Diff: draft-songlee-aes-cmac-00.txt - draft-songlee-aes-cmac-01.txt

	< draft-songlee-aes-cmac-00.txt	draft-songlee-aes-cmac-01.txt >


	JunHyuk Song	JunHyuk Song
	Jicheol Lee	Jicheol Lee
	INTERNET DRAFT Samsung Electronics	INTERNET DRAFT Samsung Electronics

	Expires: November 24, 2005 May 25 2005	Expires: November 30, 2005 May 31 2005

	The AES-CMAC Algorithm	The AES-CMAC Algorithm

	draft-songlee-aes-cmac-00.txt	draft-songlee-aes-cmac-01.txt

	Status of This Memo	Status of This Memo

	By submitting this Internet-Draft, each author represents that any	By submitting this Internet-Draft, each author represents that any
	applicable patent or other IPR claims of which he or she is aware	applicable patent or other IPR claims of which he or she is aware
	have been or will be disclosed, and any of which he or she becomes	have been or will be disclosed, and any of which he or she becomes
	aware will be disclosed, in accordance with Section 6 of BCP 79.	aware will be disclosed, in accordance with Section 6 of BCP 79.

	Internet-Drafts are working documents of the Internet Engineering	Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF), its areas, and its working groups. Note that	Task Force (IETF), its areas, and its working groups. Note that

	skipping to change at page 2, line 34 ¶	skipping to change at page 2, line 34 ¶

	1. Introduction	1. Introduction

	National Institute of Standards and Technology (NIST) has newly	National Institute of Standards and Technology (NIST) has newly
	specified the Cipher based MAC (CMAC). CMAC [NIST-CMAC] is a keyed	specified the Cipher based MAC (CMAC). CMAC [NIST-CMAC] is a keyed
	hashed function that is based on a symmetric key block cipher such	hashed function that is based on a symmetric key block cipher such
	as Advanced Encryption Standard [AES]. CMAC is equivalent to the	as Advanced Encryption Standard [AES]. CMAC is equivalent to the
	One-Key CBC-MAC1 (OMAC1) algorithm submitted by Iwata and Kurosawa	One-Key CBC-MAC1 (OMAC1) algorithm submitted by Iwata and Kurosawa
	[OMAC1]. Although the OMAC1 algorithm is based on the eXtended Cipher	[OMAC1]. Although the OMAC1 algorithm is based on the eXtended Cipher
	Block Chaining mode (XCBC) algorithm submitted by Rogaway and Black	Block Chaining mode (XCBC) algorithm submitted by Rogaway and Black

	[XCBC], OMAC1 efficiently reduces the key size of XCBC.	[XCBC], OMAC1 efficiently reduces the key size of XCBC. This memo
	This memo specifies the authentication mechanism based on	specifies the authentication mechanism based on CMAC mode of
	CMAC mode of operation with 128-bit Advanced Encryption Standard	operation with 128-bit Advanced Encryption Standard(AES) cipher
	(AES) cipher block. This new authentication algorithm is named	block. This new authentication algorithm is named AES-CMAC
	AES-CMAC

	2. Specification of Language	2. Specification of Language

	The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",	The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
	"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this	"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
	document are to be interpreted as described in RFC 2119 [3].	document are to be interpreted as described in RFC 2119 [3].

	In addition, the following words are used to signify the requirements	In addition, the following words are used to signify the requirements
	of the specification.	of the specification.


	skipping to change at page 7, line 5 ¶	skipping to change at page 7, line 5 ¶
	+ else K1 := (L << 1) XOR const_Rb; +	+ else K1 := (L << 1) XOR const_Rb; +
	+ Step 3. if MSB(K1) is equal to 0 +	+ Step 3. if MSB(K1) is equal to 0 +
	+ then K2 := K1 << 1; +	+ then K2 := K1 << 1; +
	+ else K2 := (K1 << 1) XOR const_Rb; +	+ else K2 := (K1 << 1) XOR const_Rb; +
	+ Step 4. return K1, K2; +	+ Step 4. return K1, K2; +
	+ +	+ +
	+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++	+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

	Figure 3.2 Generate_Subkey Algorithm	Figure 3.2 Generate_Subkey Algorithm
	Figure 3.2 describes the algorithm generating subkeys.	Figure 3.2 describes the algorithm generating subkeys.

	In step 1. AES-128 is applied to all zero bits with key k	In step 1. AES-128 is applied to all zero bits with key K.

	In step 2 K1 is derive through following operation:	In step 2 K1 is derive through following operation:
	If the most significant bit of L is equal to 0, left-shift L by 1	If the most significant bit of L is equal to 0, left-shift L by 1
	bit. Otherwise, exclusive-OR const_Rb with the result of 1-bit	bit. Otherwise, exclusive-OR const_Rb with the result of 1-bit
	left-shift of L.	left-shift of L.

	In step 3. K2 is derived through following operation:	In step 3. K2 is derived through following operation:
	If the most significant bit of K1 is equal to 0, left-shift	If the most significant bit of K1 is equal to 0, left-shift
	K1 by 1 bit. Otherwise, exclusive-OR const_Rb with the result	K1 by 1 bit. Otherwise, exclusive-OR const_Rb with the result
	of 1-bit left-shift of K1.	of 1-bit left-shift of K1.

	skipping to change at page 9, line 40 ¶	skipping to change at page 9, line 40 ¶
	As is true with any cryptographic algorithm, part of its strength	As is true with any cryptographic algorithm, part of its strength
	lies in the correctness of the algorithm implementation, the security	lies in the correctness of the algorithm implementation, the security
	of the key management mechanism and its implementation, the strength	of the key management mechanism and its implementation, the strength
	of the associated secret key, and upon the correctness of the	of the associated secret key, and upon the correctness of the
	implementation in all of the participating systems. This document	implementation in all of the participating systems. This document
	contains test vectors to assist in verifying the correctness of	contains test vectors to assist in verifying the correctness of
	AES-CMAC code.	AES-CMAC code.

	5. Test Vectors	5. Test Vectors


	Following test vectors are same as that of [NIST-CMAC].	Following test vectors are same as those of [NIST-CMAC].
	The following vectors are also output of the test program in	The following vectors are also output of the test program in
	appendix A.	appendix A.

	--------------------------------------------------	--------------------------------------------------
	Subkey Generation	Subkey Generation
	K 2b7e1516 28aed2a6 abf71588 09cf4f3c	K 2b7e1516 28aed2a6 abf71588 09cf4f3c
	AES_128(key,0) 7df76b0c 1ab899b3 3e42f047 b91b546f	AES_128(key,0) 7df76b0c 1ab899b3 3e42f047 b91b546f
	K1 fbeed618 35713366 7c85e08f 7236a8de	K1 fbeed618 35713366 7c85e08f 7236a8de
	K2 f7ddac30 6ae266cc f90bc11e e46d513b	K2 f7ddac30 6ae266cc f90bc11e e46d513b
	--------------------------------------------------	--------------------------------------------------

	skipping to change at page 13, line 42 ¶	skipping to change at page 13, line 42 ¶

	unsigned char sbox(unsigned char a)	unsigned char sbox(unsigned char a)
	{	{
	return sbox_table[(int)a];	return sbox_table[(int)a];
	}	}

	void next_key(unsigned char *key, int round)	void next_key(unsigned char *key, int round)
	{	{
	unsigned char rcon;	unsigned char rcon;
	unsigned char sbox_key[4];	unsigned char sbox_key[4];

	unsigned char rcon_table[12] {	unsigned char rcon_table[12] = {
	0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,	0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
	0x1b, 0x36, 0x36, 0x36	0x1b, 0x36, 0x36, 0x36
	};	};

	sbox_key[0] = sbox(key[13]);	sbox_key[0] = sbox(key[13]);
	sbox_key[1] = sbox(key[14]);	sbox_key[1] = sbox(key[14]);
	sbox_key[2] = sbox(key[15]);	sbox_key[2] = sbox(key[15]);
	sbox_key[3] = sbox(key[12]);	sbox_key[3] = sbox(key[12]);
	rcon = rcon_table[round];	rcon = rcon_table[round];


End of changes. 7 change blocks.
	11 lines changed or deleted	10 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/