| < draft-songlee-aes-cmac-02.txt | draft-songlee-aes-cmac-03.txt > | |||
|---|---|---|---|---|
| JunHyuk Song | JunHyuk Song | |||
| Radha Poovendran | Radha Poovendran | |||
| University of Washington | University of Washington | |||
| Jicheol Lee | Jicheol Lee | |||
| Samsung Electronics | Samsung Electronics | |||
| Tetsu Iwata | Tetsu Iwata | |||
| INTERNET DRAFT Ibaraki University | INTERNET DRAFT Ibaraki University | |||
| Expires: May 6, 2006 November 7 2005 | Expires: June 8, 2006 December 9 2005 | |||
| The AES-CMAC Algorithm | The AES-CMAC Algorithm | |||
| draft-songlee-aes-cmac-02.txt | draft-songlee-aes-cmac-03.txt | |||
| Status of This Memo | Status of This Memo | |||
| By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
| applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
| have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| skipping to change at page 2, line 16 ¶ | skipping to change at page 2, line 16 ¶ | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Specification of AES-CMAC . . . . . . . . . . . . . . . . 3 | 2. Specification of AES-CMAC . . . . . . . . . . . . . . . . 3 | |||
| 2.1 Basic definitions . . . . . . . . . . . . . . . . . . . . 3 | 2.1 Basic definitions . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2.2 Overview . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 2.2 Overview . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2.3 Subkey Generation Algorithm . . . . . . . . . . . . . . . 5 | 2.3 Subkey Generation Algorithm . . . . . . . . . . . . . . . 5 | |||
| 2.4 MAC Generation Algorithm . . . . . . . . . . . . . . . . . 7 | 2.4 MAC Generation Algorithm . . . . . . . . . . . . . . . . . 7 | |||
| 2.5 MAC Verification Algorithm . . . . . . . . . . . . . . . . 9 | 2.5 MAC Verification Algorithm . . . . . . . . . . . . . . . . 9 | |||
| 3. Security Considerations . . . . . . . . . . . . . . . . . . 10 | 3. Security Considerations . . . . . . . . . . . . . . . . . . 10 | |||
| 4. Test Vector . . . . . . . . . . . . . . . . . . . . . . . . 11 | 4. Test Vector . . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 5. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . 12 | 5. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 6. Authors address . . . . . . . . . . . . . . . . . . . . . . 12 | 6. Authors address . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 7. References . . . . . . . . . . . . . . . . . . . . . . . . 13 | 7. References . . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| Appendix A. Test Code . . . . . . . . . . . . . . . . . . . . 14 | Appendix A. Test Code . . . . . . . . . . . . . . . . . . . . 14 | |||
| 1. Introduction | 1. Introduction | |||
| National Institute of Standards and Technology (NIST) has newly | National Institute of Standards and Technology (NIST) has newly | |||
| specified the Cipher-based Message Authentication Code (CMAC). | specified the Cipher-based Message Authentication Code (CMAC). | |||
| CMAC [NIST-CMAC] is a keyed hash function that is based on a | CMAC [NIST-CMAC] is a keyed hash function that is based on a | |||
| symmetric key block cipher such as the Advanced Encryption | symmetric key block cipher such as the Advanced Encryption | |||
| skipping to change at page 10, line 45 ¶ | skipping to change at page 10, line 45 ¶ | |||
| authentic, i.e., it did not originate from a source that executed | authentic, i.e., it did not originate from a source that executed | |||
| the generation process on the message to produce the purported MAC. | the generation process on the message to produce the purported MAC. | |||
| If the output is VALID, then the design of the AES-CMAC provides | If the output is VALID, then the design of the AES-CMAC provides | |||
| assurance that the message is authentic and, hence, was not | assurance that the message is authentic and, hence, was not | |||
| corrupted in transit; however, this assurance, as for any MAC | corrupted in transit; however, this assurance, as for any MAC | |||
| algorithm, is not absolute. | algorithm, is not absolute. | |||
| 3. Security Considerations | 3. Security Considerations | |||
| The security provided by AES-CMAC is based upon the strength of AES. | The security provided by AES-CMAC are built on strong cryptographic | |||
| At the time of this writing there are no practical cryptographic | algorithm AES. However as is true with any cryptographic algorithm, | |||
| attacks against AES or AES-CMAC. | part of its strength lies in the secret key, 'K' and the correctness | |||
| of the implementation in all of the participating systems. | ||||
| As is true with any cryptographic algorithm, part of its strength | If the secret key 'K' is compromised or inappropriately shared, it | |||
| lies in the correctness of the algorithm implementation, the | no longer guarantee either authentication or integrity of message. | |||
| security of the key management mechanism and its implementation, the | The secret key shall be generated in a way that meet the pseudo | |||
| strength of the associated secret key, and upon the correctness of | randomness requirement of RFC 4086 [RFC4086] and should be kept | |||
| the implementation in all of the participating systems. | in safe. If and only if AES-CMAC used properly it can provide the | |||
| Authentication and Integrity that meet the best current practice | ||||
| This document contains test vectors to assist in verifying the | of message authentication. | |||
| correctness of AES-CMAC code. | ||||
| 4. Test Vectors | 4. Test Vectors | |||
| Following test vectors are the same as those of [NIST-CMAC]. | Following test vectors are the same as those of [NIST-CMAC]. | |||
| The following vectors are also output of the test program in | The following vectors are also output of the test program in | |||
| appendix A. | appendix A. | |||
| -------------------------------------------------- | -------------------------------------------------- | |||
| Subkey Generation | Subkey Generation | |||
| K 2b7e1516 28aed2a6 abf71588 09cf4f3c | K 2b7e1516 28aed2a6 abf71588 09cf4f3c | |||
| skipping to change at page 13, line 7 ¶ | skipping to change at page 12, line 31 ¶ | |||
| University of Washington | University of Washington | |||
| (206) 221-6512 | (206) 221-6512 | |||
| radha@ee.washington.edu | radha@ee.washington.edu | |||
| Tetsu Iwata | Tetsu Iwata | |||
| Ibaraki University | Ibaraki University | |||
| iwata@cis.ibaraki.ac.jp | iwata@cis.ibaraki.ac.jp | |||
| 7. References | 7. References | |||
| [NIST-CMAC] NIST, SP 800-38B, "Recommendation for Block Cipher | 7.1. Normative References | |||
| Modes of Operation: The CMAC Mode for Authentication," | [NIST-CMAC] NIST, Special Publication 800-38B Draft,"Recommendation | |||
| May 2005. | for Block Cipher Modes of Operation: The CMAC Method | |||
| http://csrc.nist.gov/publications/nistpubs/800-38B/ | for Authentication," March 9, 2005 | |||
| SP_800-38B.pdf | ||||
| [NIST-AES] NIST, FIPS 197, "Advanced Encryption Standard (AES)," | [NIST-AES] NIST, FIPS 197, "Advanced Encryption Standard (AES)," | |||
| November 2001. http://csrc.nist.gov/publications/fips/ | November 2001. | |||
| fips197/fips-197.pdf | http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf | |||
| [RFC-HMAC] Hugo Krawczyk, Mihir Bellare and Ran Canetti, | [OMAC1] "OMAC: One-Key CBC MAC," Tetsu Iwata and Kaoru Kurosawa, | |||
| "HMAC: Keyed-Hashing for Message Authentication," | Department of Computer and Information Sciences, | |||
| RFC2104, February 1997. | Ilbaraki University, March 10, 2003. | |||
| [XCBC] Black, J. and P. Rogaway, "A Suggestion for Handling | ||||
| Arbitrary-Length Messages with the CBC MAC," NIST | ||||
| Second Modes of Operation Workshop, August 2001. | ||||
| http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/ | ||||
| xcbc-mac/xcbc-mac-spec.pdf | ||||
| [RFC4086] Eastlake 3rd, D., Crocker, S., and J. Schiller, | ||||
| "Randomness Requirements for Security", RFC 4086 | ||||
| June 2005 | ||||
| 7.2. Informative References | ||||
| [OMAC1a] Tetsu Iwata and Kaoru Kurosawa, "OMAC: One-Key CBC MAC," | [OMAC1a] Tetsu Iwata and Kaoru Kurosawa, "OMAC: One-Key CBC MAC," | |||
| Fast Software Encryption, FSE 2003, LNCS 2887, | Fast Software Encryption, FSE 2003, LNCS 2887, | |||
| pp. 129-153, Springer-Verlag, 2003. | pp. 129-153, Springer-Verlag, 2003. | |||
| [RFC-HMAC] Hugo Krawczyk, Mihir Bellare and Ran Canetti, | ||||
| "HMAC: Keyed-Hashing for Message Authentication," | ||||
| RFC2104, February 1997. | ||||
| [OMAC1b] Tetsu Iwata and Kaoru Kurosawa, "OMAC: One-Key CBC MAC," | [OMAC1b] Tetsu Iwata and Kaoru Kurosawa, "OMAC: One-Key CBC MAC," | |||
| Submission to NIST, December 2002. | Submission to NIST, December 2002. | |||
| Available from the NIST modes of operation web site at | Available from the NIST modes of operation web site at | |||
| http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/ | http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/ | |||
| omac/omac-spec.pdf | omac/omac-spec.pdf | |||
| [XCBCa] John Black and Phillip Rogaway, "A Suggestion for | [XCBCa] John Black and Phillip Rogaway, "A Suggestion for | |||
| Handling Arbitrary-Length Messages with the CBC MAC," | Handling Arbitrary-Length Messages with the CBC MAC," | |||
| NIST Second Modes of Operation Workshop, August 2001. | NIST Second Modes of Operation Workshop, August 2001. | |||
| Available from the NIST modes of operation web site at | Available from the NIST modes of operation web site at | |||
| http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/ | http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/ | |||
| xcbc-mac/xcbc-mac-spec.pdf | xcbc-mac/xcbc-mac-spec.pdf | |||
| [XCBCb] John Black and Phillip Rogaway, "CBC MACs for | [XCBCb] John Black and Phillip Rogaway, "CBC MACs for | |||
| Arbitrary-Length Messages: The Three-Key | Arbitrary-Length Messages: The Three-Key | |||
| Constructions," Journal of Cryptology, Vol. 18, No. 2, | Constructions," Journal of Cryptology, Vol. 18, No. 2, | |||
| pp. 111-132, Springer-Verlag, Spring 2005. | pp. 111-132, Springer-Verlag, Spring 2005. | |||
| [RFC1750] Eastlake 3rd, D., Crocker, S., and J. Schiller, | ||||
| "Randomness Recommendations for Security", RFC 1750, | ||||
| December 1994. | ||||
| Appendix A. Test Code | Appendix A. Test Code | |||
| /****************************************************************/ | /****************************************************************/ | |||
| /* AES-CMAC with AES-128 bit */ | /* AES-CMAC with AES-128 bit */ | |||
| /* AES-128 from David Johnston (802.16) */ | /* AES-128 from David Johnston (802.16) */ | |||
| /* CMAC Algorithm described in SP800-38B draft */ | /* CMAC Algorithm described in SP800-38B draft */ | |||
| /* Author: Junhyuk Song (junhyuk.song@samsung.com) */ | /* Author: Junhyuk Song (junhyuk.song@samsung.com) */ | |||
| /* Jicheol Lee (jicheol.lee@samsung.com) */ | /* Jicheol Lee (jicheol.lee@samsung.com) */ | |||
| /****************************************************************/ | /****************************************************************/ | |||
| End of changes. 9 change blocks. | ||||
| 25 lines changed or deleted | 42 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||