[ipsec][crypto] 在IPSec ESP使用AES-GCM加密时的IV
IV
IV是指初始化向量。
在我们当前讨论的场景中: 在IPSec ESP使用AES-GCM加密
IV有两个含义:
1. ESP报文封装时的IV,RFC中称为 AES-GCM IV
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Initialization Vector | | (8 octets) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Ciphertext (variable) ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2. 在讨论加解密设备的时候,我们讨论的IV,与1中不同,称为 AES-GCM-ESP IV, 也称作nonce
nonce由 salt 和1中IV组成。
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Salt | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Initialization Vector | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
总结:
ESP的IV协议规定了固定长度是8字节,salt是固定的4字节。所以在当前场景内,GCM的IV长度,固定为12字节。
参考:
https://tools.ietf.org/html/rfc4106#section-3.1
其他:
1 block size
由算法决定AES的block size为固定的16字节。
AES is a variant of Rijndael which has a fixed block size of 128 bits, and a key size of 128, 192, or 256 bits.
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
2 key length
AES的算法名字里边有AES128,AES256,这个怎么理解呢?
在实际的ESP封装传输以及ipsec协商中,他们使用的key length是上面的128,256 再加上32bit的盐。
在编码是需要注意。
AES-GCM-ESP with a 128 bit key The KEYMAT requested for each AES-GCM key is 20 octets. The first 16 octets are the 128-bit AES key, and the remaining four octets are used as the salt value in the nonce. AES-GCM-ESP with a 192 bit key The KEYMAT requested for each AES-GCM key is 28 octets. The first 24 octets are the 192-bit AES key, and the remaining four octets are used as the salt value in the nonce. AES-GCM-ESP with a 256 bit key The KEYMAT requested for each AES GCM key is 36 octets. The first 32 octets are the 256-bit AES key, and the remaining four octets are used as the salt value in the nonce.
