The AES-CBC Cipher Algorithm and Its Use with IPsec
RFC 3602
Network Working Group S. Frankel
Request for Comments: 3602 R. Glenn
Category: Standards Track NIST
S. Kelly
Airespace
September 2003
The AES-CBC Cipher Algorithm and Its Use with IPsec
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract
This document describes the use of the Advanced Encryption Standard
(AES) Cipher Algorithm in Cipher Block Chaining (CBC) Mode, with an
explicit Initialization Vector (IV), as a confidentiality mechanism
within the context of the IPsec Encapsulating Security Payload (ESP).
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Specification of Requirements. . . . . . . . . . . . . . 3
2. The AES Cipher Algorithm . . . . . . . . . . . . . . . . . . . 3
2.1. Mode . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.2. Key Size and Number of Rounds. . . . . . . . . . . . . . 4
2.3. Weak Keys. . . . . . . . . . . . . . . . . . . . . . . . 4
2.4. Block Size and Padding . . . . . . . . . . . . . . . . . 4
2.5. Additional Information . . . . . . . . . . . . . . . . . 4
2.6. Performance. . . . . . . . . . . . . . . . . . . . . . . 5
3. ESP Payload . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.1. ESP Algorithmic Interactions . . . . . . . . . . . . . . 6
3.2. Keying Material. . . . . . . . . . . . . . . . . . . . . 6
4. Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . . 6
5. IKE Interactions . . . . . . . . . . . . . . . . . . . . . . . 10
5.1. Phase 1 Identifier . . . . . . . . . . . . . . . . . . . 10
5.2. Phase 2 Identifier . . . . . . . . . . . . . . . . . . . 10
5.3. Key Length Attribute . . . . . . . . . . . . . . . . . . 10
Frankel, et al. Standards Track [Page 1]
RFC 3602 AES-CBC Cipher Algorithm Use with IPsec September 2003
5.4. Hash Algorithm Considerations. . . . . . . . . . . . . . 10
6. Security Considerations . . . . . . . . . . . . . . . . . . . 11
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
8. Intellectual Property Rights Statement . . . . . . . . . . . . 11
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12
9.1. Normative References . . . . . . . . . . . . . . . . . . 12
9.2. Informative References . . . . . . . . . . . . . . . . . 12
10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13
11. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 14
12. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 15
1. Introduction
As the culmination of a four-year competitive process, NIST (the
National Institute of Standards and Technology) has selected the AES
(Advanced Encryption Standard), the successor to the venerable DES
(Data Encryption Standard). The competition was an open one, with
public participation and comment solicited at each step of the
process. The AES [AES], formerly known as Rijndael, was chosen from
a field of five finalists.
The AES selection was made on the basis of several characteristics:
+ security
+ unclassified
+ publicly disclosed
+ available royalty-free, worldwide
+ capable of handling a block size of at least 128 bits
+ at a minimum, capable of handling key sizes of 128, 192, and
256 bits
+ computational efficiency and memory requirements on a variety
of software and hardware, including smart cards
+ flexibility, simplicity and ease of implementation
The AES will be the government's designated encryption cipher. The
expectation is that the AES will suffice to protect sensitive
(unclassified) government information until at least the next
century. It is also expected to be widely adopted by businesses and
financial institutions.
Frankel, et al. Standards Track [Page 2]
RFC 3602 AES-CBC Cipher Algorithm Use with IPsec September 2003
It is the intention of the IETF IPsec Working Group that AES will
eventually be adopted as the default IPsec ESP cipher and will obtain
Show full document text