idnits 2.17.1 draft-ietf-tcpm-ao-test-vectors-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. == There are 1 instance of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (April 7, 2021) is 1113 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 793 (Obsoleted by RFC 9293) -- Duplicate reference: RFC5925, mentioned in 'RFC5926', was also mentioned in 'RFC5925'. -- Duplicate reference: RFC2119, mentioned in 'RFC8174', was also mentioned in 'RFC2119'. -- No information found for draft-tsvwg-touch-sne - is the name correct? Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 TCPM J. Touch 2 Internet Draft Independent consultant 3 Intended status: Informational J. Kuusisaari 4 Expires: October 2021 Infinera 5 April 7, 2021 7 TCP-AO Test Vectors 9 draft-ietf-tcpm-ao-test-vectors-00.txt 11 Status of this Memo 13 This Internet-Draft is submitted in full conformance with the 14 provisions of BCP 78 and BCP 79. 16 Internet-Drafts are working documents of the Internet Engineering 17 Task Force (IETF), its areas, and its working groups. Note that 18 other groups may also distribute working documents as Internet- 19 Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six 22 months and may be updated, replaced, or obsoleted by other documents 23 at any time. It is inappropriate to use Internet-Drafts as 24 reference material or to cite them other than as "work in progress." 26 The list of current Internet-Drafts can be accessed at 27 http://www.ietf.org/ietf/1id-abstracts.txt 29 The list of Internet-Draft Shadow Directories can be accessed at 30 http://www.ietf.org/shadow.html 32 This Internet-Draft will expire on October 7, 2021. 34 Copyright Notice 36 Copyright (c) 2021 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents 41 (http://trustee.ietf.org/license-info) in effect on the date of 42 publication of this document. Please review these documents 43 carefully, as they describe your rights and restrictions with 44 respect to this document. Code Components extracted from this 45 document must include Simplified BSD License text as described in 46 Section 4.e of the Trust Legal Provisions and are provided without 47 warranty as described in the Simplified BSD License. 49 Abstract 51 This document provides test vectors to validate implementations of 52 the two mandatory authentication algorithms specified for the TCP 53 Authentication Option over both IPv4 and IPv6. This includes 54 validation of the key derivation function (KDF) based on a set of 55 test connection parameters as well as validation of the message 56 authentication code (MAC). Vectors are provided for both currently 57 required pairs of KDF and MAC algorithms: one based on SHA-1 and the 58 other on AES-128. The vectors also validate both whole TCP segments 59 as well as segments whose options are excluded for NAT traversal. 61 Table of Contents 63 1. Introduction...................................................3 64 2. Conventions used in this document..............................4 65 3. Input Test Vectors.............................................4 66 3.1. TCP Connection Parameters.................................4 67 3.1.1. TCP-AO parameters....................................4 68 3.1.2. Active (client) side parameters......................4 69 3.1.3. Passive (server) side parameters.....................5 70 3.1.4. Other IP fields and options..........................5 71 3.1.5. Other TCP fields and options.........................5 72 4. IPv4 SHA-1 Output Test Vectors.................................5 73 4.1. SHA-1 MAC (default - covers TCP options)..................6 74 4.1.1. Send (client) SYN (covers options)...................6 75 4.1.2. Receive (server) SYN-ACK (covers options)............6 76 4.1.3. Send (client) non-SYN (covers options)...............7 77 4.1.4. Receive (server) non-SYN (covers options)............7 78 4.2. SHA-1 MAC (omits TCP options).............................8 79 4.2.1. Send (client) SYN (omits options)....................8 80 4.2.2. Receive (server) SYN-ACK (omits options).............8 81 4.2.3. Send (client) non-SYN (omits options)................9 82 4.2.4. Receive (server) non-SYN (omits options).............9 83 5. IPv4 AES-128 Output Test Vectors..............................10 84 5.1. AES MAC (default - covers TCP options)...................10 85 5.1.1. Send (client) SYN (covers options)..................10 86 5.1.2. Receive (server) SYN-ACK (covers options)...........11 87 5.1.3. Send (client) non-SYN (covers options)..............11 88 5.1.4. Receive (server) non-SYN (covers options)...........12 89 5.2. AES MAC (omits TCP options)..............................12 90 5.2.1. Send (client) SYN (omits options)...................12 91 5.2.2. Receive (server) SYN-ACK (omits options)............13 92 5.2.3. Send (client) non-SYN (omits options)...............13 93 5.2.4. Receive (server) non-SYN (omits options)............14 94 6. IPv6 SHA-1 Output Test Vectors................................14 95 6.1. SHA-1 MAC (default - covers TCP options).................14 96 6.1.1. Send (client) SYN (covers options)..................14 97 6.1.2. Receive (server) SYN-ACK (covers options)...........15 98 6.1.3. Send (client) non-SYN (covers options)..............15 99 6.1.4. Receive (server) non-SYN (covers options)...........16 100 6.2. SHA-1 MAC (omits TCP options)............................17 101 6.2.1. Send (client) SYN (omits options)...................17 102 6.2.2. Receive (server) SYN-ACK (omits options)............17 103 6.2.3. Send (client) non-SYN (omits options)...............18 104 6.2.4. Receive (server) non-SYN (omits options)............18 105 7. IPv6 AES-128 Output Test Vectors..............................19 106 7.1. AES MAC (default - covers TCP options)...................19 107 7.1.1. Send (client) SYN (covers options)..................19 108 7.1.2. Receive (server) SYN-ACK (covers options)...........20 109 7.1.3. Send (client) non-SYN (covers options)..............20 110 7.1.4. Receive (server) non-SYN (covers options)...........21 111 7.2. AES MAC (omits TCP options)..............................21 112 7.2.1. Send (client) SYN (omits options)...................21 113 7.2.2. Receive (server) SYN-ACK (omits options)............22 114 7.2.3. Send (client) non-SYN (omits options)...............22 115 7.2.4. Receive (server) non-SYN (omits options)............23 116 8. Observed Implementation Errors................................23 117 8.1. Algorithm issues.........................................23 118 8.2. Algorithm parameters.....................................24 119 8.3. String handling issues...................................24 120 8.4. Header coverage issues...................................24 121 9. Security Considerations.......................................24 122 10. IANA Considerations..........................................25 123 11. References...................................................25 124 11.1. Normative References....................................25 125 11.2. Informative References..................................25 126 12. Acknowledgments..............................................26 128 1. Introduction 130 This document provides test vectors to validate the correct 131 implementation of the TCP Authentication Option (TCP-AO) [RFC5925] 132 and its mandatory cryptographic algorithms defined in [RFC5926]. It 133 includes the specification of all endpoint parameters to generate 134 the variety of TCP segments covered by different keys and MAC 135 coverage, i.e., both the default case and the variant where TCP 136 options are ignored. It also includes both default key derivation 137 functions (KDFs) and MAC generation algorithms [RFC5926] and lists 138 common pitfalls of implementing the algorithms correctly. 140 The experimental extension to support NAT traversal is not included 141 in the provided test vectors [RFC6978]. 143 This document provides test vectors from an implementation that has 144 been validated against another routing vendor for interoperability.. 146 2. Conventions used in this document 148 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 149 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 150 "OPTIONAL" in this document are to be interpreted as described in 151 BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all 152 capitals, as shown here. 154 3. Input Test Vectors 156 3.1. TCP Connection Parameters 158 The following parameters are used throughout this suite of test 159 vectors. The terms 'active' and 'passive' are used as defined for 160 TCP [RFC793]. 162 3.1.1. TCP-AO parameters 164 The following values are used for all exchanges. This suite does not 165 test key switchover. The KeyIDs are as indicated for TCP-AO 166 [RFC5925]. The Master Key is used to derive the traffic keys 167 [RFC5926]. 169 Active (client) side KeyID: 61 (3D) 171 Passive (server) side KeyID: 84 (54) 173 Master_key: "testvector" (length = 10 bytes) 175 3.1.2. Active (client) side parameters 177 The following endpoint parameters are used on the active side of the 178 TCP connection, i.e., the side that initiates the TCP SYN. 180 For IPv4: 10.11.12.13 182 For IPv6: FD00::1 184 TCP port: (varies) 186 3.1.3. Passive (server) side parameters 188 The following endpoint parameters are used for the passive side of 189 the TCP connection, i.e., the side that responds with a TCP SYN-ACK. 191 For IPv4: 172.27.28.29 193 For IPv6: FD00::2 195 TCP port = 179 (BGP) 197 3.1.4. Other IP fields and options 199 No IP options are used in these test vectors. 201 All IPv4 packets use the following other parameters [RFC791]: DSCP = 202 111000 (CS7) as is typical for BGP, ECN = 00, set DF, and clear MF. 204 IPv4 uses a TTL of 255; IPv6 uses a hop limit of 64. 206 All IPv6 packets use the following other parameters [RFC8200]: 207 traffic class = e0 (DSCP = 111000 CS7, as is typical for BGP, with 208 ECN = 00) and no EHs. 210 3.1.5. Other TCP fields and options 212 The SYN and SYN-ACK segments include MSS [RFC793], NOP, WindowScale 213 [RFC7323], SACK Permitted [RFC2018], TimeStamp [RFC7323], and TCP-AO 214 [RFC5925], in that order. 216 All other example segments include NOP, NOP, TimeStamp, and TCP-AO, 217 in that order. 219 All segment URG pointers are zero [RFC793]. All segments with data 220 set the PSH flag [RFC793]. 222 4. IPv4 SHA-1 Output Test Vectors 224 SHA-1 is computed as specified for TCP-AO [RFC5926]. 226 4.1. SHA-1 MAC (default - covers TCP options) 228 4.1.1. Send (client) SYN (covers options) 230 Send_SYN_traffic_key: 232 6d 63 ef 1b 02 fe 15 09 d4 b1 40 27 07 fd 7b 04 233 16 ab b7 4f 235 IPv4/TCP: 237 45 e0 00 4c dd 0f 40 00 ff 06 bf 6b 0a 0b 0c 0d 238 ac 1b 1c 1d e9 d7 00 b3 fb fb ab 5a 00 00 00 00 239 e0 02 ff ff ca c4 00 00 02 04 05 b4 01 03 03 08 240 04 02 08 0a 00 15 5a b7 00 00 00 00 1d 10 3d 54 241 2e e4 37 c6 f8 ed e6 d7 c4 d6 02 e7 243 MAC: 245 2e e4 37 c6 f8 ed e6 d7 c4 d6 02 e7 247 4.1.2. Receive (server) SYN-ACK (covers options) 249 Receive_SYN_traffic_key: 251 d9 e2 17 e4 83 4a 80 ca 2f 3f d8 de 2e 41 b8 e6 252 79 7f ea 96 254 IPv4/TCP: 256 45 e0 00 4c 65 06 40 00 ff 06 37 75 ac 1b 1c 1d 257 0a 0b 0c 0d 00 b3 e9 d7 11 c1 42 61 fb fb ab 5b 258 e0 12 ff ff 37 76 00 00 02 04 05 b4 01 03 03 08 259 04 02 08 0a 84 a5 0b eb 00 15 5a b7 1d 10 54 3d 260 ee ab 0f e2 4c 30 10 81 51 16 b3 be 262 MAC: 264 ee ab 0f e2 4c 30 10 81 51 16 b3 be 266 4.1.3. Send (client) non-SYN (covers options) 268 Send_other_traffic_key: 270 d2 e5 9c 65 ff c7 b1 a3 93 47 65 64 63 b7 0e dc 271 24 a1 3d 71 273 IPv4/TCP: 275 45 e0 00 87 36 a1 40 00 ff 06 65 9f 0a 0b 0c 0d 276 ac 1b 1c 1d e9 d7 00 b3 fb fb ab 5b 11 c1 42 62 277 c0 18 01 04 a1 62 00 00 01 01 08 0a 00 15 5a c1 278 84 a5 0b eb 1d 10 3d 54 70 64 cf 99 8c c6 c3 15 279 c2 c2 e2 bf ff ff ff ff ff ff ff ff ff ff ff ff 280 ff ff ff ff 00 43 01 04 da bf 00 b4 0a 0b 0c 0d 281 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 282 00 02 02 42 00 02 06 41 04 00 00 da bf 02 08 40 283 06 00 64 00 01 01 00 285 MAC: 287 70 64 cf 99 8c c6 c3 15 c2 c2 e2 bf 289 4.1.4. Receive (server) non-SYN (covers options) 291 Receive_other_traffic_key: 293 d9 e2 17 e4 83 4a 80 ca 2f 3f d8 de 2e 41 b8 e6 294 79 7f ea 96 296 IPv4/TCP: 298 45 e0 00 87 1f a9 40 00 ff 06 7c 97 ac 1b 1c 1d 299 0a 0b 0c 0d 00 b3 e9 d7 11 c1 42 62 fb fb ab 9e 300 c0 18 01 00 40 0c 00 00 01 01 08 0a 84 a5 0b f5 301 00 15 5a c1 1d 10 54 3d a6 3f 0e cb bb 2e 63 5c 302 95 4d ea c7 ff ff ff ff ff ff ff ff ff ff ff ff 303 ff ff ff ff 00 43 01 04 da c0 00 b4 ac 1b 1c 1d 304 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 305 00 02 02 42 00 02 06 41 04 00 00 da c0 02 08 40 306 06 00 64 00 01 01 00 308 MAC: 310 a6 3f 0e cb bb 2e 63 5c 95 4d ea c7 312 4.2. SHA-1 MAC (omits TCP options) 314 4.2.1. Send (client) SYN (omits options) 316 Send_SYN_traffic_key: 318 30 ea a1 56 0c f0 be 57 da b5 c0 45 22 9f b1 0a 319 42 3c d7 ea 321 IPv4/TCP: 323 45 e0 00 4c 53 99 40 00 ff 06 48 e2 0a 0b 0c 0d 324 ac 1b 1c 1d ff 12 00 b3 cb 0e fb ee 00 00 00 00 325 e0 02 ff ff 54 1f 00 00 02 04 05 b4 01 03 03 08 326 04 02 08 0a 00 02 4c ce 00 00 00 00 1d 10 3d 54 327 80 af 3c fe b8 53 68 93 7b 8f 9e c2 329 MAC: 331 80 af 3c fe b8 53 68 93 7b 8f 9e c2 333 4.2.2. Receive (server) SYN-ACK (omits options) 335 Receive_SYN_traffic_key: 337 b5 b2 89 6b b3 66 4e 81 76 b0 ed c6 e7 99 52 41a 338 01 a8 30 7f 340 IPv4/TCP: 342 45 e0 00 4c 32 84 40 00 ff 06 69 f7 ac 1b 1c 1d 343 0a 0b 0c 0d 00 b3 ff 12 ac d5 b5 e1 cb 0e fb ef 344 e0 12 ff ff 38 8e 00 00 02 04 05 b4 01 03 03 08 345 04 02 08 0a 57 67 72 f3 00 02 4c ce 1d 10 54 3d 346 09 30 6f 9a ce a6 3a 8c 68 cb 9a 70 348 MAC: 350 09 30 6f 9a ce a6 3a 8c 68 cb 9a 70 352 4.2.3. Send (client) non-SYN (omits options) 354 Send_other_traffic_key: 356 f3 db 17 93 d7 91 0e cd 80 6c 34 f1 55 ea 1f 00 357 34 59 53 e3 359 IPv4/TCP: 361 45 e0 00 87 a8 f5 40 00 ff 06 f3 4a 0a 0b 0c 0d 362 ac 1b 1c 1d ff 12 00 b3 cb 0e fb ef ac d5 b5 e2 363 c0 18 01 04 6c 45 00 00 01 01 08 0a 00 02 4c ce 364 57 67 72 f3 1d 10 3d 54 71 06 08 cc 69 6c 03 a2 365 71 c9 3a a5 ff ff ff ff ff ff ff ff ff ff ff ff 366 ff ff ff ff 00 43 01 04 da bf 00 b4 0a 0b 0c 0d 367 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 368 00 02 02 42 00 02 06 41 04 00 00 da bf 02 08 40 369 06 00 64 00 01 01 00 371 MAC: 373 71 06 08 cc 69 6c 03 a2 71 c9 3a a5 375 4.2.4. Receive (server) non-SYN (omits options) 377 Receive_other_traffic_key: 379 b5 b2 89 6b b3 66 4e 81 76 b0 ed c6 e7 99 52 41 380 01 a8 30 7f 382 IPv4/TCP: 384 45 e0 00 87 54 37 40 00 ff 06 48 09 ac 1b 1c 1d 385 0a 0b 0c 0d 00 b3 ff 12 ac d5 b5 e2 cb 0e fc 32 386 c0 18 01 00 46 b6 00 00 01 01 08 0a 57 67 72 f3 387 00 02 4c ce 1d 10 54 3d 97 76 6e 48 ac 26 2d e9 388 ae 61 b4 f9 ff ff ff ff ff ff ff ff ff ff ff ff 389 ff ff ff ff 00 43 01 04 da c0 00 b4 ac 1b 1c 1d 390 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 391 00 02 02 42 00 02 06 41 04 00 00 da c0 02 08 40 392 06 00 64 00 01 01 00 394 MAC: 396 97 76 6e 48 ac 26 2d e9 ae 61 b4 f9 398 5. IPv4 AES-128 Output Test Vectors 400 AES-128 is computed as required by TCP-AO [RFC5926]. 402 5.1. AES MAC (default - covers TCP options) 404 5.1.1. Send (client) SYN (covers options) 406 Send_SYN_traffic_key: 408 f5 b8 b3 d5 f3 4f db b6 eb 8d 4a b9 66 0e 60 e3 410 IP/TCP: 412 45 e0 00 4c 7b 9f 40 00 ff 06 20 dc 0a 0b 0c 0d 413 ac 1b 1c 1d c4 fa 00 b3 78 7a 1d df 00 00 00 00 414 e0 02 ff ff 5a 0f 00 00 02 04 05 b4 01 03 03 08 415 04 02 08 0a 00 01 7e d0 00 00 00 00 1d 10 3d 54 416 e4 77 e9 9c 80 40 76 54 98 e5 50 91 418 MAC: 420 e4 77 e9 9c 80 40 76 54 98 e5 50 91 422 5.1.2. Receive (server) SYN-ACK (covers options) 424 Receive_SYN_traffic_key: 426 4b c7 57 1a 48 6f 32 64 bb d8 88 47 40 66 b4 b1 428 IPv4/TCP: 430 45 e0 00 4c 4b ad 40 00 ff 06 50 ce ac 1b 1c 1d 431 0a 0b 0c 0d 00 b3 c4 fa fa dd 6d e9 78 7a 1d e0 432 e0 12 ff ff f3 f2 00 00 02 04 05 b4 01 03 03 08 433 04 02 08 0a 93 f4 e9 e8 00 01 7e d0 1d 10 54 3d 434 d6 ad a7 bc 4c dd 53 6d 17 69 db 5f 436 MAC: 438 d6 ad a7 bc 4c dd 53 6d 17 69 db 5f 440 5.1.3. Send (client) non-SYN (covers options) 442 Send_other_traffic_key: 444 8c 8a e0 e8 37 1e c5 cb b9 7e a7 9d 90 41 83 91 446 IPv4/TCP: 448 45 e0 00 87 fb 4f 40 00 ff 06 a0 f0 0a 0b 0c 0d 449 ac 1b 1c 1d c4 fa 00 b3 78 7a 1d e0 fa dd 6d ea 450 c0 18 01 04 95 05 00 00 01 01 08 0a 00 01 7e d0 451 93 f4 e9 e8 1d 10 3d 54 77 41 27 42 fa 4d c4 33 452 ef f0 97 3e ff ff ff ff ff ff ff ff ff ff ff ff 453 ff ff ff ff 00 43 01 04 da bf 00 b4 0a 0b 0c 0d 454 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 455 00 02 02 42 00 02 06 41 04 00 00 da bf 02 08 40 456 06 00 64 00 01 01 00 458 MAC: 460 77 41 27 42 fa 4d c4 33 ef f0 97 3e 462 5.1.4. Receive (server) non-SYN (covers options) 464 Receive_other_traffic_key: 466 4b c7 57 1a 48 6f 32 64 bb d8 88 47 40 66 b4 b1 468 IPv4/TCP: 470 45 e0 00 87 b9 14 40 00 ff 06 e3 2b ac 1b 1c 1d 471 0a 0b 0c 0d 00 b3 c4 fa fa dd 6d ea 78 7a 1e 23 472 c0 18 01 00 e7 db 00 00 01 01 08 0a 93 f4 e9 e8 473 00 01 7e d0 1d 10 54 3d f6 d9 65 a7 83 82 a7 48 474 45 f7 2d ac ff ff ff ff ff ff ff ff ff ff ff ff 475 ff ff ff ff 00 43 01 04 da c0 00 b4 ac 1b 1c 1d 476 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 477 00 02 02 42 00 02 06 41 04 00 00 da c0 02 08 40 478 06 00 64 00 01 01 00 480 MAC: 482 f6 d9 65 a7 83 82 a7 48 45 f7 2d ac 484 5.2. AES MAC (omits TCP options) 486 5.2.1. Send (client) SYN (omits options) 488 Send_SYN_traffic_key: 490 2c db ae 13 92 c4 94 49 fa 92 c4 50 97 35 d5 0e 492 IPv4/TCP: 494 45 e0 00 4c f2 2e 40 00 ff 06 aa 4c 0a 0b 0c 0d 495 ac 1b 1c 1d da 1c 00 b3 38 9b ed 71 00 00 00 00 496 e0 02 ff ff 70 bf 00 00 02 04 05 b4 01 03 03 08 497 04 02 08 0a 00 01 85 e1 00 00 00 00 1d 10 3d 54 498 c4 4e 60 cb 31 f7 c0 b1 de 3d 27 49 500 MAC: 502 c4 4e 60 cb 31 f7 c0 b1 de 3d 27 49 504 5.2.2. Receive (server) SYN-ACK (omits options) 506 Receive_SYN_traffic_key: 508 3c e6 7a 55 18 69 50 6b 63 47 b6 33 c5 0a 62 4a 510 IPv4/TCP: 512 45 e0 00 4c 6c c0 40 00 ff 06 2f bb ac 1b 1c 1d 513 0a 0b 0c 0d 00 b3 da 1c d3 84 4a 6f 38 9b ed 72 514 e0 12 ff ff e4 45 00 00 02 04 05 b4 01 03 03 08 515 04 02 08 0a ce 45 98 38 00 01 85 e1 1d 10 54 3d 516 3a 6a bb 20 7e 49 b1 be 71 36 db 90 518 MAC: 520 3a 6a bb 20 7e 49 b1 be 71 36 db 90 522 5.2.3. Send (client) non-SYN (omits options) 524 Send_other_traffic_key: 526 03 5b c4 00 a3 41 ff e5 95 f5 9f 58 00 50 06 ca 528 IPv4/TCP: 530 45 e0 00 87 ee 91 40 00 ff 06 ad ae 0a 0b 0c 0d 531 ac 1b 1c 1d da 1c 00 b3 38 9b ed 72 d3 84 4a 70 532 c0 18 01 04 88 51 00 00 01 01 08 0a 00 01 85 e1 533 ce 45 98 38 1d 10 3d 54 75 85 e9 e9 d5 c3 ec 85 534 7b 96 f8 37 ff ff ff ff ff ff ff ff ff ff ff ff 535 ff ff ff ff 00 43 01 04 da bf 00 b4 0a 0b 0c 0d 536 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 537 00 02 02 42 00 02 06 41 04 00 00 da bf 02 08 40 538 06 00 64 00 01 01 00 540 MAC: 542 75 85 e9 e9 d5 c3 ec 85 7b 96 f8 37 544 5.2.4. Receive (server) non-SYN (omits options) 546 Receive_other_traffic_key: 548 3c e6 7a 55 18 69 50 6b 63 47 b6 33 c5 0a 62 4a 550 IPv4/TCP: 552 45 e0 00 87 6a 21 40 00 ff 06 32 1f ac 1b 1c 1d 553 0a 0b 0c 0d 00 b3 da 1c d3 84 4a 70 38 9b ed 72 554 c0 18 01 00 04 49 00 00 01 01 08 0a ce 45 98 38 555 00 01 85 e1 1d 10 54 3d 5c 04 0f d9 23 33 04 76 556 5c 09 82 f4 ff ff ff ff ff ff ff ff ff ff ff ff 557 ff ff ff ff 00 43 01 04 da c0 00 b4 ac 1b 1c 1d 558 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 559 00 02 02 42 00 02 06 41 04 00 00 da c0 02 08 40 560 06 00 64 00 01 01 00 562 MAC: 564 5c 04 0f d9 23 33 04 76 5c 09 82 f4 566 6. IPv6 SHA-1 Output Test Vectors 568 SHA-1 is computed as specified for TCP-AO [RFC5926]. 570 6.1. SHA-1 MAC (default - covers TCP options) 572 6.1.1. Send (client) SYN (covers options) 574 Send_SYN_traffic_key: 576 62 5e c0 9d 57 58 36 ed c9 b6 42 84 18 bb f0 69 577 89 a3 61 bb 579 IPv6/TCP: 581 6e 08 91 dc 00 38 06 40 fd 00 00 00 00 00 00 00 582 00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00 583 00 00 00 00 00 00 00 02 f7 e4 00 b3 17 6a 83 3f 584 00 00 00 00 e0 02 ff ff 47 21 00 00 02 04 05 a0 585 01 03 03 08 04 02 08 0a 00 41 d0 87 00 00 00 00 586 1d 10 3d 54 90 33 ec 3d 73 34 b6 4c 5e dd 03 9f 588 MAC: 590 90 33 ec 3d 73 34 b6 4c 5e dd 03 9f 592 6.1.2. Receive (server) SYN-ACK (covers options) 594 Receive_SYN_traffic_key: 596 e4 a3 7a da 2a 0a fc a8 71 14 34 91 3f e1 38 c7 597 71 eb cb 4a 599 IPv6/TCP: 601 6e 01 00 9e 00 38 06 40 fd 00 00 00 00 00 00 00 602 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 603 00 00 00 00 00 00 00 01 00 b3 f7 e4 3f 51 99 4b 604 17 6a 83 40 e0 12 ff ff bf ec 00 00 02 04 05 a0 605 01 03 03 08 04 02 08 0a bd 33 12 9b 00 41 d0 87 606 1d 10 54 3d f1 cb a3 46 c3 52 61 63 f7 1f 1f 55 608 MAC: 610 f1 cb a3 46 c3 52 61 63 f7 1f 1f 55 612 6.1.3. Send (client) non-SYN (covers options) 614 Send_other_traffic_key: 616 1e d8 29 75 f4 ea 44 4c 61 58 0c 5b d9 0d bd 61 617 bb c9 1b 7e 619 IPv6/TCP: 621 6e 08 91 dc 00 73 06 40 fd 00 00 00 00 00 00 00 622 00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00 623 00 00 00 00 00 00 00 02 f7 e4 00 b3 17 6a 83 40 624 3f 51 99 4c c0 18 01 00 32 9c 00 00 01 01 08 0a 625 00 41 d0 91 bd 33 12 9b 1d 10 3d 54 bf 08 05 fe 626 b4 ac 7b 16 3d 6f cd f2 ff ff ff ff ff ff ff ff 627 ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4 628 01 01 01 79 26 02 06 01 04 00 01 00 01 02 02 80 629 00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd 630 e8 02 08 40 06 00 64 00 01 01 00 632 MAC: 634 bf 08 05 fe b4 ac 7b 16 3d 6f cd f2 636 6.1.4. Receive (server) non-SYN (covers options) 638 Receive_other_traffic_key: 640 e4 a3 7a da 2a 0a fc a8 71 14 34 91 3f e1 38 c7 641 71 eb cb 4a 643 IPv6/TCP: 645 6e 01 00 9e 00 73 06 40 fd 00 00 00 00 00 00 00 646 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 647 00 00 00 00 00 00 00 01 00 b3 f7 e4 3f 51 99 4c 648 17 6a 83 83 c0 18 01 00 ee 6e 00 00 01 01 08 0a 649 bd 33 12 a5 00 41 d0 91 1d 10 54 3d 6c 48 12 5c 650 11 33 5b ab 9a 07 a7 97 ff ff ff ff ff ff ff ff 651 ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4 652 01 01 01 7a 26 02 06 01 04 00 01 00 01 02 02 80 653 00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd 654 e8 02 08 40 06 00 64 00 01 01 00 656 MAC: 658 6c 48 12 5c 11 33 5b ab 9a 07 a7 97 660 6.2. SHA-1 MAC (omits TCP options) 662 6.2.1. Send (client) SYN (omits options) 664 Send_SYN_traffic_key: 666 31 a3 fa f6 9e ff ae 52 93 1b 7f 84 54 67 31 5c 667 27 0a 4e dc 669 IPv6/TCP: 671 6e 07 8f cd 00 38 06 40 fd 00 00 00 00 00 00 00 672 00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00 673 00 00 00 00 00 00 00 02 c6 cd 00 b3 02 0c 1e 69 674 00 00 00 00 e0 02 ff ff a4 1a 00 00 02 04 05 a0 675 01 03 03 08 04 02 08 0a 00 9d b9 5b 00 00 00 00 676 1d 10 3d 54 88 56 98 b0 53 0e d4 d5 a1 5f 83 46 678 MAC: 680 88 56 98 b0 53 0e d4 d5 a1 5f 83 46 682 6.2.2. Receive (server) SYN-ACK (omits options) 684 Receive_SYN_traffic_key: 686 40 51 08 94 7f 99 65 75 e7 bd bc 26 d4 02 16 a2 687 c7 fa 91 bd 689 IPv6/TCP: 691 6e 0a 7e 1f 00 38 06 40 fd 00 00 00 00 00 00 00 692 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 693 00 00 00 00 00 00 00 01 00 b3 c6 cd eb a3 73 4d 694 02 0c 1e 6a e0 12 ff ff 77 4d 00 00 02 04 05 a0 695 01 03 03 08 04 02 08 0a 5e c9 9b 70 00 9d b9 5b 696 1d 10 54 3d 3c 54 6b ad 97 43 f1 2d f8 b8 01 0d 698 MAC: 700 3c 54 6b ad 97 43 f1 2d f8 b8 01 0d 702 6.2.3. Send (client) non-SYN (omits options) 704 Send_other_traffic_key: 706 b3 4e ed 6a 93 96 a6 69 f1 c4 f4 f5 76 18 f3 65 707 6f 52 c7 ab 709 IPv6/TCP: 711 6e 07 8f cd 00 73 06 40 fd 00 00 00 00 00 00 00 712 00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00 713 00 00 00 00 00 00 00 02 c6 cd 00 b3 02 0c 1e 6a 714 eb a3 73 4e c0 18 01 00 83 e6 00 00 01 01 08 0a 715 00 9d b9 65 5e c9 9b 70 1d 10 3d 54 48 bd 09 3b 716 19 24 e0 01 19 2f 5b f0 ff ff ff ff ff ff ff ff 717 ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4 718 01 01 01 79 26 02 06 01 04 00 01 00 01 02 02 80 719 00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd 720 e8 02 08 40 06 00 64 00 01 01 00 722 MAC: 724 48 bd 09 3b 19 24 e0 01 19 2f 5b f0 726 6.2.4. Receive (server) non-SYN (omits options) 728 Receive_other_traffic_key: 730 40 51 08 94 7f 99 65 75 e7 bd bc 26 d4 02 16 a2 731 c7 fa 91 bd 733 IPv6/TCP: 735 6e 0a 7e 1f 00 73 06 40 fd 00 00 00 00 00 00 00 736 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 737 00 00 00 00 00 00 00 01 00 b3 c6 cd eb a3 73 4e 738 02 0c 1e ad c0 18 01 00 71 6a 00 00 01 01 08 0a 739 5e c9 9b 7a 00 9d b9 65 1d 10 54 3d 55 9a 81 94 740 45 b4 fd e9 8d 9e 13 17 ff ff ff ff ff ff ff ff 741 ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4 742 01 01 01 7a 26 02 06 01 04 00 01 00 01 02 02 80 743 00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd 744 e8 02 08 40 06 00 64 00 01 01 00 746 MAC: 748 55 9a 81 94 45 b4 fd e9 8d 9e 13 17 750 7. IPv6 AES-128 Output Test Vectors 752 AES-128 is computed as required by TCP-AO [RFC5926]. 754 7.1. AES MAC (default - covers TCP options) 756 7.1.1. Send (client) SYN (covers options) 758 Send_SYN_traffic_key: 760 fa 5a 21 08 88 2d 39 d0 c7 19 29 17 5a b1 b7 b8 762 IP/TCP: 764 6e 04 a7 06 00 38 06 40 fd 00 00 00 00 00 00 00 765 00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00 766 00 00 00 00 00 00 00 02 f8 5a 00 b3 19 3c cc ec 767 00 00 00 00 e0 02 ff ff de 5d 00 00 02 04 05 a0 768 01 03 03 08 04 02 08 0a 13 e4 ab 99 00 00 00 00 769 1d 10 3d 54 59 b5 88 10 74 81 ac 6d c3 92 70 40 771 MAC: 773 59 b5 88 10 74 81 ac 6d c3 92 70 40 775 7.1.2. Receive (server) SYN-ACK (covers options) 777 Receive_SYN_traffic_key: 779 cf 1b 1e 22 5e 06 a6 36 16 76 4a 06 7b 46 f4 b1 781 IPv6/TCP: 783 6e 06 15 20 00 38 06 40 fd 00 00 00 00 00 00 00 784 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 785 00 00 00 00 00 00 00 01 00 b3 f8 5a a6 74 4e cb 786 19 3c cc ed e0 12 ff ff ea bb 00 00 02 04 05 a0 787 01 03 03 08 04 02 08 0a 71 da ab c8 13 e4 ab 99 788 1d 10 54 3d dc 28 43 a8 4e 78 a6 bc fd c5 ed 80 790 MAC: 792 dc 28 43 a8 4e 78 a6 bc fd c5 ed 80 794 7.1.3. Send (client) non-SYN (covers options) 796 Send_other_traffic_key: 798 61 74 c3 55 7a be d2 75 74 db a3 71 85 f0 03 00 800 IPv6/TCP: 802 6e 04 a7 06 00 73 06 40 fd 00 00 00 00 00 00 00 803 00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00 804 00 00 00 00 00 00 00 02 f8 5a 00 b3 19 3c cc ed 805 a6 74 4e cc c0 18 01 00 32 80 00 00 01 01 08 0a 806 13 e4 ab a3 71 da ab c8 1d 10 3d 54 7b 6a 45 5c 807 0d 4f 5f 01 83 5b aa b3 ff ff ff ff ff ff ff ff 808 ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4 809 01 01 01 79 26 02 06 01 04 00 01 00 01 02 02 80 810 00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd 811 e8 02 08 40 06 00 64 00 01 01 00 813 MAC: 815 7b 6a 45 5c 0d 4f 5f 01 83 5b aa b3 817 7.1.4. Receive (server) non-SYN (covers options) 819 Receive_other_traffic_key: 821 cf 1b 1e 22 5e 06 a6 36 16 76 4a 06 7b 46 f4 b1 823 IPv6/TCP: 825 6e 06 15 20 00 73 06 40 fd 00 00 00 00 00 00 00 826 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 827 00 00 00 00 00 00 00 01 00 b3 f8 5a a6 74 4e cc 828 19 3c cd 30 c0 18 01 00 52 f4 00 00 01 01 08 0a 829 71 da ab d3 13 e4 ab a3 1d 10 54 3d c1 06 9b 7d 830 fd 3d 69 3a 6d f3 f2 89 ff ff ff ff ff ff ff ff 831 ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4 832 01 01 01 7a 26 02 06 01 04 00 01 00 01 02 02 80 833 00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd 834 e8 02 08 40 06 00 64 00 01 01 00 836 MAC: 838 c1 06 9b 7d fd 3d 69 3a 6d f3 f2 89 840 7.2. AES MAC (omits TCP options) 842 7.2.1. Send (client) SYN (omits options) 844 Send_SYN_traffic_key: 846 a9 4f 51 12 63 e4 09 3d 35 dd 81 8c 13 bb bf 53 848 IPv6/TCP: 850 6e 09 3d 76 00 38 06 40 fd 00 00 00 00 00 00 00 851 00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00 852 00 00 00 00 00 00 00 02 f2 88 00 b3 b0 1d a7 4a 853 00 00 00 00 e0 02 ff ff 75 ff 00 00 02 04 05 a0 854 01 03 03 08 04 02 08 0a 14 27 5b 3b 00 00 00 00 855 1d 10 3d 54 3d 45 b4 34 2d e8 bb 15 30 84 78 98 857 MAC: 859 3d 45 b4 34 2d e8 bb 15 30 84 78 98 861 7.2.2. Receive (server) SYN-ACK (omits options) 863 Receive_SYN_traffic_key: 865 92 de a5 bb c7 8b 1d 9f 5b 29 52 e9 cd 30 64 2a 867 IPv6/TCP: 869 6e 0c 60 0a 00 38 06 40 fd 00 00 00 00 00 00 00 870 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 871 00 00 00 00 00 00 00 01 00 b3 f2 88 a6 24 61 45 872 b0 1d a7 4b e0 12 ff ff a7 0c 00 00 02 04 05 a0 873 01 03 03 08 04 02 08 0a 17 82 24 5b 14 27 5b 3b 874 1d 10 54 3d 1d 01 f6 c8 7c 6f 93 ac ff a9 d4 b5 876 MAC: 878 1d 01 f6 c8 7c 6f 93 ac ff a9 d4 b5 880 7.2.3. Send (client) non-SYN (omits options) 882 Send_other_traffic_key: 884 4f b2 08 6e 40 2c 67 90 79 ed 65 d4 bf 97 69 3d 886 IPv6/TCP: 888 6e 09 3d 76 00 73 06 40 fd 00 00 00 00 00 00 00 889 00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00 890 00 00 00 00 00 00 00 02 f2 88 00 b3 b0 1d a7 4b 891 a6 24 61 46 c0 18 01 00 c3 6d 00 00 01 01 08 0a 892 14 27 5b 4f 17 82 24 5b 1d 10 3d 54 29 0c f4 14 893 cc b4 7a 33 32 76 e7 f8 ff ff ff ff ff ff ff ff 894 ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4 895 01 01 01 79 26 02 06 01 04 00 01 00 01 02 02 80 896 00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd 897 e8 02 08 40 06 00 64 00 01 01 00 899 MAC: 901 29 0c f4 14 cc b4 7a 33 32 76 e7 f8 903 7.2.4. Receive (server) non-SYN (omits options) 905 Receive_other_traffic_key: 907 92 de a5 bb c7 8b 1d 9f 5b 29 52 e9 cd 30 64 2a 909 IPv6/TCP: 911 6e 0c 60 0a 00 73 06 40 fd 00 00 00 00 00 00 00 912 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 913 00 00 00 00 00 00 00 01 00 b3 f2 88 a6 24 61 46 914 b0 1d a7 8e c0 18 01 00 34 51 00 00 01 01 08 0a 915 17 82 24 65 14 27 5b 4f 1d 10 54 3d 99 51 5f fc 916 d5 40 34 99 f6 19 fd 1b ff ff ff ff ff ff ff ff 917 ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4 918 01 01 01 7a 26 02 06 01 04 00 01 00 01 02 02 80 919 00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd 920 e8 02 08 40 06 00 64 00 01 01 00 922 MAC: 924 99 51 5f fc d5 40 34 99 f6 19 fd 1b 926 8. Observed Implementation Errors 928 The following is a partial list of implementation errors that this 929 set of test vectors is intended to validate. 931 8.1. Algorithm issues 933 o Underlying implementation of HMAC SHA1 or AES128 CMAC does not 934 pass their corresponding test vectors [RFC2202] [RFC4493] 936 o The SNE algorithm does not consider corner cases (the pseudocode 937 in [RFC5925] was not intended as complete, as discussed in 938 [To21], the latter of which includes its own validation sequence) 940 8.2. Algorithm parameters 942 o KDF context length is incorrect, e.g. it does not include TCP 943 header length + payload length (it should, per 5.2 of TCP-AO 944 [RFC5925]) 946 o KDF calculation does not start from counter i = 1 (it should, per 947 Sec. 3.1.1 of the TCP-AO crypto algorithms [RFC5926]) 949 o KDF calculation does not include output length in bits, contained 950 in two bytes in network byte order (it should, per Sec. 3.1.1 of 951 the TCP-AO crypto algorithms [RFC5926]) 953 o KDF uses keys generated from current TCP segment sequence numbers 954 (KDF should use only local and remote ISNs or zero, as indicated 955 in Sec. 5.2 of TCP-AO [RFC5925]) 957 8.3. String handling issues 959 The strings indicated in TCP-AO and its algorithms are indicated as 960 a sequence of bytes of known length. In some implementations, string 961 lengths are indicated by a terminal value (e.g., zero in C). This 962 terminal value is not included as part of the string for 963 calculations. 965 o Password includes the last zero-byte (it should not) 967 o Label "TCP-AO" includes the last zero byte (it should not) 969 8.4. Header coverage issues 971 o TCP checksum and/or MAC is not zeroed properly before calculation 972 (both should be) 974 o TCP header is not included to the MAC calculation (it should be) 976 o TCP options are not included to the MAC calculation by default 977 (there is a separate parameter in the master key tuple to ignore 978 options; this document provides test vectors for both options- 979 included and options-excluded cases) 981 9. Security Considerations 983 This document is intended to assist in the validation of 984 implementations of TCP-AO, to further enable its more widespread use 985 as a security mechanism to authenticate not only TCP payload 986 contents but the TCP headers and protocol. 988 The master_key of "testvector" used here for test vector generation 989 SHOULD NOT be used operationally. 991 10. IANA Considerations 993 This document contains no IANA issues. This section should be 994 removed upon publication as an RFC. 996 11. References 998 11.1. Normative References 1000 [RFC791] Postel, J., "Internet Protocol," RFC 791, Sept. 1981. 1002 [RFC793] Postel, J., "Transmission Control Protocol," RFC 793, 1003 September 1981. 1005 [RFC2018] Mathis, M., J. Mahdavi, S. Floyd, A. Romanow, "TCP 1006 Selective Acknowledgment Options," RFC 2018, Oct. 1996. 1008 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1009 Requirement Levels," BCP 14, RFC 2119, March 1997. 1011 [RFC5925] Touch, J., A. Mankin, R. Bonica, "The TCP Authentication 1012 Option," RFC 5925, June 2010. 1014 [RFC5926] Lebovitz, G., and E. Rescorla, "Cryptographic Algorithms 1015 for the TCP Authentication Option (TCP-AO)," RFC 5925, 1016 June 2010. 1018 [RFC6978] Touch, J., "A TCP Authentication Option Extension for NAT 1019 Traversal," RFC 6978, July 2013. 1021 [RFC7323] Borman, D., B. Braden, V. Jacobson, R. Scheffenegger, Ed., 1022 "TCP Extensions for High Performance," RFC 7323, Sept. 1023 2014. 1025 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1026 2119 Key Words," RFC 2119, May 2017. 1028 [RFC8200] Deering, S., R. Hinden, "Internet Protocol Version 6 1029 (IPv6) Specification," RFC 8200, Jul. 2017. 1031 11.2. Informative References 1033 [RFC2202] Cheng, P., and R. Glenn, "Test Cases for HMAC-MD5 and 1034 HMAC-SHA-1," RFC 2202, Sept. 1997. 1036 [RFC4493] Song, JH, R. Poovendran, J. Lee, T. Iwata, "The AES-CMAC 1037 Algorithm," RFC 4493, June 2006. 1039 [To21] Touch, J., "Sequence Number Extension for Windowed 1040 Protocols," draft-tsvwg-touch-sne, Apr. 2021. 1042 12. Acknowledgments 1044 (TBD) 1046 This document was prepared using 2-Word-v2.0.template.dot. 1048 Authors' Addresses 1050 Joe Touch 1051 Manhattan Beach, CA 90266 USA 1052 Phone: +1 (310) 560-0334 1053 Email: touch@strayalpha.com 1055 Juhamatti Kuusisaari 1056 Infinera Corporation 1057 Sinimaentie 6c 1058 FI-02630 Espoo, Finland 1059 Email: jkuusisaari@infinera.com