Some IPsec references

December 20, 2012

Some IPsec ressources I was using while developing ipdecap

RFCs

rfc 4835:Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14


 Requirement    Encryption Algorithm (notes)
        -----------    --------------------------
        MUST           NULL [RFC2410] (1)
        MUST           AES-CBC with 128-bit keys [RFC3602]
        MUST-          TripleDES-CBC [RFC2451]
        SHOULD         AES-CTR [RFC3686]
        SHOULD NOT     DES-CBC [RFC2405] (2)

        Requirement    Authentication Algorithm (notes)
        -----------    -----------------------------
        MUST           HMAC-SHA1-96 [RFC2404] (3)
        SHOULD+        AES-XCBC-MAC-96 [RFC3566]
        MAY            NULL (1)
        MAY            HMAC-MD5-96 [RFC2403] (4)

rfc 4309: Cryptographic Suites for IPsec
rfc 6379: Suite B Cryptographic Suites for IPsec

Authentication

rfc 2104: HMAC: Keyed-Hashing for Message Authentication
rfc 2403: The Use of HMAC-MD5-96 within ESP and AH
rfc 2404: The Use of HMAC-SHA-1-96 within ESP and AH
rfc 2410: The NULL Encryption Algorithm and Its Use With IPsec
rfc 4868: Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec
draft: The HMAC-SHA-256-96 Algorithm and Its Use With IPsec
draft: The HMAC-SHA-256-128 Algorithm and Its Use With IPsec

Encryption

rfc 2405: The ESP DES-CBC Cipher Algorithm With Explicit IV
rfc 3686: Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP)
rfc 3602: The AES-CBC Cipher Algorithm and Its Use with IPsec
draft: The ESP CAST5-128-CBC Transform
draft: The ESP Blowfish-CBC Algorithm Using an Explicit IV
draft: The ESP CAST128-CBC Algorithm
draft: The ESP RC5-CBC Algorithm