doc: Add RFC documents

1 files changed, 339 insertions, 0 deletions

diff --git a/doc/rfc/rfc2410.txt b/doc/rfc/rfc2410.txt
new file mode 100644
index 0000000..dfcad93
--- /dev/null
+++ b/doc/rfc/rfc2410.txt
@@ -0,0 +1,339 @@
+
+
+
+
+
+
+Network Working Group                                           R. Glenn
+Request for Comments: 2410                                          NIST
+Category: Standards Track                                        S. Kent
+                                                                BBN Corp
+                                                           November 1998
+
+
+          The NULL Encryption Algorithm and Its Use With IPsec
+
+Status of this Memo
+
+   This document specifies an Internet standards track protocol for the
+   Internet community, and requests discussion and suggestions for
+   improvements.  Please refer to the current edition of the "Internet
+   Official Protocol Standards" (STD 1) for the standardization state
+   and status of this protocol.  Distribution of this memo is unlimited.
+
+Copyright Notice
+
+   Copyright (C) The Internet Society (1998).  All Rights Reserved.
+
+Abstract
+
+   This memo defines the NULL encryption algorithm and its use with the
+   IPsec Encapsulating Security Payload (ESP).  NULL does nothing to
+   alter plaintext data.  In fact, NULL, by itself, does nothing.  NULL
+   provides the means for ESP to provide authentication and integrity
+   without confidentiality.
+
+   Further information on the other components necessary for ESP
+   implementations is provided by [ESP] and [ROAD].
+
+1.  Introduction
+
+   This memo defines the NULL encryption algorithm and its use with the
+   IPsec Encapsulating Security Payload [ESP] to provide authentication
+   and integrity without confidentiality.
+
+   NULL is a block cipher the origins of which appear to be lost in
+   antiquity.  Despite rumors that the National Security Agency
+   suppressed publication of this algorithm, there is no evidence of
+   such action on their part. Rather, recent archaeological evidence
+   suggests that the NULL algorithm was developed in Roman times, as an
+   exportable alternative to Ceaser ciphers. However, because Roman
+   numerals lack a symbol for zero, written records of the algorithm's
+   development were lost to historians for over two millennia.
+
+
+
+
+
+Glenn & Kent                Standards Track                     [Page 1]
+
+RFC 2410                     NULL and IPsec                November 1998
+
+
+   [ESP] specifies the use of an optional encryption algorithm to
+   provide confidentiality and the use of an optional authentication
+   algorithm to provide authentication and integrity.  The NULL
+   encryption algorithm is a convenient way to represent the option of
+   not applying encryption.  This is referred to as ESP_NULL in [DOI].
+
+   The IPsec Authentication Header [AH] specification provides a similar
+   service, by computing authentication data which covers the data
+   portion of a packet as well as the immutable in transit portions of
+   the IP header.  ESP_NULL does not include the IP header in
+   calculating the authentication data.  This can be useful in providing
+   IPsec services through non-IP network devices.  The discussion on how
+   ESP_NULL might be used with non-IP network devices is outside the
+   scope of this document.
+
+   In this memo, NULL is used within the context of ESP.  For further
+   information on how the various pieces of ESP fit together to provide
+   security services, refer to [ESP] and [ROAD].
+
+   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in this
+   document are to be interpreted as described in [RFC 2119].
+
+2. Algorithm Definition
+
+   NULL is defined mathematically by the use of the Identity function I
+   applied to a block of data b such that:
+
+     NULL(b) = I(b) = b
+
+2.1 Keying Material
+
+   Like other modern ciphers, e.g., RC5 [RFC-2040], the NULL encryption
+   algorithm can make use of keys of varying lengths.  However, no
+   measurable increase in security is afforded by the use of longer key
+   lengths.
+
+2.2 Cryptographic Synchronization
+
+   Because of the stateless nature of the NULL encryption algorithm, it
+   is not necessary to transmit an IV or similar cryptographic
+   synchronization data on a per packet (or even a per SA) basis.  The
+   NULL encryption algorithm combines many of the best features of both
+   block and stream ciphers, while still not requiring the transmission
+   of an IV or analogous cryptographic synchronization data.
+
+
+
+
+
+
+Glenn & Kent                Standards Track                     [Page 2]
+
+RFC 2410                     NULL and IPsec                November 1998
+
+
+2.3 Padding
+
+   NULL has a block size of 1 byte, thus padding is not necessary.
+
+2.4. Performance
+
+   The NULL encryption algorithm is significantly faster than other
+   commonly used symmetric encryption algorithms and implementations of
+   the base algorithm are available for all commonly used hardware and
+   OS platforms.
+
+2.5 Test Vectors
+
+   The following is a set of test vectors to facilitate in the
+   development of interoperable NULL implementations.
+
+test_case =      1
+data =           0x123456789abcdef
+data_len =       8
+NULL_data =      0x123456789abcdef
+
+test_case =      2
+data =           "Network Security People Have A Strange Sense Of Humor"
+data_len =       53
+NULL_data =      "Network Security People Have A Strange Sense Of Humor"
+
+3. ESP_NULL Operational Requirements
+
+   ESP_NULL is defined by using NULL within the context of ESP.  This
+   section further defines ESP_NULL by pointing out particular
+   operational parameter requirements.
+
+   For purposes of IKE [IKE] key extraction, the key size for this
+   algorithm MUST be zero (0) bits, to facilitate interoperability and
+   to avoid any potential export control problems.
+
+   To facilitate interoperability, the IV size for this algorithm MUST
+   be zero (0) bits.
+
+   Padding MAY be included on outgoing packets as specified in [ESP].
+
+4. Security Considerations
+
+   The NULL encryption algorithm offers no confidentiality nor does it
+   offer any other security service.  It is simply a convenient way to
+   represent the optional use of applying encryption within ESP.  ESP
+   can then be used to provide authentication and integrity without
+   confidentiality.  Unlike AH these services are not applied to any
+
+
+
+Glenn & Kent                Standards Track                     [Page 3]
+
+RFC 2410                     NULL and IPsec                November 1998
+
+
+   part of the IP header.  At the time of this writing there is no
+   evidence to support that ESP_NULL is any less secure than AH when
+   using the same authentication algorithm (i.e. a packet secured using
+   ESP_NULL with some authentication algorithm is as cryptographically
+   secure as a packet secured using AH with the same authentication
+   algorithm).
+
+   As stated in [ESP], while the use of encryption algorithms and
+   authentication algorithms are optional in ESP, it is imperative that
+   an ESP SA specifies the use of at least one cryptographically strong
+   encryption algorithm or one cryptographically strong authentication
+   algorithm or one of each.
+
+   At the time of this writing there are no known laws preventing the
+   exportation of NULL with a zero (0) bit key length.
+
+5.  Intellectual Property Rights
+
+   Pursuant to the provisions of [RFC-2026], the authors represent that
+   they have disclosed the existence of any proprietary or intellectual
+   property rights in the contribution that are reasonably and
+   personally known to the authors.  The authors do not represent that
+   they personally know of all potentially pertinent proprietary and
+   intellectual property rights owned or claimed by the organizations
+   they represent or third parties.
+
+6.  Acknowledgments
+
+   Steve Bellovin suggested and provided the text for the Intellectual
+   Property Rights section.
+
+   Credit also needs to be given to the participants of the Cisco/ICSA
+   IPsec & IKE March 1998 Interoperability Workshop since it was there
+   that the need for this document became apparent.
+
+7.  References
+
+   [ESP]        Kent, S., and R. Atkinson, "IP Encapsulating Security
+                Payload", RFC 2406, November 1998.
+
+   [AH]         Kent, S., and R. Atkinson, "IP Authentication Header",
+                RFC 2402, November 1998.
+
+   [ROAD]       Thayer, R., Doraswamy, N., and R. Glenn, "IP Security
+                Document Roadmap", RFC 2411, November 1998.
+
+   [DOI]        Piper, D., "The Internet IP Security Domain of
+                Interpretation for ISAKMP", RFC 2408, November 1998.
+
+
+
+Glenn & Kent                Standards Track                     [Page 4]
+
+RFC 2410                     NULL and IPsec                November 1998
+
+
+   [IKE]        Harkins, D., and D. Carrel, "The Internet Key Exchange
+                (IKE)", RFC 2409, November 1998.
+
+   [RFC-2026]   Bradner, S., "The Internet Standards Process -- Revision
+                3", BCP 9, RFC 2026, October 1996.
+
+   [RFC-2040]   Baldwin, R., and R. Rivest, "The RC5, RC5-CBC, RC5-CBC-
+                Pad, and RC5-CTS Algorithms", RFC 2040, October 1996
+
+   [RFC-2119]   Bradner, S., "Key words for use in RFCs to Indicate
+                Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+6.  Editors' Addresses
+
+   Rob Glenn
+   NIST
+
+   EMail: rob.glenn@nist.gov
+
+
+   Stephen Kent
+   BBN Corporation
+
+   EMail: kent@bbn.com
+
+   The IPsec working group can be contacted through the chairs:
+
+   Robert Moskowitz
+   ICSA
+
+   EMail: rgm@icsa.net
+
+
+   Ted T'so
+   Massachusetts Institute of Technology
+
+   EMail: tytso@mit.edu
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Glenn & Kent                Standards Track                     [Page 5]
+
+RFC 2410                     NULL and IPsec                November 1998
+
+
+7.  Full Copyright Statement
+
+   Copyright (C) The Internet Society (1998).  All Rights Reserved.
+
+   This document and translations of it may be copied and furnished to
+   others, and derivative works that comment on or otherwise explain it
+   or assist in its implementation may be prepared, copied, published
+   and distributed, in whole or in part, without restriction of any
+   kind, provided that the above copyright notice and this paragraph are
+   included on all such copies and derivative works.  However, this
+   document itself may not be modified in any way, such as by removing
+   the copyright notice or references to the Internet Society or other
+   Internet organizations, except as needed for the purpose of
+   developing Internet standards in which case the procedures for
+   copyrights defined in the Internet Standards process must be
+   followed, or as required to translate it into languages other than
+   English.
+
+   The limited permissions granted above are perpetual and will not be
+   revoked by the Internet Society or its successors or assigns.
+
+   This document and the information contained herein is provided on an
+   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Glenn & Kent                Standards Track                     [Page 6]
+