[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Checksum (Re: KINK issue list)

At Thu, 27 Jan 2005 20:47:56 -0500,
Ken Raeburn <raeburn@xxxxxxx> wrote:
> > - 2) makes me nervous because I don't know whether it makes some
> >   kinds of attacks easy (e.g. adding junk data at the end of payloads
> >   in order to collide the checksum).
> How about including length-without-checksum in the calculation of the 
> checksum, instead of a zero?

This seems to work.

So current proposed solution is:
- Use required-to-implement checksum type determined by the etype.
- Use get_mic or verify_mic function to generate or verify the checksum.
- Omit the checksum field before calculation.
- The Length field is filled with the packet length without checksum and
  the CksumLen field is zeroed out before the calculation.

KAMADA Ken'ichi <kamada@xxxxxxxxxx>