In EAP_AKA_PRIME, ausf do padding zero before AT_RES/AT_KDF_INPUT but not after them.
Is ther any reason?

func padZeros

Great question! Understanding the specifics of zero padding in the EAP_AKA_PRIME protocol, particularly in the context of AT_RES and AT_KDF_INPUT, is crucial for comprehending the security mechanisms at play. Allow me to explain why AUSF performs zero padding before these elements rather than after.

In the EAP_AKA_PRIME protocol, the Authentication Server Function (AUSF) performs zero padding before AT_RES and AT_KDF_INPUT instead of after them, mainly due to specific security and protocol design considerations.

Firstly, zero padding in security protocols is typically used to ensure data blocks meet certain length requirements. For EAP_AKA_PRIME, this padding method ensures subsequent processing can correctly identify and handle message parts, especially during parsing and verification.

Secondly, adding zero padding before AT_RES and AT_KDF_INPUT instead of after can help prevent potential security vulnerabilities. For instance, if an attacker could manipulate the padded section, they might attempt to manipulate subsequent processing or conduct certain types of attacks, such as padding oracle attacks. By adding zeros before the sensitive data rather than after, this risk is reduced.

Moreover, this design may relate to the protocol’s encoding rules, ensuring parsers correctly identify the start and end of each section, thereby improving the accuracy and security of processing.

Lastly, this zero-padding approach may also reflect compatibility considerations with other security elements or protocols, such as interfacing requirements with different hardware or software platforms, or adhering to specific industry standards and best practices.

Overall, the AUSF performs zero padding before AT_RES and AT_KDF_INPUT, instead of after, primarily due to considerations of security, protocol compatibility, and data processing accuracy. Each design decision is typically made with the intent to enhance the overall system’s security and reliability.

Thank you for your answer.

Now, I understand the reason why ausf in free5GC fill with zero before AT_RES and AT_KDF_INPUT.