RFC 1829 (rfc1829) - Page 3 of 10
The ESP DES-CBC Transform
Alternative Format: Original Text Document
RFC 1829 ESP DES-CBC August 1995
2. Payload Format
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Security Parameters Index (SPI) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Initialization Vector (IV) ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Payload Data ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... Padding | Pad Length | Payload Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Security Parameters Index (SPI)
A 32-bit value identifying the Security Parameters for this
datagram. The value MUST NOT be zero.
Initialization Vector (IV)
The size of this field is variable, although it is constant for
all DES-CBC datagrams of the same SPI and IP Destination. Octets
are sent in network order (most significant octet first)
[RFC-1700].
The size MUST be a multiple of 32-bits. Sizes of 32 and 64 bits
are required to be supported. The use of other sizes is beyond
the scope of this specification. The size is expected to be
indicated by the key management mechanism.
When the size is 32-bits, a 64-bit IV is formed from the 32-bit
value followed by (concatenated with) the bit-wise complement of
the 32-bit value. This field size is most common, as it aligns
the Payload Data for both 32-bit and 64-bit processing.
All conformant implementations MUST also correctly process a
64-bit field size. This provides strict compatibility with
existing hardware implementations.
It is the intent that the value not repeat during the lifetime
of the encryption session key. Even when a full 64-bit IV is
used, the session key SHOULD be changed at least as frequently
as 2**32 datagrams.
Karn, Metzger & Simpson Standards Track