datatracker.ietf.org
Sign in
Version 5.4.0, 2014-04-22
Report a bug

The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH
RFC 4543

Document type: RFC - Proposed Standard (May 2006; Errata)
Was draft-mcgrew-aes-gmac-esp (individual in sec area)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4543 (Proposed Standard)
Responsible AD: Russ Housley
Send notices to: mcgrew@cisco.com, john@viega.org

Network Working Group                                          D. McGrew
Request for Comments: 4543                           Cisco Systems, Inc.
Category: Standards Track                                       J. Viega
                                                            McAfee, Inc.
                                                                May 2006

        The Use of Galois Message Authentication Code (GMAC) in
                            IPsec ESP and AH

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This memo describes the use of the Advanced Encryption Standard (AES)
   Galois Message Authentication Code (GMAC) as a mechanism to provide
   data origin authentication, but not confidentiality, within the IPsec
   Encapsulating Security Payload (ESP) and Authentication Header (AH).
   GMAC is based on the Galois/Counter Mode (GCM) of operation, and can
   be efficiently implemented in hardware for speeds of 10 gigabits per
   second and above, and is also well-suited to software
   implementations.

McGrew & Viega              Standards Track                     [Page 1]
RFC 4543                GMAC in IPsec ESP and AH                May 2006

Table of Contents

   1. Introduction ....................................................2
      1.1. Conventions Used in This Document ..........................3
   2. AES-GMAC ........................................................3
   3. The Use of AES-GMAC in ESP ......................................3
      3.1. Initialization Vector ......................................4
      3.2. Nonce Format ...............................................4
      3.3. AAD Construction ...........................................5
      3.4. Integrity Check Value (ICV) ................................6
      3.5. Differences with AES-GCM-ESP ...............................6
      3.6. Packet Expansion ...........................................7
   4. The Use of AES-GMAC in AH .......................................7
   5. IKE Conventions .................................................8
      5.1. Phase 1 Identifier .........................................8
      5.2. Phase 2 Identifier .........................................8
      5.3. Key Length Attribute .......................................9
      5.4. Keying Material and Salt Values ............................9
   6. Test Vectors ....................................................9
   7. Security Considerations ........................................10
   8. Design Rationale ...............................................11
   9. IANA Considerations ............................................11
   10. Acknowledgements ..............................................11
   11. References ....................................................12
      11.1. Normative References .....................................12
      11.2. Informative References ...................................12
1.  Introduction

   This document describes the use of AES-GMAC mode (AES-GMAC) as a
   mechanism for data origin authentication in ESP [RFC4303] and AH
   [RFC4302].  We refer to these methods as ENCR_NULL_AUTH_AES_GMAC and
   AUTH_AES_GMAC, respectively.  ENCR_NULL_AUTH_AES_GMAC is a companion
   to the AES Galois/Counter Mode ESP [RFC4106], which provides
   authentication as well as confidentiality.  ENCR_NULL_AUTH_AES_GMAC
   is intended for cases in which confidentiality is not desired.  Like
   GCM, GMAC is efficient and secure, and is amenable to high-speed
   implementations in hardware.  ENCR_NULL_AUTH_AES_GMAC and
   AUTH_AES_GMAC are designed so that the incremental cost of
   implementation, given an implementation is AES-GCM-ESP, is small.

   This document does not cover implementation details of GCM or GMAC.
   Those details can be found in [GCM], along with test vectors.

McGrew & Viega              Standards Track                     [Page 2]
RFC 4543                GMAC in IPsec ESP and AH                May 2006

1.1.  Conventions Used in This Document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

[include full document text]