RFC 3566 (rfc3566) - Page 1 of 11

The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec

Network Working Group                                         S. Frankel
Request for Comments: 3566                                          NIST
Category: Standards Track                                     H. Herbert
                                                                   Intel
                                                          September 2003


          The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   A Message Authentication Code (MAC) is a key-dependent one way hash
   function.  One popular way to construct a MAC algorithm is to use a
   block cipher in conjunction with the Cipher-Block-Chaining (CBC) mode
   of operation.  The classic CBC-MAC algorithm, while secure for
   messages of a pre-selected fixed length, has been shown to be
   insecure across messages of varying lengths such as the type found in
   typical IP datagrams.  This memo specifies the use of AES in CBC mode
   with a set of extensions to overcome this limitation.  This new
   algorithm is named AES-XCBC-MAC-96.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Specification of Requirements  . . . . . . . . . . . . . .   2
   3.  Basic CBC-MAC with Obligatory 10* Padding  . . . . . . . .   3
   4.  AES-XCBC-MAC-96  . . . . . . . . . . . . . . . . . . . . .   3
       4.1.  Keying Material. . . . . . . . . . . . . . . . . . .   5
       4.2.  Padding  . . . . . . . . . . . . . . . . . . . . . .   6
       4.3.  Truncation . . . . . . . . . . . . . . . . . . . . .   6
       4.4.  Interaction with the ESP Cipher Mechanism. . . . . .   6
       4.5.  Performance. . . . . . . . . . . . . . . . . . . . .   6
       4.6.  Test Vectors . . . . . . . . . . . . . . . . . . . .   7
   5.  Security Considerations  . . . . . . . . . . . . . . . . .   8
   6.  IANA Considerations  . . . . . . . . . . . . . . . . . . .   8
   7.  Intellectual Property Rights Statement . . . . . . . . . .   8



Frankel & Herbert           Standards Track