The ESP DES-CBC Transform
RFC 1829

Document Type RFC - Proposed Standard (August 1995; No errata)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 1829 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                            P. Karn
Request for Comments: 1829                                      Qualcomm
Category: Standards Track                                     P. Metzger
                                                                Piermont
                                                              W. Simpson
                                                              Daydreamer
                                                             August 1995

                       The ESP DES-CBC Transform

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Abstract

   This document describes the DES-CBC security transform for the IP
   Encapsulating Security Payload (ESP).

Table of Contents

     1.     Introduction ..........................................    1
        1.1       Keys ............................................    1
        1.2       Initialization Vector ...........................    1
        1.3       Data Size .......................................    2
        1.4       Performance .....................................    2

     2.     Payload Format ........................................    3

     3.     Algorithm .............................................    5
        3.1       Encryption ......................................    5
        3.2       Decryption ......................................    5

     SECURITY CONSIDERATIONS ......................................    6
     ACKNOWLEDGEMENTS .............................................    7
     REFERENCES ...................................................    8
     AUTHOR'S ADDRESS .............................................   10

Karn, Metzger & Simpson     Standards Track                     [Page i]


RFC 1829                      ESP DES-CBC                    August 1995

1.  Introduction

   The Encapsulating Security Payload (ESP) [RFC-1827] provides
   confidentiality for IP datagrams by encrypting the payload data to be
   protected.  This specification describes the ESP use of the Cipher
   Block Chaining (CBC) mode of the US Data Encryption Standard (DES)
   algorithm [FIPS-46, FIPS-46-1, FIPS-74, FIPS-81].

   All implementations that claim conformance or compliance with the
   Encapsulating Security Payload specification MUST implement this
   DES-CBC transform.

   This document assumes that the reader is familiar with the related
   document "Security Architecture for the Internet Protocol"
   [RFC-1825], which defines the overall security plan for IP, and
   provides important background for this specification.

1.1.  Keys

   The secret DES key shared between the communicating parties is eight
   octets in length.  This key consists of a 56-bit quantity used by the
   DES algorithm.  The 56-bit key is stored as a 64-bit (eight octet)
   quantity, with the least significant bit of each octet used as a
   parity bit.

1.2.  Initialization Vector

   This mode of DES requires an Initialization Vector (IV) that is eight
   octets in length.

   Each datagram contains its own IV.  Including the IV in each datagram
   ensures that decryption of each received datagram can be performed,
   even when other datagrams are dropped, or datagrams are re-ordered in
   transit.

   The method for selection of IV values is implementation dependent.

   Notes:
      A common acceptable technique is simply a counter, beginning with
      a randomly chosen value.  While this provides an easy method for
      preventing repetition, and is sufficiently robust for practical
      use, cryptanalysis may use the rare serendipitous occurrence when
      a corresponding bit position in the first DES block increments in
      exactly the same fashion.

Karn, Metzger & Simpson     Standards Track                     [Page 1]
RFC 1829                      ESP DES-CBC                    August 1995

      Other implementations exhibit unpredictability, usually through a
      pseudo-random number generator.  Care should be taken that the
      periodicity of the number generator is long enough to prevent
      repetition during the lifetime of the session key.

1.3.  Data Size

   The DES algorithm operates on blocks of eight octets.  This often
   requires padding after the end of the unencrypted payload data.

   Both input and output result in the same number of octets, which
   facilitates in-place encryption and decryption.

   On receipt, if the length of the data to be decrypted is not an
   integral multiple of eight octets, then an error is indicated, as
   described in [RFC-1825].

1.4.  Performance

   At the time of writing, at least one hardware implementation can
Show full document text