< draft-songlee-aes-cmac-02.txt   draft-songlee-aes-cmac-03.txt >
JunHyuk Song JunHyuk Song
Radha Poovendran Radha Poovendran
University of Washington University of Washington
Jicheol Lee Jicheol Lee
Samsung Electronics Samsung Electronics
Tetsu Iwata Tetsu Iwata
INTERNET DRAFT Ibaraki University INTERNET DRAFT Ibaraki University
Expires: May 6, 2006 November 7 2005 Expires: June 8, 2006 December 9 2005
The AES-CMAC Algorithm The AES-CMAC Algorithm
draft-songlee-aes-cmac-02.txt draft-songlee-aes-cmac-03.txt
Status of This Memo Status of This Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 2, line 16 skipping to change at page 2, line 16
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 2
2. Specification of AES-CMAC . . . . . . . . . . . . . . . . 3 2. Specification of AES-CMAC . . . . . . . . . . . . . . . . 3
2.1 Basic definitions . . . . . . . . . . . . . . . . . . . . 3 2.1 Basic definitions . . . . . . . . . . . . . . . . . . . . 3
2.2 Overview . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.2 Overview . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.3 Subkey Generation Algorithm . . . . . . . . . . . . . . . 5 2.3 Subkey Generation Algorithm . . . . . . . . . . . . . . . 5
2.4 MAC Generation Algorithm . . . . . . . . . . . . . . . . . 7 2.4 MAC Generation Algorithm . . . . . . . . . . . . . . . . . 7
2.5 MAC Verification Algorithm . . . . . . . . . . . . . . . . 9 2.5 MAC Verification Algorithm . . . . . . . . . . . . . . . . 9
3. Security Considerations . . . . . . . . . . . . . . . . . . 10 3. Security Considerations . . . . . . . . . . . . . . . . . . 10
4. Test Vector . . . . . . . . . . . . . . . . . . . . . . . . 11 4. Test Vector . . . . . . . . . . . . . . . . . . . . . . . . 11
5. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . 12 5. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . 11
6. Authors address . . . . . . . . . . . . . . . . . . . . . . 12 6. Authors address . . . . . . . . . . . . . . . . . . . . . . 12
7. References . . . . . . . . . . . . . . . . . . . . . . . . 13 7. References . . . . . . . . . . . . . . . . . . . . . . . . 13
Appendix A. Test Code . . . . . . . . . . . . . . . . . . . . 14 Appendix A. Test Code . . . . . . . . . . . . . . . . . . . . 14
1. Introduction 1. Introduction
National Institute of Standards and Technology (NIST) has newly National Institute of Standards and Technology (NIST) has newly
specified the Cipher-based Message Authentication Code (CMAC). specified the Cipher-based Message Authentication Code (CMAC).
CMAC [NIST-CMAC] is a keyed hash function that is based on a CMAC [NIST-CMAC] is a keyed hash function that is based on a
symmetric key block cipher such as the Advanced Encryption symmetric key block cipher such as the Advanced Encryption
skipping to change at page 10, line 45 skipping to change at page 10, line 45
authentic, i.e., it did not originate from a source that executed authentic, i.e., it did not originate from a source that executed
the generation process on the message to produce the purported MAC. the generation process on the message to produce the purported MAC.
If the output is VALID, then the design of the AES-CMAC provides If the output is VALID, then the design of the AES-CMAC provides
assurance that the message is authentic and, hence, was not assurance that the message is authentic and, hence, was not
corrupted in transit; however, this assurance, as for any MAC corrupted in transit; however, this assurance, as for any MAC
algorithm, is not absolute. algorithm, is not absolute.
3. Security Considerations 3. Security Considerations
The security provided by AES-CMAC is based upon the strength of AES. The security provided by AES-CMAC are built on strong cryptographic
At the time of this writing there are no practical cryptographic algorithm AES. However as is true with any cryptographic algorithm,
attacks against AES or AES-CMAC. part of its strength lies in the secret key, 'K' and the correctness
of the implementation in all of the participating systems.
As is true with any cryptographic algorithm, part of its strength If the secret key 'K' is compromised or inappropriately shared, it
lies in the correctness of the algorithm implementation, the no longer guarantee either authentication or integrity of message.
security of the key management mechanism and its implementation, the The secret key shall be generated in a way that meet the pseudo
strength of the associated secret key, and upon the correctness of randomness requirement of RFC 4086 [RFC4086] and should be kept
the implementation in all of the participating systems. in safe. If and only if AES-CMAC used properly it can provide the
Authentication and Integrity that meet the best current practice
This document contains test vectors to assist in verifying the of message authentication.
correctness of AES-CMAC code.
4. Test Vectors 4. Test Vectors
Following test vectors are the same as those of [NIST-CMAC]. Following test vectors are the same as those of [NIST-CMAC].
The following vectors are also output of the test program in The following vectors are also output of the test program in
appendix A. appendix A.
-------------------------------------------------- --------------------------------------------------
Subkey Generation Subkey Generation
K 2b7e1516 28aed2a6 abf71588 09cf4f3c K 2b7e1516 28aed2a6 abf71588 09cf4f3c
skipping to change at page 13, line 7 skipping to change at page 12, line 31
University of Washington University of Washington
(206) 221-6512 (206) 221-6512
radha@ee.washington.edu radha@ee.washington.edu
Tetsu Iwata Tetsu Iwata
Ibaraki University Ibaraki University
iwata@cis.ibaraki.ac.jp iwata@cis.ibaraki.ac.jp
7. References 7. References
[NIST-CMAC] NIST, SP 800-38B, "Recommendation for Block Cipher 7.1. Normative References
Modes of Operation: The CMAC Mode for Authentication," [NIST-CMAC] NIST, Special Publication 800-38B Draft,"Recommendation
May 2005. for Block Cipher Modes of Operation: The CMAC Method
http://csrc.nist.gov/publications/nistpubs/800-38B/ for Authentication," March 9, 2005
SP_800-38B.pdf
[NIST-AES] NIST, FIPS 197, "Advanced Encryption Standard (AES)," [NIST-AES] NIST, FIPS 197, "Advanced Encryption Standard (AES),"
November 2001. http://csrc.nist.gov/publications/fips/ November 2001.
fips197/fips-197.pdf http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
[RFC-HMAC] Hugo Krawczyk, Mihir Bellare and Ran Canetti, [OMAC1] "OMAC: One-Key CBC MAC," Tetsu Iwata and Kaoru Kurosawa,
"HMAC: Keyed-Hashing for Message Authentication," Department of Computer and Information Sciences,
RFC2104, February 1997. Ilbaraki University, March 10, 2003.
[XCBC] Black, J. and P. Rogaway, "A Suggestion for Handling
Arbitrary-Length Messages with the CBC MAC," NIST
Second Modes of Operation Workshop, August 2001.
http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/
xcbc-mac/xcbc-mac-spec.pdf
[RFC4086] Eastlake 3rd, D., Crocker, S., and J. Schiller,
"Randomness Requirements for Security", RFC 4086
June 2005
7.2. Informative References
[OMAC1a] Tetsu Iwata and Kaoru Kurosawa, "OMAC: One-Key CBC MAC," [OMAC1a] Tetsu Iwata and Kaoru Kurosawa, "OMAC: One-Key CBC MAC,"
Fast Software Encryption, FSE 2003, LNCS 2887, Fast Software Encryption, FSE 2003, LNCS 2887,
pp. 129-153, Springer-Verlag, 2003. pp. 129-153, Springer-Verlag, 2003.
[RFC-HMAC] Hugo Krawczyk, Mihir Bellare and Ran Canetti,
"HMAC: Keyed-Hashing for Message Authentication,"
RFC2104, February 1997.
[OMAC1b] Tetsu Iwata and Kaoru Kurosawa, "OMAC: One-Key CBC MAC," [OMAC1b] Tetsu Iwata and Kaoru Kurosawa, "OMAC: One-Key CBC MAC,"
Submission to NIST, December 2002. Submission to NIST, December 2002.
Available from the NIST modes of operation web site at Available from the NIST modes of operation web site at
http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/ http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/
omac/omac-spec.pdf omac/omac-spec.pdf
[XCBCa] John Black and Phillip Rogaway, "A Suggestion for [XCBCa] John Black and Phillip Rogaway, "A Suggestion for
Handling Arbitrary-Length Messages with the CBC MAC," Handling Arbitrary-Length Messages with the CBC MAC,"
NIST Second Modes of Operation Workshop, August 2001. NIST Second Modes of Operation Workshop, August 2001.
Available from the NIST modes of operation web site at Available from the NIST modes of operation web site at
http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/ http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/
xcbc-mac/xcbc-mac-spec.pdf xcbc-mac/xcbc-mac-spec.pdf
[XCBCb] John Black and Phillip Rogaway, "CBC MACs for [XCBCb] John Black and Phillip Rogaway, "CBC MACs for
Arbitrary-Length Messages: The Three-Key Arbitrary-Length Messages: The Three-Key
Constructions," Journal of Cryptology, Vol. 18, No. 2, Constructions," Journal of Cryptology, Vol. 18, No. 2,
pp. 111-132, Springer-Verlag, Spring 2005. pp. 111-132, Springer-Verlag, Spring 2005.
[RFC1750] Eastlake 3rd, D., Crocker, S., and J. Schiller,
"Randomness Recommendations for Security", RFC 1750,
December 1994.
Appendix A. Test Code Appendix A. Test Code
/****************************************************************/ /****************************************************************/
/* AES-CMAC with AES-128 bit */ /* AES-CMAC with AES-128 bit */
/* AES-128 from David Johnston (802.16) */ /* AES-128 from David Johnston (802.16) */
/* CMAC Algorithm described in SP800-38B draft */ /* CMAC Algorithm described in SP800-38B draft */
/* Author: Junhyuk Song (junhyuk.song@samsung.com) */ /* Author: Junhyuk Song (junhyuk.song@samsung.com) */
/* Jicheol Lee (jicheol.lee@samsung.com) */ /* Jicheol Lee (jicheol.lee@samsung.com) */
/****************************************************************/ /****************************************************************/
 End of changes. 9 change blocks. 
25 lines changed or deleted 42 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/