[ipsec][crypto] 在IPSec ESP使用AES-GCM加密時的IV
IV
IV是指初始化向量。
在我們當前討論的場景中: 在IPSec ESP使用AES-GCM加密
IV有兩個含義:
1. ESP報文封裝時的IV,RFC中稱為 AES-GCM IV
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Initialization Vector | | (8 octets) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Ciphertext (variable) ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2. 在討論加解密設備的時候,我們討論的IV,與1中不同,稱為 AES-GCM-ESP IV, 也稱作nonce
nonce由 salt 和1中IV組成。
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Salt | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Initialization Vector | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
總結:
ESP的IV協議規定了固定長度是8字節,salt是固定的4字節。所以在當前場景內,GCM的IV長度,固定為12字節。
參考:
https://tools.ietf.org/html/rfc4106#section-3.1
其他:
1 block size
由算法決定AES的block size為固定的16字節。
AES is a variant of Rijndael which has a fixed block size of 128 bits, and a key size of 128, 192, or 256 bits.
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
2 key length
AES的算法名字里邊有AES128,AES256,這個怎么理解呢?
在實際的ESP封裝傳輸以及ipsec協商中,他們使用的key length是上面的128,256 再加上32bit的鹽。
在編碼是需要注意。
AES-GCM-ESP with a 128 bit key The KEYMAT requested for each AES-GCM key is 20 octets. The first 16 octets are the 128-bit AES key, and the remaining four octets are used as the salt value in the nonce. AES-GCM-ESP with a 192 bit key The KEYMAT requested for each AES-GCM key is 28 octets. The first 24 octets are the 192-bit AES key, and the remaining four octets are used as the salt value in the nonce. AES-GCM-ESP with a 256 bit key The KEYMAT requested for each AES GCM key is 36 octets. The first 32 octets are the 256-bit AES key, and the remaining four octets are used as the salt value in the nonce.
浙公網安備 33010602011771號