The AES-CBC Cipher Algorithm and Its Use with IPsec
RFC 3602
Document Type RFC - Proposed Standard (September 2003; No errata)
Authors Sheila Frankel  , K. Glenn  , Scott Kelly 
Last updated 2015-10-14
Stream IETF
Formats plain text html pdf htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 3602 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Russ Housley
Send notices to (None)
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                                         S. Frankel
Request for Comments: 3602                                      R. Glenn
Category: Standards Track                                           NIST
                                                                S. Kelly
                                                               Airespace
                                                          September 2003

          The AES-CBC Cipher Algorithm and Its Use with IPsec

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   This document describes the use of the Advanced Encryption Standard
   (AES) Cipher Algorithm in Cipher Block Chaining (CBC) Mode, with an
   explicit Initialization Vector (IV), as a confidentiality mechanism
   within the context of the IPsec Encapsulating Security Payload (ESP).

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2
       1.1.  Specification of Requirements. . . . . . . . . . . . . .  3
   2.  The AES Cipher Algorithm . . . . . . . . . . . . . . . . . . .  3
       2.1.  Mode . . . . . . . . . . . . . . . . . . . . . . . . . .  3
       2.2.  Key Size and Number of Rounds. . . . . . . . . . . . . .  4
       2.3.  Weak Keys. . . . . . . . . . . . . . . . . . . . . . . .  4
       2.4.  Block Size and Padding . . . . . . . . . . . . . . . . .  4
       2.5.  Additional Information . . . . . . . . . . . . . . . . .  4
       2.6.  Performance. . . . . . . . . . . . . . . . . . . . . . .  5
   3.  ESP Payload  . . . . . . . . . . . . . . . . . . . . . . . . .  5
       3.1.  ESP Algorithmic Interactions . . . . . . . . . . . . . .  6
       3.2.  Keying Material. . . . . . . . . . . . . . . . . . . . .  6
   4.  Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . .  6
   5.  IKE Interactions . . . . . . . . . . . . . . . . . . . . . . . 10
       5.1.  Phase 1 Identifier . . . . . . . . . . . . . . . . . . . 10
       5.2.  Phase 2 Identifier . . . . . . . . . . . . . . . . . . . 10
       5.3.  Key Length Attribute . . . . . . . . . . . . . . . . . . 10

Frankel, et al.             Standards Track                     [Page 1]
RFC 3602        AES-CBC Cipher Algorithm Use with IPsec   September 2003

       5.4.  Hash Algorithm Considerations. . . . . . . . . . . . . . 10
   6.  Security Considerations  . . . . . . . . . . . . . . . . . . . 11
   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 11
   8.  Intellectual Property Rights Statement . . . . . . . . . . . . 11
   9.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 12
       9.1.  Normative References . . . . . . . . . . . . . . . . . . 12
       9.2.  Informative References . . . . . . . . . . . . . . . . . 12
   10. Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 13
   11. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 14
   12. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 15

1.  Introduction

   As the culmination of a four-year competitive process, NIST (the
   National Institute of Standards and Technology) has selected the AES
   (Advanced Encryption Standard), the successor to the venerable DES
   (Data Encryption Standard).  The competition was an open one, with
   public participation and comment solicited at each step of the
   process.  The AES [AES], formerly known as Rijndael, was chosen from
   a field of five finalists.

   The AES selection was made on the basis of several characteristics:

      +  security

      +  unclassified

      +  publicly disclosed

      +  available royalty-free, worldwide

      +  capable of handling a block size of at least 128 bits

      +  at a minimum, capable of handling key sizes of 128, 192, and
         256 bits

      +  computational efficiency and memory requirements on a variety
         of software and hardware, including smart cards

      +  flexibility, simplicity and ease of implementation

   The AES will be the government's designated encryption cipher.  The
   expectation is that the AES will suffice to protect sensitive
   (unclassified) government information until at least the next
   century.  It is also expected to be widely adopted by businesses and
   financial institutions.

Frankel, et al.             Standards Track                     [Page 2]
RFC 3602        AES-CBC Cipher Algorithm Use with IPsec   September 2003

   It is the intention of the IETF IPsec Working Group that AES will
   eventually be adopted as the default IPsec ESP cipher and will obtain
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools