datatracker.ietf.org
Sign in
Version 5.6.4.p1, 2014-10-20
Report a bug

AES-CCM Cipher Suites for Transport Layer Security (TLS)
RFC 6655

Internet Engineering Task Force (IETF)                         D. McGrew
Request for Comments: 6655                                 Cisco Systems
Category: Standards Track                                      D. Bailey
ISSN: 2070-1721                            RSA, Security Division of EMC
                                                               July 2012

        AES-CCM Cipher Suites for Transport Layer Security (TLS)

Abstract

   This memo describes the use of the Advanced Encryption Standard (AES)
   in the Counter with Cipher Block Chaining - Message Authentication
   Code (CBC-MAC) Mode (CCM) of operation within Transport Layer
   Security (TLS) and Datagram TLS (DTLS) to provide confidentiality and
   data origin authentication.  The AES-CCM algorithm is amenable to
   compact implementations, making it suitable for constrained
   environments.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc6655.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

McGrew & Bailey              Standards Track                    [Page 1]
RFC 6655                  AES-CCM Ciphersuites                 July 2012

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 2
   2.  Conventions Used in This Document . . . . . . . . . . . . . . . 3
   3.  RSA-Based AES-CCM Cipher Suites . . . . . . . . . . . . . . . . 3
   4.  PSK-Based AES-CCM Cipher Suites . . . . . . . . . . . . . . . . 5
   5.  TLS Versions  . . . . . . . . . . . . . . . . . . . . . . . . . 5
   6.  New AEAD Algorithms . . . . . . . . . . . . . . . . . . . . . . 5
     6.1.  AES-128-CCM with an 8-Octet Integrity Check Value (ICV) . . 6
     6.2.  AES-256-CCM with a 8-Octet Integrity Check Value (ICV)  . . 6
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6
   8.  Security Considerations . . . . . . . . . . . . . . . . . . . . 6
     8.1.  Perfect Forward Secrecy . . . . . . . . . . . . . . . . . . 6
     8.2.  Counter Reuse . . . . . . . . . . . . . . . . . . . . . . . 6
   9.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . 7
   10. References  . . . . . . . . . . . . . . . . . . . . . . . . . . 7
     10.1. Normative References  . . . . . . . . . . . . . . . . . . . 7
     10.2. Informative References  . . . . . . . . . . . . . . . . . . 8

1.  Introduction

   This document describes the use of Advanced Encryption Standard (AES)
   [AES] in Counter with CBC-MAC Mode (CCM) [CCM] in several TLS
   ciphersuites.  AES-CCM provides both authentication and
   confidentiality and uses as its only primitive the AES encrypt
   operation (the AES decrypt operation is not needed).  This makes it
   amenable to compact implementations, which is advantageous in
   constrained environments.  Of course, adoption outside of constrained
   environments is necessary to enable interoperability, such as that
   between web clients and embedded servers or between embedded clients
   and web servers.  The use of AES-CCM has been specified for IPsec
   Encapsulating Security Payload (ESP) [RFC4309] and 802.15.4 wireless
   networks [IEEE802154].

   Authenticated encryption, in addition to providing confidentiality
   for the plaintext that is encrypted, provides a way to check its
   integrity and authenticity.  Authenticated Encryption with Associated
   Data, or AEAD [RFC5116], adds the ability to check the integrity and
   authenticity of some associated data that is not encrypted.  This
   document utilizes the AEAD facility within TLS 1.2 [RFC5246] and the
   AES-CCM-based AEAD algorithms defined in [RFC5116].  Additional AEAD
   algorithms are defined that use AES-CCM but have shorter

[include full document text]