Hi, The RFC 4106 "The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)" doesn't explicitly state how are ESN octets distributed in the AAD.
Given that SPI and low-order 32 bits are coming from the actual packet and most likely occupy one cache line, I'd expect AAD to look like this to exploit cache locality and simplify processing: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SPI | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Low-order 32 bits (part of the packet) | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | High-order 32 bits (external memory buffer) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Could you please confirm or disconfirm this observation. Thanks in advance, Mike _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec