The Advanced Encryption Standard-Cipher-based Message Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128) Algorithm for the Internet Key Exchange Protocol (IKE) RFC 4615
Network Working Group J. Song
Request for Comments: 4615 R. Poovendran
Category: Standards Track University of Washington
J. Lee
Samsung Electronics
T. Iwata
Nagoya University
August 2006
The Advanced Encryption Standard-Cipher-based
Message Authentication Code-Pseudo-Random Function-128
(AES-CMAC-PRF-128) Algorithm for the
Internet Key Exchange Protocol (IKE)
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2006).
Abstract
Some implementations of IP Security (IPsec) may want to use a
pseudo-random function (PRF) based on the Advanced Encryption
Standard (AES). This memo describes such an algorithm, called
AES-CMAC-PRF-128. It supports fixed and variable key sizes.
Table of Contents
1. Introduction ....................................................2
2. Basic Definitions ...............................................2
3. The AES-CMAC-PRF-128 Algorithm ..................................2
4. Test Vectors ....................................................4
5. Security Considerations .........................................4
6. IANA Considerations .............................................5
7. Acknowledgements ................................................5
8. References ......................................................5
8.1. Normative References .......................................5
8.2. Informative References .....................................5
Song, et al. Standards Track [Page 1]RFC 4615 AES-CMAC-PRF-128 for IKE August 20061. Introduction
[RFC4493] describes a method to use the Advanced Encryption Standard
(AES) as a Message Authentication Code (MAC) that has a 128-bit
output length. The 128-bit output is useful as a long-lived pseudo-
random function (PRF). This document specifies a PRF that supports
fixed and variable key sizes for IKEv2 [RFC4306] Key Derivation
Function (KDF) and authentication.
2. Basic Definitions
VK Variable-length key for AES-CMAC-PRF-128, denoted
by VK.
0^128 The string that consists of 128 zero-bits, which is
equivalent to 0x00000000000000000000000000000000 in
hexadecimal notation.
AES-CMAC The AES-CMAC algorithm with a 128-bit long key described
in section 2.4 of [RFC4493].
3. The AES-CMAC-PRF-128 Algorithm
The AES-CMAC-PRF-128 algorithm is identical to AES-CMAC defined in
[RFC4493] except that the 128-bit key length restriction is removed.
IKEv2 [RFC4306] uses PRFs for multiple purposes, most notably for
generating keying material and authentication of the IKE_SA. The
IKEv2 specification differentiates between PRFs with fixed key sizes
and those with variable key sizes.
When using AES-CMAC-PRF-128 as the PRF described in IKEv2, AES-CMAC-
PRF-128 is considered to take fixed size (16 octets) keys for
generating keying material but it takes variable key sizes for
authentication.
That is, when generating keying material, "half the bits must come
from Ni and half from Nr, taking the first bits of each" as described
in IKEv2, section 2.14; but for authenticating with shared secrets
(IKEv2, section 2.16), the shared secret does not have to be 16
octets and the length may vary.
Song, et al. Standards Track [Page 2]RFC 4615 AES-CMAC-PRF-128 for IKE August 2006
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ AES-CMAC-PRF-128 +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +
+ Input : VK (Variable-length key) +
datatracker.ietf.org