RFC 1829 (rfc1829) - Page 3 of 10
The ESP DES-CBC Transform
Alternative Format: Original Text Document
RFC 1829 ESP DES-CBC August 1995 2. Payload Format +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Security Parameters Index (SPI) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Initialization Vector (IV) ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Payload Data ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ... Padding | Pad Length | Payload Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Security Parameters Index (SPI) A 32-bit value identifying the Security Parameters for this datagram. The value MUST NOT be zero. Initialization Vector (IV) The size of this field is variable, although it is constant for all DES-CBC datagrams of the same SPI and IP Destination. Octets are sent in network order (most significant octet first) [RFC-1700]. The size MUST be a multiple of 32-bits. Sizes of 32 and 64 bits are required to be supported. The use of other sizes is beyond the scope of this specification. The size is expected to be indicated by the key management mechanism. When the size is 32-bits, a 64-bit IV is formed from the 32-bit value followed by (concatenated with) the bit-wise complement of the 32-bit value. This field size is most common, as it aligns the Payload Data for both 32-bit and 64-bit processing. All conformant implementations MUST also correctly process a 64-bit field size. This provides strict compatibility with existing hardware implementations. It is the intent that the value not repeat during the lifetime of the encryption session key. Even when a full 64-bit IV is used, the session key SHOULD be changed at least as frequently as 2**32 datagrams. Karn, Metzger & Simpson Standards Track
