Browse Prior Art Database

Using Authenticated Encryption Algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) Protocol (RFC5282)

IP.com Disclosure Number: IPCOM000173736D
Original Publication Date: 2008-Aug-01
Included in the Prior Art Database: 2008-Aug-22
Document File: 20 page(s) / 42K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. Black: AUTHOR [+2]

Abstract

An authenticated encryption algorithm combines encryption and integrity into a single operation; such algorithms may also be referred to as combined modes of an encryption cipher or as combined mode algorithms. This document describes the use of authenticated encryption algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) protocol.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 6% of the total text.

Network Working Group                                           D. Black Request for Comments: 5282                                           EMC Updates: 4306                                                  D. McGrew Category: Standards Track                                    August 2008

   Using Authenticated Encryption Algorithms with the Encrypted Payload         of the Internet Key Exchange version 2 (IKEv2) Protocol

Status of This Memo

   This document specifies an Internet standards track protocol for the    Internet community, and requests discussion and suggestions for    improvements.  Please refer to the current edition of the "Internet    Official Protocol Standards" (STD 1) for the standardization state    and status of this protocol.  Distribution of this memo is unlimited.

Abstract

   An authenticated encryption algorithm combines encryption and    integrity into a single operation; such algorithms may also be    referred to as combined modes of an encryption cipher or as combined    mode algorithms.  This document describes the use of authenticated    encryption algorithms with the Encrypted Payload of the Internet Key    Exchange version 2 (IKEv2) protocol.

   The use of two specific authenticated encryption algorithms with the    IKEv2 Encrypted Payload is also described; these two algorithms are    the Advanced Encryption Standard (AES) in Galois/Counter Mode (AES    GCM) and AES in Counter with CBC-MAC Mode (AES CCM).  Additional    documents may describe the use of other authenticated encryption    algorithms with the IKEv2 Encrypted Payload.

Black & McGrew              Standards Track                     [Page 1]
 RFC 5282           Authenticated Encryption and IKEv2        August 2008

 Table of Contents

   1. Introduction ....................................................3

      1.1. Conventions Used in This Document ..........................3

   2. Structure of this Document ......................................4

   3. IKEv2 Encrypted Payload Data ....................................4

      3.1. AES GCM and AES CCM Initialization Vector (IV) .............6

      3.2. AES GCM and AES CCM Ciphertext (C) Construction ............6

   4. AES GCM and AES CCM Nonce (N) Format ............................7

   5. IKEv2 Associated Data (A) .......................................8

      5.1. Associated Data (A) Construction ...........................8

      5.2. Data Integrity Coverage ....................................8

   6. AES GCM and AES CCM Encrypted Payload Expansion .................9

   7. IKEv2 Conventions for AES GCM and AES CCM ....................