datatracker.ietf.org
Sign in
Version 5.3.0, 2014-04-12
Report a bug

Using Authenticated Encryption Algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) Protocol
RFC 5282

Document type: RFC - Proposed Standard (August 2008; Errata)
Updates RFC 4306
Was draft-black-ipsec-ikev2-aead-modes (individual in sec area)
Document stream: IETF
Last updated: 2013-04-27
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 5282 (Proposed Standard)
Responsible AD: Tim Polk
Send notices to: black_david@emc.com, mcgrew@cisco.com, draft-black-ipsec-ikev2-aead-modes@tools.ietf.org

Network Working Group                                           D. Black
Request for Comments: 5282                                           EMC
Updates: 4306                                                  D. McGrew
Category: Standards Track                                    August 2008

  Using Authenticated Encryption Algorithms with the Encrypted Payload
        of the Internet Key Exchange version 2 (IKEv2) Protocol

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Abstract

   An authenticated encryption algorithm combines encryption and
   integrity into a single operation; such algorithms may also be
   referred to as combined modes of an encryption cipher or as combined
   mode algorithms.  This document describes the use of authenticated
   encryption algorithms with the Encrypted Payload of the Internet Key
   Exchange version 2 (IKEv2) protocol.

   The use of two specific authenticated encryption algorithms with the
   IKEv2 Encrypted Payload is also described; these two algorithms are
   the Advanced Encryption Standard (AES) in Galois/Counter Mode (AES
   GCM) and AES in Counter with CBC-MAC Mode (AES CCM).  Additional
   documents may describe the use of other authenticated encryption
   algorithms with the IKEv2 Encrypted Payload.

Black & McGrew              Standards Track                     [Page 1]
RFC 5282           Authenticated Encryption and IKEv2        August 2008

Table of Contents

   1. Introduction ....................................................3
      1.1. Conventions Used in This Document ..........................3
   2. Structure of this Document ......................................4
   3. IKEv2 Encrypted Payload Data ....................................4
      3.1. AES GCM and AES CCM Initialization Vector (IV) .............6
      3.2. AES GCM and AES CCM Ciphertext (C) Construction ............6
   4. AES GCM and AES CCM Nonce (N) Format ............................7
   5. IKEv2 Associated Data (A) .......................................8
      5.1. Associated Data (A) Construction ...........................8
      5.2. Data Integrity Coverage ....................................8
   6. AES GCM and AES CCM Encrypted Payload Expansion .................9
   7. IKEv2 Conventions for AES GCM and AES CCM .......................9
      7.1. Keying Material and Salt Values ............................9
      7.2. IKEv2 Identifiers .........................................10
      7.3. Key Length ................................................10
   8. IKEv2 Algorithm Selection ......................................11
   9. Test Vectors ...................................................11
   10. RFC 5116 AEAD_* Algorithms ....................................11
      10.1. AES GCM Algorithms with 8- and 12-octet ICVs .............12
           10.1.1. AEAD_AES_128_GCM_8 ................................12
           10.1.2. AEAD_AES_256_GCM_8 ................................12
           10.1.3. AEAD_AES_128_GCM_12 ...............................12
           10.1.4. AEAD_AES_256_GCM_12 ...............................12
      10.2. AES CCM Algorithms with an 11-octet Nonce ................13
           10.2.1. AEAD_AES_128_CCM_SHORT ............................13
           10.2.2. AEAD_AES_256_CCM_SHORT ............................14
           10.2.3. AEAD_AES_128_CCM_SHORT_8 ..........................14
           10.2.4. AEAD_AES_256_CCM_SHORT_8 ..........................14
           10.2.5. AEAD_AES_128_CCM_SHORT_12 .........................14
           10.2.6. AEAD_AES_256_CCM_SHORT_12 .........................14
      10.3. AEAD_* Algorithms and IKEv2 ..............................15
   11. Security Considerations .......................................15
   12. IANA Considerations ...........................................16
   13. Acknowledgments ...............................................16
   14. References ....................................................17
      14.1. Normative References .....................................17
      14.2. Informative References ...................................17

Black & McGrew              Standards Track                     [Page 2]
RFC 5282           Authenticated Encryption and IKEv2        August 2008

1.  Introduction

   An authenticated encryption algorithm combines encryption and
   integrity into a single operation on plaintext data to produce
   ciphertext that includes an integrity check [RFC5116].  The integrity

[include full document text]