Browse Prior Art Database

The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec (RFC3566)

IP.com Disclosure Number: IPCOM000019459D
Original Publication Date: 2003-Sep-01
Included in the Prior Art Database: 2003-Sep-16
Document File: 12 page(s) / 25K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

S. Frankel: AUTHOR [+2]

Abstract

A Message Authentication Code (MAC) is a key-dependent one way hash function. One popular way to construct a MAC algorithm is to use a block cipher in conjunction with the Cipher-Block-Chaining (CBC) mode of operation. The classic CBC-MAC algorithm, while secure for messages of a pre-selected fixed length, has been shown to be insecure across messages of varying lengths such as the type found in typical IP datagrams. This memo specifies the use of AES in CBC mode with a set of extensions to overcome this limitation. This new algorithm is named AES-XCBC-MAC-96.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 14% of the total text.

Network Working Group S. Frankel

Request for Comments: 3566 NIST

Category: Standards Track H. Herbert

Intel

September 2003

The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2003). All Rights Reserved.

Abstract

A Message Authentication Code (MAC) is a key-dependent one way hash

function. One popular way to construct a MAC algorithm is to use a

block cipher in conjunction with the Cipher-Block-Chaining (CBC) mode

of operation. The classic CBC-MAC algorithm, while secure for

messages of a pre-selected fixed length, has been shown to be

insecure across messages of varying lengths such as the type found in

typical IP datagrams. This memo specifies the use of AES in CBC mode

with a set of extensions to overcome this limitation. This new

algorithm is named AES-XCBC-MAC-96.

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 2

2. Specification of Requirements . . . . . . . . . . . . . . 2

3. Basic CBC-MAC with Obligatory 10* Padding . . . . . . . . 3

4. AES-XCBC-MAC-96 . . . . . . . . . . . . . . . . . . . . . 3

4.1. Keying Material. . . . . . . . . . . . . . . . . . . 5

4.2. Padding . . . . . . . . . . . . . . . . . . . . . . 6

4.3. Truncation . . . . . . . . . . . . . . . . . . . . . 6

4.4. Interaction with the ESP Cipher Mechanism. . . . . . 6

4.5. Performance. . . . . . . . . . . . . . . . . . . . . 6

4.6. Test Vectors . . . . . . . . . . . . . . . . . . . . 7

5. Security Considerations . . . . . . . . . . . . . . . . . 8

6. IANA Considerations . . . . . . . . . . . . . . . . . . . 8

7. Intellectual Property Rights Statement . . . . . . . . . . 8

Frankel & Herbert Standards Track [Page 1]

RFC 3566 AES-XCBC-MAC-96 Algorithm September 2003

8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . 8

9. References . . . . . . . . . . . . . . . . . . . . . . . . 9

9.1. Normative References . . . . . . . . . . . . . . . . 9

9.2. Informative References . . . . . . . . . . . . . . . 9

10. Authors' Addresses . . . . . . . . . . . . . . . . . . . . 10

11. Full Copyright Statement . . . . . . . . . . . . . . . . . 11

1. Introduction

Message authentication provides data integrity and data origin

authentication with respect to the original message source. A

Message Authentication Code (MAC) is a key-dependent one way hash

function. One popular way to construct a MAC algorithm is to use a

block cipher in conjunction with the Cipher-Block-Chaining (CBC) mode

of operation. The classic CBC-MAC algorithm, while secure for

messages of a pre-selected fixed length [CBC-MAC-2], has been shown

to be insecure across messages of varying...