINDOW_SIZE, setting the | payload: A Notify payload with type SET_WINDOW_SIZE, setting the | |||
| window size to 10. | window size to 10. | |||
| o iSPI = 0xc0 0xc1 0xc2 0xc3 0xc4 0xc5 0xc6 0xc7. | o iSPI = 0xc0 0xc1 0xc2 0xc3 0xc4 0xc5 0xc6 0xc7. | |||
| o rSPI = 0xd0 0xd1 0xd2 0xd3 0xd4 0xd5 0xd6 0xd7. | o rSPI = 0xd0 0xd1 0xd2 0xd3 0xd4 0xd5 0xd6 0xd7. | |||
| o Message ID shall be 9. | o Message ID shall be 9. | |||
| The Notify Payload: | The Notify Payload: | |||
| 000 00 00 00 0c 00 00 40 01 00 00 00 0a ......@..... | 000 00 00 00 0c 00 00 40 01 00 00 00 0a ......@..... | |||
| <t> Padding as required by RFC 7296:</t> | ||||
| <t><figure> | Padding as required by RFC 7296 is 4 bytes long. | |||
| <artwork><![CDATA[ | ||||
| Plaintext (includes padding and pad length): | Plaintext (includes padding and pad length): | |||
| 000 00 00 00 0c 00 00 40 01 00 00 00 0a 01 02 03 03 ......@......... | 000 00 00 00 0c 00 00 40 01 00 00 00 0a 01 02 03 03 ......@......... | |||
| Ciphertext: | Ciphertext: | |||
| 000 61 03 94 70 1f 8d 01 7f 7c 12 92 48 88 34 6f 7d a..p....|..H.4o} | 000 61 03 94 70 1f 8d 01 7f 7c 12 92 48 88 34 6f 7d a..p....|..H.4o} | |||
| The AAD is constructed by appending the IKE header to the encrypted | The AAD is constructed by appending the IKE header to the encrypted | |||
| payload header. Note that the length field in the IKE header and the | payload header. Note that the length field in the IKE header and the | |||
| length field in the encrypted payload header have to be calculated | length field in the encrypted payload header have to be calculated | |||
| before constructing the AAD: | before constructing the AAD: | |||
| End of changes. 4 change blocks. | ||||
| 9 lines changed or deleted | 9 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||