Using Authenticated Encryption Algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) Protocol
RFC 5282
Document | Type |
RFC - Proposed Standard
(August 2008; Errata)
Updates RFC 4306
Was draft-black-ipsec-ikev2-aead-modes (individual in sec area)
|
|
---|---|---|---|
Authors | David Black , David McGrew | ||
Last updated | 2020-01-21 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized with errata bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 5282 (Proposed Standard) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Tim Polk | ||
Send notices to | (None) |
Network Working Group D. Black Request for Comments: 5282 EMC Updates: 4306 D. McGrew Category: Standards Track August 2008 Using Authenticated Encryption Algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) Protocol Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract An authenticated encryption algorithm combines encryption and integrity into a single operation; such algorithms may also be referred to as combined modes of an encryption cipher or as combined mode algorithms. This document describes the use of authenticated encryption algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) protocol. The use of two specific authenticated encryption algorithms with the IKEv2 Encrypted Payload is also described; these two algorithms are the Advanced Encryption Standard (AES) in Galois/Counter Mode (AES GCM) and AES in Counter with CBC-MAC Mode (AES CCM). Additional documents may describe the use of other authenticated encryption algorithms with the IKEv2 Encrypted Payload. Black & McGrew Standards Track [Page 1] RFC 5282 Authenticated Encryption and IKEv2 August 2008 Table of Contents 1. Introduction ....................................................3 1.1. Conventions Used in This Document ..........................3 2. Structure of this Document ......................................4 3. IKEv2 Encrypted Payload Data ....................................4 3.1. AES GCM and AES CCM Initialization Vector (IV) .............6 3.2. AES GCM and AES CCM Ciphertext (C) Construction ............6 4. AES GCM and AES CCM Nonce (N) Format ............................7 5. IKEv2 Associated Data (A) .......................................8 5.1. Associated Data (A) Construction ...........................8 5.2. Data Integrity Coverage ....................................8 6. AES GCM and AES CCM Encrypted Payload Expansion .................9 7. IKEv2 Conventions for AES GCM and AES CCM .......................9 7.1. Keying Material and Salt Values ............................9 7.2. IKEv2 Identifiers .........................................10 7.3. Key Length ................................................10 8. IKEv2 Algorithm Selection ......................................11 9. Test Vectors ...................................................11 10. RFC 5116 AEAD_* Algorithms ....................................11 10.1. AES GCM Algorithms with 8- and 12-octet ICVs .............12 10.1.1. AEAD_AES_128_GCM_8 ................................12 10.1.2. AEAD_AES_256_GCM_8 ................................12 10.1.3. AEAD_AES_128_GCM_12 ...............................12 10.1.4. AEAD_AES_256_GCM_12 ...............................12 10.2. AES CCM Algorithms with an 11-octet Nonce ................13 10.2.1. AEAD_AES_128_CCM_SHORT ............................13 10.2.2. AEAD_AES_256_CCM_SHORT ............................14 10.2.3. AEAD_AES_128_CCM_SHORT_8 ..........................14 10.2.4. AEAD_AES_256_CCM_SHORT_8 ..........................14 10.2.5. AEAD_AES_128_CCM_SHORT_12 .........................14 10.2.6. AEAD_AES_256_CCM_SHORT_12 .........................14 10.3. AEAD_* Algorithms and IKEv2 ..............................15 11. Security Considerations .......................................15 12. IANA Considerations ...........................................16 13. Acknowledgments ...............................................16 14. References ....................................................17 14.1. Normative References .....................................17 14.2. Informative References ...................................17 Black & McGrew Standards Track [Page 2] RFC 5282 Authenticated Encryption and IKEv2 August 2008 1. Introduction An authenticated encryption algorithm combines encryption and integrity into a single operation on plaintext data to produce ciphertext that includes an integrity check [RFC5116]. The integrity check may be an Integrity Check Value (ICV) that is logically distinct from the encrypted data, or the integrity check may beShow full document text