I'm trying to implement IPSEC in the form of ESP in transport mode with using aes in galois/counter mode, according to RFC4106.
I'm supposed to put the initialization vector just before the ciphertext in the transformed packet.
Should it be part of the authenticated (but non-encrypted) data? (I'm assuming that you don't encrypt it...)
I can't see where the RFC specifies this. Should it be obvious and if so why?
Apparently both of the obvious answers are right.
According to RFC 4543 which specifies ENCR_NULL_AUTH_AES_GMAC (authentication without encryption), you include the IV.
However the same RFC says that for AES-GCM-ESP (encryption and authentication), you don't.
Armed with this information, it's now clear that that's what RFC 4106 (which actually specifies AES-GCM-ESP) says as well, although that wasn't how I interpreted it at first.