Supported Algorithms
IPsec in 5G-UPF supports the protocols in the following table, which are specified in RFC 5996.
Protocol |
Type |
Supported Options (with VPP) |
|
---|---|---|---|
Internet Key |
IKEv2 Encryption |
||
Exchange version 2 |
IKEv2 Pseudo Random Function |
PRF-HMAC-SHA1, PRF-HMAC-MD5, AES-XCBC-PRF-128 |
|
IKEv2 Integrity |
HMAC-SHA1-96, HMAC-SHA2-256-128, HMAC-SHA2-384-192. HMAC-SHA2-512-256, HMAC-MD5-96, AES-XCBC-96 |
||
IKEv2 Diffie-Hellman Group |
Group 1 (768 bit), Group 2 (1024 bit), Group 5 (1536 bit), Group 14 (2048 bit) |
||
IP Security |
IPsec Encapsulating Security Payload Encryption |
NULL, DES-CBC, 3DES-CBC, AES-CBC-192, AES-CBC-128, AES-CBC-256, AES-128-GCM-128, AES-128-GCM-64, AES-128-GCM-96, AES-192-GCM, AES-256-GCM-128, AES-256-GCM-64, AES-256-GCM-96 |
|
Extended Sequence Number |
Value of 0 or off is supported (ESN itself is not supported) |
||
IPsec Integrity |
NULL, HMAC-SHA1-96, HMAC-MD5-96, HMAC-SHA2-256-128, HMAC-SHA2-384-192, HMAC-SHA2-512-256
|