[Swan] AES-GCM and message length hiding

Mike C smith.not.western at gmail.com
Wed May 28 16:48:15 EEST 2014


Hi,

I have a question regarding AES-GCM usage in IPsec, and the impact of the
lack of padding. In RFC 4106 section 3 it states that "Implementations that
do not seek to hide the length of the plaintext SHOULD use the minimum
amount of padding required, which will be less than four octets.". RFC 3602
for AES-CBC usage does not make any comment regarding hiding message
length, presumably because the authors are happy at the minimum 16-byte
padding?

The RFC does not state if implementations should or should not seek to hide
the length of the plaintext. I'm curious as to the approach taken by
libreswan: Does it use padding > 4 octets, and if so/if not, what's the
rationale behind the decision?

Regards,

Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20140528/b8868532/attachment.html>


More information about the Swan mailing list