[pcap-ng-format] Proposal for EPB Hash Option (1 of 4)
Michael Haney
michael-haney at utulsa.edu
Thu Aug 27 06:15:39 UTC 2015
I'd like to propose the following to modify the Hash Option for the EPB:
Name: epb_hash
Code: 3
Length: variable
Description:
This option contains a hash or message digest of the Enhanced Packet Block
non-mutable fields. The first two bytes (16 bits) of the option value
specify
the hashing algorithm. The second two bytes (16 bits) specificy algorithm-
specific options. At bit offset 32, the actual hash value is contained,
whose
size depends on the hashing algorithm. Note that the option length is the
hash
value length + 32. If a hashing algorithm produces a message digest that is
not
32-bit aligned, the value should be padded with zeros. Hashing algorithm
values
and options are shown in the table. Unless otherwise noted in an algorithm
option (i.e. any combination of 32 flags could be set to specify hash
options)
the message digest will be taken of the body of the Enhanced Packet Block,
excluding the block header and footer and any options. This will allow the
hash
of the original captured packet, including its timestamp and other fixed
values,
and still allow for options to be added, removed, or reordered as the
packet
block is processed.
TABLE:
Algorithm Code Option Digest Size Option Length (bytes)
2’s comp. 0x0000 0x0000 packet size pkt size + 4
XOR (LRC32) 0x0001 0x0000 4 bytes 0x0008
CRC32 0x0002 0x0000 4 bytes 0x0008
MD5 0x0003 0x0000 128-bit 0x0014
SHA-1 0x0004 0x0000 160-bit 0x0018
RIPEMD 0x0005 0x0000 160-bit 0x0018
SHA-2 0x0006 0x0001 224-bit 0x0020
SHA-2 0x0006 0x0002 256-bit 0x0024
SHA-2 0x0006 0x0003 384-bit 0x0034
SHA-2 0x0006 0x0004 512-bit 0x0044
Whirlpool 0x0007 0x0000 512-bit 0x0044
SHA-3 0x0008 0x0001 512-bit 0x0044
HMAC-MD5 0x0103 0x0000 128-bit 0x0044
HMAC-SHA-1 0x0104 0x0000 160-bit 0x0018
HMAC-SHA-2 0x0106 0x0001 224-bit 0x0020
HMAC-SHA-2 0x0106 0x0002 256-bit 0x0024
HMAC-Whirlpool 0x0107 0x0000 512-bit 0x0044
MAC-SHA-3 0x0108 0x0000 512-bit 0x0044
<artwork>
/ /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| epb_hash_code = 0x0003 | option length (var) = 0x0024 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Hash Algorithm = 0x0006 (SHA2)| Hash Alg Opts = 0x0002 (256b) |
+---------------------------------------------------------------+
/ /
/ /
/ Hash value (variable e.g. 256-bits) /
/ /
/ /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/ /
/ Other Options (variable) /
/ /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| end_of_options = 0x0000 | options_length = 0x0000 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Block Total Length |
+---------------------------------------------------------------+
</artwork>
Regards,
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/pcap-ng-format/attachments/20150827/b42624d5/attachment.html>
More information about the pcap-ng-format
mailing list