The Advanced Encryption Standard-Cipher-based Message Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128) Algorithm for the Internet Key Exchange Protocol (IKE)
RFC 4615
Document | Type |
RFC - Proposed Standard
(August 2006; No errata)
Was draft-songlee-aes-cmac-prf-128 (individual in sec area)
|
|
---|---|---|---|
Authors | Junhyuk Song , Tetsu Iwata , Jicheol Lee , Radha Poovendran | ||
Last updated | 2015-10-14 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4615 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Russ Housley | ||
Send notices to | santajunman@hanafos.com |
Network Working Group J. Song Request for Comments: 4615 R. Poovendran Category: Standards Track University of Washington J. Lee Samsung Electronics T. Iwata Nagoya University August 2006 The Advanced Encryption Standard-Cipher-based Message Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128) Algorithm for the Internet Key Exchange Protocol (IKE) Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). Abstract Some implementations of IP Security (IPsec) may want to use a pseudo-random function (PRF) based on the Advanced Encryption Standard (AES). This memo describes such an algorithm, called AES-CMAC-PRF-128. It supports fixed and variable key sizes. Table of Contents 1. Introduction ....................................................2 2. Basic Definitions ...............................................2 3. The AES-CMAC-PRF-128 Algorithm ..................................2 4. Test Vectors ....................................................4 5. Security Considerations .........................................4 6. IANA Considerations .............................................5 7. Acknowledgements ................................................5 8. References ......................................................5 8.1. Normative References .......................................5 8.2. Informative References .....................................5 Song, et al. Standards Track [Page 1] RFC 4615 AES-CMAC-PRF-128 for IKE August 2006 1. Introduction [RFC4493] describes a method to use the Advanced Encryption Standard (AES) as a Message Authentication Code (MAC) that has a 128-bit output length. The 128-bit output is useful as a long-lived pseudo- random function (PRF). This document specifies a PRF that supports fixed and variable key sizes for IKEv2 [RFC4306] Key Derivation Function (KDF) and authentication. 2. Basic Definitions VK Variable-length key for AES-CMAC-PRF-128, denoted by VK. 0^128 The string that consists of 128 zero-bits, which is equivalent to 0x00000000000000000000000000000000 in hexadecimal notation. AES-CMAC The AES-CMAC algorithm with a 128-bit long key described in section 2.4 of [RFC4493]. 3. The AES-CMAC-PRF-128 Algorithm The AES-CMAC-PRF-128 algorithm is identical to AES-CMAC defined in [RFC4493] except that the 128-bit key length restriction is removed. IKEv2 [RFC4306] uses PRFs for multiple purposes, most notably for generating keying material and authentication of the IKE_SA. The IKEv2 specification differentiates between PRFs with fixed key sizes and those with variable key sizes. When using AES-CMAC-PRF-128 as the PRF described in IKEv2, AES-CMAC- PRF-128 is considered to take fixed size (16 octets) keys for generating keying material but it takes variable key sizes for authentication. That is, when generating keying material, "half the bits must come from Ni and half from Nr, taking the first bits of each" as described in IKEv2, section 2.14; but for authenticating with shared secrets (IKEv2, section 2.16), the shared secret does not have to be 16 octets and the length may vary. Song, et al. Standards Track [Page 2] RFC 4615 AES-CMAC-PRF-128 for IKE August 2006 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + AES-CMAC-PRF-128 + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + Input : VK (Variable-length key) + + : M (Message, i.e., the input data of the PRF) + + : VKlen (length of VK in octets) + + : len (length of M in octets) + + Output : PRV (128-bit Pseudo-Random Variable) +Show full document text