[pcap-ng-format] Proposal for EPB Hash Option (1 of 4)
Hadriel Kaplan
the.real.hadriel at gmail.com
Thu Aug 27 14:57:33 UTC 2015
Do you plan to *use* all of those algorithms?
Because if not, I'd say cull them down to only what you plan to use.
In fact, I'd suggest we get rid of the ones currently defined in the
draft, but I'll send a separate email about that.
Also, a small nit, but instead of saying "non-mutable fields" and to
ignore the block type/length and options and all that - just say it
covers "the Packet Data field only, not including padding".
-hadriel
On Thu, Aug 27, 2015 at 2:15 AM, Michael Haney <michael-haney at utulsa.edu> wrote:
> I'd like to propose the following to modify the Hash Option for the EPB:
>
> Name: epb_hash
> Code: 3
> Length: variable
> Description:
>
> This option contains a hash or message digest of the Enhanced Packet Block
> non-mutable fields. The first two bytes (16 bits) of the option value
> specify
> the hashing algorithm. The second two bytes (16 bits) specificy algorithm-
> specific options. At bit offset 32, the actual hash value is contained,
> whose
> size depends on the hashing algorithm. Note that the option length is the
> hash
> value length + 32. If a hashing algorithm produces a message digest that is
> not
> 32-bit aligned, the value should be padded with zeros. Hashing algorithm
> values
> and options are shown in the table. Unless otherwise noted in an algorithm
> option (i.e. any combination of 32 flags could be set to specify hash
> options)
> the message digest will be taken of the body of the Enhanced Packet Block,
> excluding the block header and footer and any options. This will allow the
> hash
> of the original captured packet, including its timestamp and other fixed
> values,
> and still allow for options to be added, removed, or reordered as the packet
> block is processed.
>
> TABLE:
> Algorithm Code Option Digest Size Option Length (bytes)
> 2’s comp. 0x0000 0x0000 packet size pkt size + 4
> XOR (LRC32) 0x0001 0x0000 4 bytes 0x0008
> CRC32 0x0002 0x0000 4 bytes 0x0008
> MD5 0x0003 0x0000 128-bit 0x0014
> SHA-1 0x0004 0x0000 160-bit 0x0018
> RIPEMD 0x0005 0x0000 160-bit 0x0018
> SHA-2 0x0006 0x0001 224-bit 0x0020
> SHA-2 0x0006 0x0002 256-bit 0x0024
> SHA-2 0x0006 0x0003 384-bit 0x0034
> SHA-2 0x0006 0x0004 512-bit 0x0044
> Whirlpool 0x0007 0x0000 512-bit 0x0044
> SHA-3 0x0008 0x0001 512-bit 0x0044
> HMAC-MD5 0x0103 0x0000 128-bit 0x0044
> HMAC-SHA-1 0x0104 0x0000 160-bit 0x0018
> HMAC-SHA-2 0x0106 0x0001 224-bit 0x0020
> HMAC-SHA-2 0x0106 0x0002 256-bit 0x0024
> HMAC-Whirlpool 0x0107 0x0000 512-bit 0x0044
> MAC-SHA-3 0x0108 0x0000 512-bit 0x0044
>
> <artwork>
> / /
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> | epb_hash_code = 0x0003 | option length (var) = 0x0024 |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> | Hash Algorithm = 0x0006 (SHA2)| Hash Alg Opts = 0x0002 (256b) |
> +---------------------------------------------------------------+
> / /
> / /
> / Hash value (variable e.g. 256-bits) /
> / /
> / /
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> / /
> / Other Options (variable) /
> / /
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> | end_of_options = 0x0000 | options_length = 0x0000 |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> | Block Total Length |
> +---------------------------------------------------------------+
> </artwork>
>
> Regards,
> Michael
>
> _______________________________________________
> pcap-ng-format mailing list
> pcap-ng-format at winpcap.org
> https://www.winpcap.org/mailman/listinfo/pcap-ng-format
More information about the pcap-ng-format
mailing list