Using Authenticated Encryption Algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) Protocol
RFC 5282
| Document | Type |
RFC - Proposed Standard
(August 2008; Errata)
Updates RFC 4306
Was draft-black-ipsec-ikev2-aead-modes (individual in sec area)
|
|
|---|---|---|---|
| Last updated | 2020-01-21 | ||
| Stream | IETF | ||
| Formats | plain text html pdf htmlized with errata bibtex | ||
| Reviews | |||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 5282 (Proposed Standard) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Tim Polk | ||
| Send notices to | (None) | ||
Network Working Group D. Black
Request for Comments: 5282 EMC
Updates: 4306 D. McGrew
Category: Standards Track August 2008
Using Authenticated Encryption Algorithms with the Encrypted Payload
of the Internet Key Exchange version 2 (IKEv2) Protocol
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Abstract
An authenticated encryption algorithm combines encryption and
integrity into a single operation; such algorithms may also be
referred to as combined modes of an encryption cipher or as combined
mode algorithms. This document describes the use of authenticated
encryption algorithms with the Encrypted Payload of the Internet Key
Exchange version 2 (IKEv2) protocol.
The use of two specific authenticated encryption algorithms with the
IKEv2 Encrypted Payload is also described; these two algorithms are
the Advanced Encryption Standard (AES) in Galois/Counter Mode (AES
GCM) and AES in Counter with CBC-MAC Mode (AES CCM). Additional
documents may describe the use of other authenticated encryption
algorithms with the IKEv2 Encrypted Payload.
Black & McGrew Standards Track [Page 1]
RFC 5282 Authenticated Encryption and IKEv2 August 2008
Table of Contents
1. Introduction ....................................................3
1.1. Conventions Used in This Document ..........................3
2. Structure of this Document ......................................4
3. IKEv2 Encrypted Payload Data ....................................4
3.1. AES GCM and AES CCM Initialization Vector (IV) .............6
3.2. AES GCM and AES CCM Ciphertext (C) Construction ............6
4. AES GCM and AES CCM Nonce (N) Format ............................7
5. IKEv2 Associated Data (A) .......................................8
5.1. Associated Data (A) Construction ...........................8
5.2. Data Integrity Coverage ....................................8
6. AES GCM and AES CCM Encrypted Payload Expansion .................9
7. IKEv2 Conventions for AES GCM and AES CCM .......................9
7.1. Keying Material and Salt Values ............................9
7.2. IKEv2 Identifiers .........................................10
7.3. Key Length ................................................10
8. IKEv2 Algorithm Selection ......................................11
9. Test Vectors ...................................................11
10. RFC 5116 AEAD_* Algorithms ....................................11
10.1. AES GCM Algorithms with 8- and 12-octet ICVs .............12
10.1.1. AEAD_AES_128_GCM_8 ................................12
10.1.2. AEAD_AES_256_GCM_8 ................................12
10.1.3. AEAD_AES_128_GCM_12 ...............................12
10.1.4. AEAD_AES_256_GCM_12 ...............................12
10.2. AES CCM Algorithms with an 11-octet Nonce ................13
10.2.1. AEAD_AES_128_CCM_SHORT ............................13
10.2.2. AEAD_AES_256_CCM_SHORT ............................14
10.2.3. AEAD_AES_128_CCM_SHORT_8 ..........................14
10.2.4. AEAD_AES_256_CCM_SHORT_8 ..........................14
10.2.5. AEAD_AES_128_CCM_SHORT_12 .........................14
10.2.6. AEAD_AES_256_CCM_SHORT_12 .........................14
10.3. AEAD_* Algorithms and IKEv2 ..............................15
11. Security Considerations .......................................15
12. IANA Considerations ...........................................16
13. Acknowledgments ...............................................16
14. References ....................................................17
14.1. Normative References .....................................17
14.2. Informative References ...................................17
Black & McGrew Standards Track [Page 2]
RFC 5282 Authenticated Encryption and IKEv2 August 2008
1. Introduction
An authenticated encryption algorithm combines encryption and
integrity into a single operation on plaintext data to produce
ciphertext that includes an integrity check [RFC5116]. The integrity
check may be an Integrity Check Value (ICV) that is logically
distinct from the encrypted data, or the integrity check may be
Show full document text