idnits 2.17.1 draft-kato-camellia-ctrccm-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** The document seems to lack a License Notice according IETF Trust Provisions of 28 Dec 2009, Section 6.b.ii or Provisions of 12 Sep 2009 Section 6.b -- however, there's a paragraph with a matching beginning. Boilerplate error? (You're using the IETF Trust Provisions' Section 6.b License Notice from 12 Feb 2009 rather than one of the newer Notices. See https://trustee.ietf.org/license-info/.) Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to contain a disclaimer for pre-RFC5378 work, and may have content which was first submitted before 10 November 2008. The disclaimer is necessary when there are original authors that you have been unable to contact, or if some do not wish to grant the BCP78 rights to the IETF Trust. If you are able to get all authors (current and original) to grant those rights, you can and should remove the disclaimer; otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 26, 2009) is 5537 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: '0001' is mentioned on line 918, but not defined == Missing Reference: '0002' is mentioned on line 919, but not defined -- Looks like a reference, but probably isn't: 'Encrypted' on line 921 -- Obsolete informational reference (is this intentional?): RFC 4132 (ref. '7') (Obsoleted by RFC 5932) -- Obsolete informational reference (is this intentional?): RFC 4051 (ref. '9') (Obsoleted by RFC 6931) Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group A. Kato 3 Internet-Draft NTT Software Corporation 4 Intended status: Informational M. Kanda 5 Expires: August 30, 2009 Nippon Telegraph and Telephone 6 Corporation 7 S. Kanno 8 NTT Software Corporation 9 February 26, 2009 11 Camellia Counter mode and Camellia Counter with CBC Mac mode algorithms 12 draft-kato-camellia-ctrccm-05 14 Status of this Memo 16 This Internet-Draft is submitted to IETF in full conformance with the 17 provisions of BCP 78 and BCP 79. This document may contain material 18 from IETF Documents or IETF Contributions published or made publicly 19 available before November 10, 2008. The person(s) controlling the 20 copyright in some of this material may not have granted the IETF 21 Trust the right to allow modifications of such material outside the 22 IETF Standards Process. Without obtaining an adequate license from 23 the person(s) controlling the copyright in such materials, this 24 document may not be modified outside the IETF Standards Process, and 25 derivative works of it may not be created outside the IETF Standards 26 Process, except to format it for publication as an RFC or to 27 translate it into languages other than English. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF), its areas, and its working groups. Note that 31 other groups may also distribute working documents as Internet- 32 Drafts. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 The list of current Internet-Drafts can be accessed at 40 http://www.ietf.org/ietf/1id-abstracts.txt. 42 The list of Internet-Draft Shadow Directories can be accessed at 43 http://www.ietf.org/shadow.html. 45 This Internet-Draft will expire on August 30, 2009. 47 Copyright Notice 48 Copyright (c) 2009 IETF Trust and the persons identified as the 49 document authors. All rights reserved. 51 This document is subject to BCP 78 and the IETF Trust's Legal 52 Provisions Relating to IETF Documents in effect on the date of 53 publication of this document (http://trustee.ietf.org/license-info). 54 Please review these documents carefully, as they describe your rights 55 and restrictions with respect to this document. 57 Abstract 59 This document describes the algorithms and test vectors of Camellia 60 block cipher algorithm in Counter mode and Counter with Cipher Block 61 Chaining MAC mode. The purpose of this document is to make the 62 Camellia-CTR and Camellia-CCM algorithm conveniently available to the 63 Internet Community. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 68 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 69 2. The Camellia Cipher Algorithm . . . . . . . . . . . . . . . . 6 70 2.1. Key Size . . . . . . . . . . . . . . . . . . . . . . . . . 6 71 2.2. Weak Keys . . . . . . . . . . . . . . . . . . . . . . . . 6 72 2.3. Block Size and Padding . . . . . . . . . . . . . . . . . . 6 73 2.4. Performance . . . . . . . . . . . . . . . . . . . . . . . 6 74 3. Modes of Operation . . . . . . . . . . . . . . . . . . . . . . 7 75 4. Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . . 8 76 4.1. Camellia-CTR . . . . . . . . . . . . . . . . . . . . . . . 8 77 4.2. Camellia-CCM . . . . . . . . . . . . . . . . . . . . . . . 10 78 5. Security Considerations . . . . . . . . . . . . . . . . . . . 23 79 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 80 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 25 81 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 26 82 8.1. Normative . . . . . . . . . . . . . . . . . . . . . . . . 26 83 8.2. Informative . . . . . . . . . . . . . . . . . . . . . . . 26 84 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 28 86 1. Introduction 88 This document describes the use of the Camellia block cipher 89 algorithm in Counter (CTR) mode and Counter with CBC-MAC (CCM) mode. 91 Camellia is a symmetric cipher with a Feistel structure. Camellia 92 was developed jointly by NTT and Mitsubishi Electric Corporation in 93 2000. It was designed to withstand all known cryptanalytic attacks, 94 and it has been scrutinized by worldwide cryptographic experts. 95 Camellia is suitable for implementation in software and hardware, 96 offering encryption speed in software and hardware implementations 97 that is comparable to Advanced Encryption Standard (AES) [5]. 99 Camellia supports 128-bit block size and 128-, 192-, and 256-bit key 100 lengths, i.e., the same interface specifications as the AES. 101 Therefore, it is easy to implement Camellia based algorithms by 102 replacing the AES block of AES based algorithms with a Camellia 103 block. 105 Camellia already has been adopted by the IETF and other international 106 standardization organizations; in particular, the IETF has published 107 specifications for the use of Camellia with IPsec [6], TLS [7], 108 S/MIME [8] and XML Securiy [9]. Camellia is one of the three ISO/IEC 109 international standard [10] 128-bit block ciphers (Camellia, AES, and 110 SEED). Camellia was selected as a recommended cryptographic 111 primitive by the EU NESSIE (New European Schemes for Signatures, 112 Integrity and Encryption) project [11] and was included in the list 113 of cryptographic techniques for Japanese e-Government systems that 114 was selected by the Japanese CRYPTREC (Cryptography Research and 115 Evaluation Committees) [12]. 117 Since optimized source code is provided under several open source 118 licenses [13], Camellia has also been adopted by several open source 119 projects (OpenSSL, FreeBSD, Linux, and Firefox). 121 The algorithm specification and object identifiers are described in 122 [1]. 124 The Camellia web site [14] contains a wealth of information about 125 Camellia, including detailed specification, security analysis, 126 performance figures, reference implementation, optimized 127 implementation, test vectors (TVs), and intellectual property 128 information. 130 1.1. Terminology 132 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 133 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 134 document are to be interpreted as described in [2]. 136 All multi-octet values in this document are encoded and represented 137 in network byte order, i.e., most significant octet first. 139 2. The Camellia Cipher Algorithm 141 All symmetric block cipher algorithms share common characteristics 142 and variables, including mode, key size, weak keys, block size, and 143 rounds. The following sections contain descriptions of the relevant 144 characteristics of Camellia. 146 The algorithm specification and object identifiers are described in 147 [1]. 149 2.1. Key Size 151 Camellia supports three key sizes: 128 bits, 192 bits, and 256 bits. 152 The default key size is 128 bits, and all implementations MUST 153 support this key size. Implementations MAY also support key sizes of 154 192 bits and 256 bits. 156 Camellia uses a different number of rounds for each of the defined 157 key sizes. When a 128-bit key is used, implementations MUST use 18 158 rounds. When 192- and 256-bit key are used, implementations MUST use 159 24 rounds. 161 2.2. Weak Keys 163 At the time of writing this document there are no known weak keys for 164 Camellia. 166 2.3. Block Size and Padding 168 Camellia uses a block size of 16 octets (128 bits). 170 Padding is required by the algorithm to maintain a 16-octet (128-bit) 171 block size. Padding MUST be added such that the data to be encrypted 172 has a length that is a multiple of 16 octets. 174 Because of the algorithm specific padding requirement, no additional 175 padding is required to ensure that the ciphertext terminates on a 176 4-octet boundary (i.e. maintaining a 16-octet block size guarantees 177 that the ESP Pad Length and Next Header fields will be right aligned 178 within a 4-octet word). Additional padding MAY be included as long 179 as the 16-octet block size is maintained. 181 2.4. Performance 183 Performance figures for Camellia are available at [14]. The NESSIE 184 project has reported on the performance of optimized implementations 185 independently [11]. 187 3. Modes of Operation 189 Camellia Counter (Camellia-CTR) mode and Camellia Counter with CBC- 190 MAC (Camellia-CCM) mode are based on [3][15][4]. 192 CTR mode [3] behaves like a stream cipher, but is based on a block 193 cipher primitive (that is, CTR mode operation of a block cipher 194 results in a stream cipher). 196 CCM mode [15][4] is a generic authenticate-and-encrypt block cipher 197 mode. In this specification, CCM is used with the Camellia [1] block 198 cipher. 200 4. Test Vectors 202 4.1. Camellia-CTR 204 This section contains nine TVs, which can be used to confirm that an 205 implementation has correctly implemented Camellia-CTR. The first 206 three TVs use Camellia with a 128-bit key; the next three TVs use 207 Camellia with a 192-bit key; and the last three TVs use Camellia with 208 a 256-bit key. 210 TV #1: Encrypting 16 octets using Camellia-CTR with 128-bit key 211 Camellia Key : AE 68 52 F8 12 10 67 CC 4B F7 A5 76 55 77 F3 9E 212 Camellia-CTR IV : 00 00 00 00 00 00 00 00 213 Nonce : 00 00 00 30 214 Plaintext : 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67 215 Counter Block (1): 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01 216 Key Stream (1): 83 F4 AC FD EE 71 41 F8 4C E8 1F 1D FB 72 78 58 217 Ciphertext : D0 9D C2 9A 82 14 61 9A 20 87 7C 76 DB 1F 0B 3F 219 TV #2: Encrypting 32 octets using Camellia-CTR with 128-bit key 220 Camellia Key : 7E 24 06 78 17 FA E0 D7 43 D6 CE 1F 32 53 91 63 221 Camellia-CTR IV : C0 54 3B 59 DA 48 D9 0B 222 Nonce : 00 6C B6 DB 223 Plaintext : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 224 : 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 225 Counter Block (1): 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 01 226 Key Stream (1): DB F2 C5 8E C4 86 90 D3 D2 75 9A 7C 69 B6 C5 4B 227 Counter Block (2): 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 02 228 Key Stream (2): 3B 9F 9C 1C 25 E5 CA B0 34 6D 0D F8 4F 7D FE 57 229 Ciphertext : DB F3 C7 8D C0 83 96 D4 DA 7C 90 77 65 BB CB 44 230 : 2B 8E 8E 0F 31 F0 DC A7 2C 74 17 E3 53 60 E0 48 232 TV #3: Encrypting 36 octets using Camellia-CTR with 128-bit key 233 Camellia Key : 76 91 BE 03 5E 50 20 A8 AC 6E 61 85 29 F9 A0 DC 234 Camellia-CTR IV : 27 77 7F 3F 4A 17 86 F0 235 Nonce : 00 E0 01 7B 236 Plaintext : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 237 : 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 238 : 20 21 22 23 239 Counter Block (1): 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 01 240 Key Stream (1): B1 9C 1D CE CF 70 ED 8F 27 8D 96 E9 41 88 C1 7C 241 Counter Block (2): 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 02 242 Key Stream (2): 8C F7 59 38 48 88 65 E6 57 34 47 86 D2 85 97 D2 243 Counter Block (3): 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 03 244 Key Stream (3): FF 71 A4 B5 D8 86 12 53 6A 9D 10 A1 13 0F 14 F8 245 Ciphertext : B1 9D 1F CD CB 75 EB 88 2F 84 9C E2 4D 85 CF 73 246 : 9C E6 4B 2B 5C 9D 73 F1 4F 2D 5D 9D CE 98 89 CD 247 : DF 50 86 96 249 TV #4: Encrypting 16 octets using Camellia-CTR with 192-bit key 250 Camellia Key : 16 AF 5B 14 5F C9 F5 79 C1 75 F9 3E 3B FB 0E ED 251 : 86 3D 06 CC FD B7 85 15 252 Camellia-CTR IV : 36 73 3C 14 7D 6D 93 CB 253 Nonce : 00 00 00 48 254 Plaintext : 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67 255 Counter Block (1): 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 01 256 Key Stream (1): 70 10 57 F9 E6 E8 0B 49 7A 1F 4C AC AB F3 E5 F1 257 Ciphertext : 23 79 39 9E 8A 8D 2B 2B 16 70 2F C7 8B 9E 96 96 259 TV #5: Encrypting 32 octets using Camellia-CTR with 192-bit key 260 Camellia Key : 7C 5C B2 40 1B 3D C3 3C 19 E7 34 08 19 E0 F6 9C 261 : 67 8C 3D B8 E6 F6 A9 1A 262 Camellia-CTR IV : 02 0C 6E AD C2 CB 50 0D 263 Nonce : 00 96 B0 3B 264 Plaintext : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 265 : 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 266 Counter Block (1): 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 01 267 Key Stream (1): 7D EE 36 F4 A1 D5 E2 12 6F 42 75 F7 A2 6A C9 52 268 Counter Block (2): 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 02 269 Key Stream (2): C0 09 AA 7C E6 25 47 F7 4E 20 30 82 EF 47 52 F2 270 Ciphertext : 7D EF 34 F7 A5 D0 E4 15 67 4B 7F FC AE 67 C7 5D 271 : D0 18 B8 6F F2 30 51 E0 56 39 2A 99 F3 5A 4C ED 273 TV #6: Encrypting 36 octets using Camellia-CTR with 192-bit key 274 Camellia Key : 02 BF 39 1E E8 EC B1 59 B9 59 61 7B 09 65 27 9B 275 : F5 9B 60 A7 86 D3 E0 FE 276 Camellia-CTR IV : 5C BD 60 27 8D CC 09 12 277 Nonce : 00 07 BD FD 278 Plaintext : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 279 : 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 280 : 20 21 22 23 281 Counter Block (1): 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 01 282 Key Stream (1): 57 11 E7 55 E5 4D 7C 27 BD A5 04 78 FD 93 40 77 283 Counter Block (2): 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 02 284 Key Stream (2): 66 E2 6D CF 85 A4 F9 5A 55 B4 F2 FD 7A BB 53 11 285 Counter Block (3): 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 03 286 Key Stream (3): F5 76 89 74 63 52 A8 C5 1E 82 DE 66 C3 9F 38 34 287 Ciphertext : 57 10 E5 56 E1 48 7A 20 B5 AC 0E 73 F1 9E 4E 78 288 : 76 F3 7F DC 91 B1 EF 4D 4D AD E8 E6 66 A6 4D 0E 289 : D5 57 AB 57 291 TV #7: Encrypting 16 octets using Camellia-CTR with 256-bit key 292 Camellia Key : 77 6B EF F2 85 1D B0 6F 4C 8A 05 42 C8 69 6F 6C 293 : 6A 81 AF 1E EC 96 B4 D3 7F C1 D6 89 E6 C1 C1 04 294 Camellia-CTR IV : DB 56 72 C9 7A A8 F0 B2 295 Nonce : 00 00 00 60 296 Plaintext : 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67 297 Counter Block (1): 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 01 298 Key Stream (1): 67 68 97 AF 48 1B DF AC D1 06 F7 1A 6C 76 C8 76 299 Ciphertext : 34 01 F9 C8 24 7E FF CE BD 69 94 71 4C 1B BB 11 301 TV #8: Encrypting 32 octets using Camellia-CTR with 256-bit key 302 Camellia Key : F6 D6 6D 6B D5 2D 59 BB 07 96 36 58 79 EF F8 86 303 : C6 6D D5 1A 5B 6A 99 74 4B 50 59 0C 87 A2 38 84 304 Camellia-CTR IV : C1 58 5E F1 5A 43 D8 75 305 Nonce : 00 FA AC 24 306 Plaintext : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 307 : 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 308 Counter Block (1): 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 01 309 Key Stream (1): D6 C2 01 91 20 6A 7E 0F A0 35 21 29 A4 8E 90 4A 310 Counter Block (2): 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 02 311 Key Stream (2): F5 0D C6 99 08 CA 56 79 A4 85 D8 C8 B7 9E 5F 17 312 Ciphertext : D6 C3 03 92 24 6F 78 08 A8 3C 2B 22 A8 83 9E 45 313 : E5 1C D4 8A 1C DF 40 6E BC 9C C2 D3 AB 83 41 08 315 TV #9: Encrypting 36 octets using Camellia-CTR with 256-bit key 316 Camellia Key : FF 7A 61 7C E6 91 48 E4 F1 72 6E 2F 43 58 1D E2 317 : AA 62 D9 F8 05 53 2E DF F1 EE D6 87 FB 54 15 3D 318 Camellia-CTR IV : 51 A5 1D 70 A1 C1 11 48 319 Nonce : 00 1C C5 B7 320 Plaintext : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 321 : 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 322 : 20 21 22 23 323 Counter Block (1): 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 01 324 Key Stream (1): A4 DB 21 FF E2 A0 F9 AD 65 6D A4 91 0A 5F AA 23 325 Counter Block (2): 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 02 326 Key Stream (2): C1 70 B1 58 71 EC 71 88 6D D9 05 0B 03 6C 39 70 327 Counter Block (3): 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 03 328 Key Stream (3): 35 CE 2F AE 90 78 B3 72 F5 76 12 39 1F 8B AF BF 329 Ciphertext : A4 DA 23 FC E6 A5 FF AA 6D 64 AE 9A 06 52 A4 2C 330 : D1 61 A3 4B 65 F9 67 9F 75 C0 1F 10 1F 71 27 6F 331 : 15 EF 0D 8D 333 4.2. Camellia-CCM 335 This section contains twenty four TVs, which can be used to confirm 336 that an implementation has correctly implemented Camellia-CCM. In 337 each of these TVs, the least significant sixteen bits of the counter 338 block is used for the block counter, and the nonce is 13 octets. 339 Some of the TVs include an eight octet authentication value, and 340 others include a ten octet authentication value. 342 =============== Packet Vector #1 ================== 343 CAM Key: C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF 344 Nonce = 00 00 00 03 02 01 00 A0 A1 A2 A3 A4 A5 345 Total packet length = 31. [Input (8 cleartext header octets)] 346 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 347 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 348 CBC IV in: 59 00 00 00 03 02 01 00 A0 A1 A2 A3 A4 A5 00 17 349 CBC IV out:D4 DB CD 92 A8 96 41 56 1D 0D BB D0 D5 7F 7E 1D 350 After xor: D4 D3 CD 93 AA 95 45 53 1B 0A BB D0 D5 7F 7E 1D [hdr] 351 After CAM: BD 84 03 80 73 59 37 B7 CE F5 E4 BA 1B 18 54 DC 352 After xor: B5 8D 09 8B 7F 54 39 B8 DE E4 F6 A9 0F 0D 42 CB [msg] 353 After CAM: CE 21 82 9C F6 F2 4D A2 CB 35 D1 FD 81 27 63 EC 354 After xor: D6 38 98 87 EA EF 53 A2 CB 35 D1 FD 81 27 63 EC [msg] 355 After CAM: 20 11 FE E2 53 B1 A7 DB 02 77 FA 37 6D 78 EE 10 356 MIC tag : 20 11 FE E2 53 B1 A7 DB 357 CTR Start: 01 00 00 00 03 02 01 00 A0 A1 A2 A3 A4 A5 00 01 358 CTR[0001]: B2 7A 7B 8E EB 14 3F 0B 82 E2 98 4C 06 44 CC 42 359 CTR[0002]: E2 E2 D3 52 98 97 13 45 D1 63 22 90 E7 F8 15 4A 360 CTR[MIC ]: DC BF 30 96 38 8C 1E 76 361 Total packet length = 39. [Encrypted] 362 00 01 02 03 04 05 06 07 BA 73 71 85 E7 19 31 04 363 92 F3 8A 5F 12 51 DA 55 FA FB C9 49 84 8A 0D FC 364 AE CE 74 6B 3D B9 AD 366 =============== Packet Vector #2 ================== 367 CAM Key: C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF 368 Nonce = 00 00 00 04 03 02 01 A0 A1 A2 A3 A4 A5 369 Total packet length = 32. [Input (8 cleartext header octets)] 370 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 371 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 372 CBC IV in: 59 00 00 00 04 03 02 01 A0 A1 A2 A3 A4 A5 00 18 373 CBC IV out:07 0B 22 50 8A 24 3C DD 5B BA 54 DB 60 52 88 06 374 After xor: 07 03 22 51 88 27 38 D8 5D BD 54 DB 60 52 88 06 [hdr] 375 After CAM: 10 FD C2 F2 90 4A 9F 96 B0 4F 62 A4 A1 A9 31 1E 376 After xor: 18 F4 C8 F9 9C 47 91 99 A0 5E 70 B7 B5 BC 27 09 [msg] 377 After CAM: E4 C8 82 02 89 55 5C 15 CE 7F E4 60 B1 B9 5A 08 378 After xor: FC D1 98 19 95 48 42 0A CE 7F E4 60 B1 B9 5A 08 [msg] 379 After CAM: D2 96 BA 4F 83 DE B5 DF A2 19 08 F7 47 4E 3C 40 380 MIC tag : D2 96 BA 4F 83 DE B5 DF 381 CTR Start: 01 00 00 00 04 03 02 01 A0 A1 A2 A3 A4 A5 00 01 382 CTR[0001]: 55 2C 6E B4 82 A2 EF D6 85 37 FE 12 79 0E E6 55 383 CTR[0002]: 54 E2 C8 D6 7E 99 91 2C F2 8A D7 8E 83 04 10 36 384 CTR[MIC ]: B2 24 93 12 71 9C 36 37 385 Total packet length = 40. [Encrypted] 386 00 01 02 03 04 05 06 07 5D 25 64 BF 8E AF E1 D9 387 95 26 EC 01 6D 1B F0 42 4C FB D2 CD 62 84 8F 33 388 60 B2 29 5D F2 42 83 E8 390 =============== Packet Vector #3 ================== 391 CAM Key: C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF 392 Nonce = 00 00 00 05 04 03 02 A0 A1 A2 A3 A4 A5 393 Total packet length = 33. [Input (8 cleartext header octets)] 394 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 395 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 396 20 397 CBC IV in: 59 00 00 00 05 04 03 02 A0 A1 A2 A3 A4 A5 00 19 398 CBC IV out:6F 69 15 DF A6 A0 DF 24 84 A7 37 88 A3 65 F9 2E 399 After xor: 6F 61 15 DE A4 A3 DB 21 82 A0 37 88 A3 65 F9 2E [hdr] 400 After CAM: 59 5D 99 48 79 04 DA C9 13 93 36 C9 11 A8 09 1D 401 After xor: 51 54 93 43 75 09 D4 C6 03 82 24 DA 05 BD 1F 0A [msg] 402 After CAM: 1A 43 D7 19 65 43 97 C1 43 6F 4F 11 A7 6C 6B ED 403 After xor: 02 5A CD 02 79 5E 89 DE 63 6F 4F 11 A7 6C 6B ED [msg] 404 After CAM: 30 0B 06 8A A0 D1 4D C5 9E 44 22 84 82 45 42 0B 405 MIC tag : 30 0B 06 8A A0 D1 4D C5 406 CTR Start: 01 00 00 00 05 04 03 02 A0 A1 A2 A3 A4 A5 00 01 407 CTR[0001]: 89 FF 69 DD CB 75 76 18 E9 31 24 1B AD 97 BB 02 408 CTR[0002]: C4 32 A7 9C CB 4B E9 8D 24 A8 F0 AB C6 87 16 11 409 CTR[MIC ]: C5 5A D0 E2 8F F2 E7 83 410 Total packet length = 41. [Encrypted] 411 00 01 02 03 04 05 06 07 81 F6 63 D6 C7 78 78 17 412 F9 20 36 08 B9 82 AD 15 DC 2B BD 87 D7 56 F7 92 413 04 F5 51 D6 68 2F 23 AA 46 415 =============== Packet Vector #4 ================== 416 CAM Key: C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF 417 Nonce = 00 00 00 06 05 04 03 A0 A1 A2 A3 A4 A5 418 Total packet length = 31. [Input (12 cleartext header octets)] 419 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 420 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 421 CBC IV in: 59 00 00 00 06 05 04 03 A0 A1 A2 A3 A4 A5 00 13 422 CBC IV out:F5 51 CF 6C 7C F7 D4 0B 2B 76 F1 6B 57 F0 19 FE 423 After xor: F5 5D CF 6D 7E F4 D0 0E 2D 71 F9 62 5D FB 19 FE [hdr] 424 After CAM: 02 2B 21 1B EB 97 02 3B F8 10 7D CC 62 14 E5 7C 425 After xor: 0E 26 2F 14 FB 86 10 28 EC 05 6B DB 7A 0D FF 67 [msg] 426 After CAM: 48 14 A4 2D 31 25 1C 37 19 C5 6F DD 5A 37 81 42 427 After xor: 54 09 BA 2D 31 25 1C 37 19 C5 6F DD 5A 37 81 42 [msg] 428 After CAM: CF 85 25 D2 80 D5 F0 09 53 2C 9D 43 4E F3 04 47 429 MIC tag : CF 85 25 D2 80 D5 F0 09 430 CTR Start: 01 00 00 00 06 05 04 03 A0 A1 A2 A3 A4 A5 00 01 431 CTR[0001]: C6 E2 10 8D 62 00 A2 9C 6F CC 19 1F DF 6B 92 DB 432 CTR[0002]: 6C B9 BE EE 1E A2 E9 B3 2D D6 C2 9A E8 26 D5 C2 433 CTR[MIC ]: 44 BF B6 E8 E3 31 67 A9 434 Total packet length = 39. [Encrypted] 435 00 01 02 03 04 05 06 07 08 09 0A 0B CA EF 1E 82 436 72 11 B0 8F 7B D9 0F 08 C7 72 88 C0 70 A4 A0 8B 437 3A 93 3A 63 E4 97 A0 439 =============== Packet Vector #5 ================== 440 CAM Key: C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF 441 Nonce = 00 00 00 07 06 05 04 A0 A1 A2 A3 A4 A5 442 Total packet length = 32. [Input (12 cleartext header octets)] 443 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 444 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 445 CBC IV in: 59 00 00 00 07 06 05 04 A0 A1 A2 A3 A4 A5 00 14 446 CBC IV out:73 72 9D 76 7A BD B9 82 60 3A 12 7B EF 26 FB 80 447 After xor: 73 7E 9D 77 78 BE BD 87 66 3D 1A 72 E5 2D FB 80 [hdr] 448 After CAM: E1 B7 A6 72 E2 5C 87 75 91 21 22 A4 07 13 CD 5B 449 After xor: ED BA A8 7D F2 4D 95 66 85 34 34 B3 1F 0A D7 40 [msg] 450 After CAM: 13 2F 58 D9 5D 0F 95 B8 90 BF 6F 1D 31 84 54 C7 451 After xor: 0F 32 46 C6 5D 0F 95 B8 90 BF 6F 1D 31 84 54 C7 [msg] 452 After CAM: 47 8F 1E B0 71 24 8B 13 AF C8 C8 44 E6 0F 88 B6 453 MIC tag : 47 8F 1E B0 71 24 8B 13 454 CTR Start: 01 00 00 00 07 06 05 04 A0 A1 A2 A3 A4 A5 00 01 455 CTR[0001]: 26 DE B4 D6 5F D4 3C 81 AA 56 98 95 64 09 39 A2 456 CTR[0002]: 76 97 69 3A 21 13 0C 39 2E 4E EB BF 48 7B 24 BE 457 CTR[MIC ]: C8 2E 65 17 82 15 50 1A 458 Total packet length = 40. [Encrypted] 459 00 01 02 03 04 05 06 07 08 09 0A 0B 2A D3 BA D9 460 4F C5 2E 92 BE 43 8E 82 7C 10 23 B9 6A 8A 77 25 461 8F A1 7B A7 F3 31 DB 09 463 =============== Packet Vector #6 ================== 464 CAM Key: C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF 465 Nonce = 00 00 00 08 07 06 05 A0 A1 A2 A3 A4 A5 466 Total packet length = 33. [Input (12 cleartext header octets)] 467 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 468 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 469 20 470 CBC IV in: 59 00 00 00 08 07 06 05 A0 A1 A2 A3 A4 A5 00 15 471 CBC IV out:EB 59 05 CC 3F 52 61 10 26 24 75 93 DD B9 A0 F4 472 After xor: EB 55 05 CD 3D 51 65 15 20 23 7D 9A D7 B2 A0 F4 [hdr] 473 After CAM: 18 A9 AE A4 3D D2 A9 11 6C 0A E5 4F 40 D1 4D 9F 474 After xor: 14 A4 A0 AB 2D C3 BB 02 78 1F F3 58 58 C8 57 84 [msg] 475 After CAM: FA C4 13 18 98 54 1B 54 93 9C 64 B8 CB FD 5B 18 476 After xor: E6 D9 0D 07 B8 54 1B 54 93 9C 64 B8 CB FD 5B 18 [msg] 477 After CAM: 49 E6 E8 ED 32 FB CA 2F 2E 55 CD AF D0 F2 B3 05 478 MIC tag : 49 E6 E8 ED 32 FB CA 2F 479 CTR Start: 01 00 00 00 08 07 06 05 A0 A1 A2 A3 A4 A5 00 01 480 CTR[0001]: F2 A8 46 04 B5 2E BA C0 D7 51 34 BD D6 54 FC 64 481 CTR[0002]: E6 26 A9 24 8B E6 86 CB 92 D6 FB FC 2E F2 91 98 482 CTR[MIC ]: E2 D0 49 03 7D 1B 34 07 483 Total packet length = 41. [Encrypted] 484 00 01 02 03 04 05 06 07 08 09 0A 0B FE A5 48 0B 485 A5 3F A8 D3 C3 44 22 AA CE 4D E6 7F FA 3B B7 3B 486 AB AB 36 A1 EE 4F E0 FE 28 488 =============== Packet Vector #7 ================== 489 CAM Key: C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF 490 Nonce = 00 00 00 09 08 07 06 A0 A1 A2 A3 A4 A5 491 Total packet length = 31. [Input (8 cleartext header octets)] 492 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 493 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 494 CBC IV in: 61 00 00 00 09 08 07 06 A0 A1 A2 A3 A4 A5 00 17 495 CBC IV out:AC F1 5D 79 99 1A 15 BF 5C DC F6 C4 45 AE 1F CB 496 After xor: AC F9 5D 78 9B 19 11 BA 5A DB F6 C4 45 AE 1F CB [hdr] 497 After CAM: E9 C0 AC FD C7 E8 E7 1D FA E8 8B 66 95 9E 01 45 498 After xor: E1 C9 A6 F6 CB E5 E9 12 EA F9 99 75 81 8B 17 52 [msg] 499 After CAM: 9C FF ED 72 09 A6 7D 2A 48 B7 29 BF D8 BE 39 59 500 After xor: 84 E6 F7 69 15 BB 63 2A 48 B7 29 BF D8 BE 39 59 [msg] 501 After CAM: 4F 41 FA DE B2 58 F3 32 54 0A 55 7A 80 4A A3 F5 502 MIC tag : 4F 41 FA DE B2 58 F3 32 54 0A 503 CTR Start: 01 00 00 00 09 08 07 06 A0 A1 A2 A3 A4 A5 00 01 504 CTR[0001]: 5C 5A 2A 2D E9 41 1F 95 9D 27 CB FF 7A 0B CF 63 505 CTR[0002]: 0E D1 6A 97 57 41 32 4F 33 1B 4A 42 B1 4A 54 63 506 CTR[MIC ]: E3 EE 59 62 7D 22 BD 8D C1 79 507 Total packet length = 41. [Encrypted] 508 00 01 02 03 04 05 06 07 54 53 20 26 E5 4C 11 9A 509 8D 36 D9 EC 6E 1E D9 74 16 C8 70 8C 4B 5C 2C AC 510 AF A3 BC CF 7A 4E BF 95 73 512 =============== Packet Vector #8 ================== 513 CAM Key: C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF 514 Nonce = 00 00 00 0A 09 08 07 A0 A1 A2 A3 A4 A5 515 Total packet length = 32. [Input (8 cleartext header octets)] 516 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 517 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 518 CBC IV in: 61 00 00 00 0A 09 08 07 A0 A1 A2 A3 A4 A5 00 18 519 CBC IV out:AD CA 1C 1D 45 E7 E2 62 58 D5 DA 46 D8 2F 69 3A 520 After xor: AD C2 1C 1C 47 E4 E6 67 5E D2 DA 46 D8 2F 69 3A [hdr] 521 After CAM: FA DE 0E B4 3E CA C1 E9 69 BB 8C A4 7C 0D 80 8F 522 After xor: F2 D7 04 BF 32 C7 CF E6 79 AA 9E B7 68 18 96 98 [msg] 523 After CAM: D2 87 35 C2 D0 E4 AE 4E BC C2 99 FF B3 77 F8 A1 524 After xor: CA 9E 2F D9 CC F9 B0 51 BC C2 99 FF B3 77 F8 A1 [msg] 525 After CAM: BD F6 FB 55 9E 90 C0 E7 DF 4B 0C 37 DC 42 32 A2 526 MIC tag : BD F6 FB 55 9E 90 C0 E7 DF 4B 527 CTR Start: 01 00 00 00 0A 09 08 07 A0 A1 A2 A3 A4 A5 00 01 528 CTR[0001]: 82 D8 91 0B 16 8A DF 47 E4 C8 39 FC 20 47 4A DB 529 CTR[0002]: FB BF 26 7E 0E BB EB 6A 07 4E 29 CF 3D 12 E6 DB 530 CTR[MIC ]: CE 7E 1F C4 A0 61 87 E6 2B 0A 531 Total packet length = 42. [Encrypted] 532 00 01 02 03 04 05 06 07 8A D1 9B 00 1A 87 D1 48 533 F4 D9 2B EF 34 52 5C CC E3 A6 3C 65 12 A6 F5 75 534 73 88 E4 91 3E F1 47 01 F4 41 536 =============== Packet Vector #9 ================== 537 CAM Key: C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF 538 Nonce = 00 00 00 0B 0A 09 08 A0 A1 A2 A3 A4 A5 539 Total packet length = 33. [Input (8 cleartext header octets)] 540 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 541 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 542 20 543 CBC IV in: 61 00 00 00 0B 0A 09 08 A0 A1 A2 A3 A4 A5 00 19 544 CBC IV out:D0 A9 A5 94 00 63 86 40 11 0D DB 40 CA F8 4A 9C 545 After xor: D0 A1 A5 95 02 60 82 45 17 0A DB 40 CA F8 4A 9C [hdr] 546 After CAM: 7B CA 4E 2D 79 82 0D 1E 15 22 DD E8 37 B9 B1 F0 547 After xor: 73 C3 44 26 75 8F 03 11 05 33 CF FB 23 AC A7 E7 [msg] 548 After CAM: 6B 75 9F 83 C0 8F 56 64 F2 FA D5 7F 67 01 B8 21 549 After xor: 73 6C 85 98 DC 92 48 7B D2 FA D5 7F 67 01 B8 21 [msg] 550 After CAM: 7D B7 BE FF 72 F3 26 74 9E 20 07 28 1E 5B 1A 8A 551 MIC tag : 7D B7 BE FF 72 F3 26 74 9E 20 552 CTR Start: 01 00 00 00 0B 0A 09 08 A0 A1 A2 A3 A4 A5 00 01 553 CTR[0001]: 55 B9 87 69 4C 73 60 3E C6 1E 8E B1 D2 11 62 36 554 CTR[0002]: 82 D9 A4 4B DC C9 BB 68 A7 FE 15 A5 19 51 57 87 555 CTR[MIC ]: E9 61 5C CF BF D6 EF 8A 21 A7 556 Total packet length = 43. [Encrypted] 557 00 01 02 03 04 05 06 07 5D B0 8D 62 40 7E 6E 31 558 D6 0F 9C A2 C6 04 74 21 9A C0 BE 50 C0 D4 A5 77 559 87 94 D6 E2 30 CD 25 C9 FE BF 87 561 =============== Packet Vector #10 ================== 562 CAM Key: C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF 563 Nonce = 00 00 00 0C 0B 0A 09 A0 A1 A2 A3 A4 A5 564 Total packet length = 31. [Input (12 cleartext header octets)] 565 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 566 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 567 CBC IV in: 61 00 00 00 0C 0B 0A 09 A0 A1 A2 A3 A4 A5 00 13 568 CBC IV out:B1 85 73 A3 1C 6F EC 01 90 E3 CE 94 27 11 04 B9 569 After xor: B1 89 73 A2 1E 6C E8 04 96 E4 C6 9D 2D 1A 04 B9 [hdr] 570 After CAM: A6 AD EA 9C FA 3F 76 78 4C 17 8A F3 DC 69 F0 82 571 After xor: AA A0 E4 93 EA 2E 64 6B 58 02 9C E4 C4 70 EA 99 [msg] 572 After CAM: 35 50 B7 27 78 F8 C6 BF 02 4B 65 60 05 C0 E1 ED 573 After xor: 29 4D A9 27 78 F8 C6 BF 02 4B 65 60 05 C0 E1 ED [msg] 574 After CAM: 3D B5 A6 E6 85 AF 1C 58 80 B0 32 2E 01 74 91 FC 575 MIC tag : 3D B5 A6 E6 85 AF 1C 58 80 B0 576 CTR Start: 01 00 00 00 0C 0B 0A 09 A0 A1 A2 A3 A4 A5 00 01 577 CTR[0001]: D7 1C 82 C1 D1 A9 64 0F 93 69 CE 81 22 7E CC E8 578 CTR[0002]: A7 A1 42 44 32 4E 69 FE 4C D0 36 65 A5 31 0B AB 579 CTR[MIC ]: ED 27 3F 0D 94 5C 0E AA B2 87 580 Total packet length = 41. [Encrypted] 581 00 01 02 03 04 05 06 07 08 09 0A 0B DB 11 8C CE 582 C1 B8 76 1C 87 7C D8 96 3A 67 D6 F3 BB BC 5C D0 583 92 99 EB 11 F3 12 F2 32 37 585 =============== Packet Vector #11 ================== 586 CAM Key: C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF 587 Nonce = 00 00 00 0D 0C 0B 0A A0 A1 A2 A3 A4 A5 588 Total packet length = 32. [Input (12 cleartext header octets)] 589 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 590 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 591 CBC IV in: 61 00 00 00 0D 0C 0B 0A A0 A1 A2 A3 A4 A5 00 14 592 CBC IV out:45 DF B5 07 6F BB 10 EA F1 15 15 AD 21 4F B0 0E 593 After xor: 45 D3 B5 06 6D B8 14 EF F7 12 1D A4 2B 44 B0 0E [hdr] 594 After CAM: 17 52 F9 6D DD BC 5B 1C 1E EB 80 FC F6 10 AC 03 595 After xor: 1B 5F F7 62 CD AD 49 0F 0A FE 96 EB EE 09 B6 18 [msg] 596 After CAM: BE F0 A0 B9 EC 94 B6 B3 E8 EC 1B 82 14 14 09 87 597 After xor: A2 ED BE A6 EC 94 B6 B3 E8 EC 1B 82 14 14 09 87 [msg] 598 After CAM: 70 16 E4 F9 C4 2C 30 10 84 BF EC 69 34 89 91 FD 599 MIC tag : 70 16 E4 F9 C4 2C 30 10 84 BF 600 CTR Start: 01 00 00 00 0D 0C 0B 0A A0 A1 A2 A3 A4 A5 00 01 601 CTR[0001]: 70 C5 33 82 D4 80 11 41 4F 5D 2B D2 D2 67 B3 B0 602 CTR[0002]: 9D 36 6E 49 39 C5 16 76 5C 1C 25 12 81 79 94 70 603 CTR[MIC ]: 77 8B 4B 03 1E 3A FC DF A8 F1 604 Total packet length = 42. [Encrypted] 605 00 01 02 03 04 05 06 07 08 09 0A 0B 7C C8 3D 8D 606 C4 91 03 52 5B 48 3D C5 CA 7E A9 AB 81 2B 70 56 607 07 9D AF FA DA 16 CC CF 2C 4E 609 =============== Packet Vector #12 ================== 610 CAM Key: C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF 611 Nonce = 00 00 00 0E 0D 0C 0B A0 A1 A2 A3 A4 A5 612 Total packet length = 33. [Input (12 cleartext header octets)] 613 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 614 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 615 20 616 CBC IV in: 61 00 00 00 0E 0D 0C 0B A0 A1 A2 A3 A4 A5 00 15 617 CBC IV out:81 E4 EB 1E 50 A9 70 CE 18 CA 1A 4B 68 39 80 2E 618 After xor: 81 E8 EB 1F 52 AA 74 CB 1E CD 12 42 62 32 80 2E [hdr] 619 After CAM: 04 AB D9 62 34 B9 8F 32 8C 0F 08 3F 3D 87 9D 57 620 After xor: 08 A6 D7 6D 24 A8 9D 21 98 1A 1E 28 25 9E 87 4C [msg] 621 After CAM: BD A2 EA CB 3A DA 6A E7 9F BB C2 2C E6 4C 98 89 622 After xor: A1 BF F4 D4 1A DA 6A E7 9F BB C2 2C E6 4C 98 89 [msg] 623 After CAM: B6 FC E1 46 D3 EA DC 91 E0 AB 10 AD D8 55 E7 03 624 MIC tag : B6 FC E1 46 D3 EA DC 91 E0 AB 625 CTR Start: 01 00 00 00 0E 0D 0C 0B A0 A1 A2 A3 A4 A5 00 01 626 CTR[0001]: 20 DE 55 87 30 C3 2C 69 B7 44 A6 FE 37 DE 89 7C 627 CTR[0002]: 3F 96 32 D8 68 6D C2 B5 22 97 42 27 EB F9 26 5E 628 CTR[MIC ]: 7D 45 AD 6F 94 93 E1 F5 4F DE 629 Total packet length = 43. [Encrypted] 630 00 01 02 03 04 05 06 07 08 09 0A 0B 2C D3 5B 88 631 20 D2 3E 7A A3 51 B0 E9 2F C7 93 67 23 8B 2C C7 632 48 CB B9 4C 29 47 79 3D 64 AF 75 634 =============== Packet Vector #13 ================== 635 CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD 636 Nonce = 00 A9 70 11 0E 19 27 B1 60 B6 A3 1C 1C 637 Total packet length = 31. [Input (8 cleartext header octets)] 638 6B 7F 46 45 07 FA E4 96 C6 B5 F3 E6 CA 23 11 AE 639 F7 47 2B 20 3E 73 5E A5 61 AD B1 7D 56 C5 A3 640 CBC IV in: 59 00 A9 70 11 0E 19 27 B1 60 B6 A3 1C 1C 00 17 641 CBC IV out:D7 24 B0 0F B1 87 04 C6 C1 4E 90 37 AA F2 F1 F9 642 After xor: D7 2C DB 70 F7 C2 03 3C 25 D8 90 37 AA F2 F1 F9 [hdr] 643 After CAM: 9B 13 6D E3 D9 9F C3 6D 7D 0D B7 D8 A1 BF E9 BD 644 After xor: 5D A6 9E 05 13 BC D2 C3 8A 4A 9C F8 9F CC B7 18 [msg] 645 After CAM: F8 BF 25 7D 23 F8 D9 B5 82 E6 C9 3E C8 9B 85 73 646 After xor: 99 12 94 00 75 3D 7A B5 82 E6 C9 3E C8 9B 85 73 [msg] 647 After CAM: D9 D6 62 21 6D B2 CA FD 1F C6 FE 9D 2C AF 5B 69 648 MIC tag : D9 D6 62 21 6D B2 CA FD 649 CTR Start: 01 00 A9 70 11 0E 19 27 B1 60 B6 A3 1C 1C 00 01 650 CTR[0001]: 62 80 24 C1 FE AE CC 8C 67 38 55 98 CB 8E E5 E8 651 CTR[0002]: F2 30 17 2F 1B 71 55 9F 8B CE 79 E5 13 01 FC 6A 652 CTR[MIC ]: 9C 8E A2 0C 48 03 ED 13 653 Total packet length = 39. [Encrypted] 654 6B 7F 46 45 07 FA E4 96 A4 35 D7 27 34 8D DD 22 655 90 7F 7E B8 F5 FD BB 4D 93 9D A6 52 4D B4 F6 45 656 58 C0 2D 25 B1 27 EE 658 =============== Packet Vector #14 ================== 659 CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD 660 Nonce = 00 83 CD 8C E0 CB 42 B1 60 B6 A3 1C 1C 661 Total packet length = 32. [Input (8 cleartext header octets)] 662 98 66 05 B4 3D F1 5D E7 01 F6 CE 67 64 C5 74 48 663 3B B0 2E 6B BF 1E 0A BD 26 A2 25 72 B4 D8 0E E7 664 CBC IV in: 59 00 83 CD 8C E0 CB 42 B1 60 B6 A3 1C 1C 00 18 665 CBC IV out:A0 8A 29 78 36 23 1D 84 96 76 93 FF 0A 4C 92 7A 666 After xor: A0 82 B1 1E 33 97 20 75 CB 91 93 FF 0A 4C 92 7A [hdr] 667 After CAM: 8C F5 F4 23 BF 09 1C 74 CD 47 00 C1 32 5D 5C 92 668 After xor: 8D 03 3A 44 DB CC 68 3C F6 F7 2E AA 8D 43 56 2F [msg] 669 After CAM: 69 DA 48 24 41 1E AC 8E A9 0A CD 8B DD 00 2B 9A 670 After xor: 4F 78 6D 56 F5 C6 A2 69 A9 0A CD 8B DD 00 2B 9A [msg] 671 After CAM: C2 03 3B 08 6D B3 CB 3B 2C C8 5D E7 76 A1 C0 44 672 MIC tag : C2 03 3B 08 6D B3 CB 3B 673 CTR Start: 01 00 83 CD 8C E0 CB 42 B1 60 B6 A3 1C 1C 00 01 674 CTR[0001]: 8B 16 9C 37 EB 7B BE DB 15 84 41 6E 5F C2 07 46 675 CTR[0002]: E9 31 BB DD 4E E6 56 9B 68 95 13 5F AB A4 DF EF 676 CTR[MIC ]: 44 7E 55 14 25 C3 F3 3D 677 Total packet length = 40. [Encrypted] 678 98 66 05 B4 3D F1 5D E7 8A E0 52 50 8F BE CA 93 679 2E 34 6F 05 E0 DC 0D FB CF 93 9E AF FA 3E 58 7C 680 86 7D 6E 1C 48 70 38 06 682 =============== Packet Vector #15 ================== 683 CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD 684 Nonce = 00 5F 54 95 0B 18 F2 B1 60 B6 A3 1C 1C 685 Total packet length = 33. [Input (8 cleartext header octets)] 686 48 F2 E7 E1 A7 67 1A 51 CD F1 D8 40 6F C2 E9 01 687 49 53 89 70 05 FB FB 8B A5 72 76 F9 24 04 60 8E 688 08 689 CBC IV in: 59 00 5F 54 95 0B 18 F2 B1 60 B6 A3 1C 1C 00 19 690 CBC IV out:76 74 53 37 95 23 3C F0 EB 77 CE 93 73 06 99 A8 691 After xor: 76 7C 1B C5 72 C2 9B 97 F1 26 CE 93 73 06 99 A8 [hdr] 692 After CAM: EF 79 8B 70 34 E4 D5 6B 57 3A F9 44 F0 AF D6 9A 693 After xor: 22 88 53 30 5B 26 3C 6A 1E 69 70 34 F5 54 2D 11 [msg] 694 After CAM: 63 BF 4E 10 01 79 38 0B E4 EC C1 39 B2 B4 3B 8C 695 After xor: C6 CD 38 E9 25 7D 58 85 EC EC C1 39 B2 B4 3B 8C [msg] 696 After CAM: 39 E1 0E FA BD 2F 43 00 50 9E E7 EB A4 FF 6B 8F 697 MIC tag : 39 E1 0E FA BD 2F 43 00 698 CTR Start: 01 00 5F 54 95 0B 18 F2 B1 60 B6 A3 1C 1C 00 01 699 CTR[0001]: C5 47 A6 A2 73 49 1B 6F 0E 6D C9 F5 9C 12 3B 08 700 CTR[0002]: C8 18 86 42 3C DB 35 C8 64 4D 8C 4C 58 01 47 27 701 CTR[MIC ]: 91 E9 76 5D 2D 68 2E E5 702 Total packet length = 41. [Encrypted] 703 48 F2 E7 E1 A7 67 1A 51 08 B6 7E E2 1C 8B F2 6E 704 47 3E 40 85 99 E9 C0 83 6D 6A F0 BB 18 DF 55 46 705 6C A8 08 78 A7 90 47 6D E5 707 =============== Packet Vector #16 ================== 708 CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD 709 Nonce = 00 EC 60 08 63 31 9A B1 60 B6 A3 1C 1C 710 Total packet length = 31. [Input (12 cleartext header octets)] 711 DE 97 DF 3B 8C BD 6D 8E 50 30 DA 4C B0 05 DC FA 712 0B 59 18 14 26 A9 61 68 5A 99 3D 8C 43 18 5B 713 CBC IV in: 59 00 EC 60 08 63 31 9A B1 60 B6 A3 1C 1C 00 13 714 CBC IV out:78 EE 05 5A 88 48 E3 5B 8A 45 46 8F 35 4F 0C A2 715 After xor: 78 E2 DB CD 57 73 6F E6 E7 CB 16 BF EF 03 0C A2 [hdr] 716 After CAM: A9 C6 7F 15 00 1A C6 92 81 67 BD EC DF D2 35 C9 717 After xor: 19 C3 A3 EF 0B 43 DE 86 A7 CE DC 84 85 4B 08 45 [msg] 718 After CAM: 7C A8 9C 90 46 42 4B E2 4D 96 DF CF BA 12 FD 18 719 After xor: 3F B0 C7 90 46 42 4B E2 4D 96 DF CF BA 12 FD 18 [msg] 720 After CAM: 89 C7 B4 E8 A4 24 8C 6C 52 ED 34 50 E3 53 AD F5 721 MIC tag : 89 C7 B4 E8 A4 24 8C 6C 722 CTR Start: 01 00 EC 60 08 63 31 9A B1 60 B6 A3 1C 1C 00 01 723 CTR[0001]: D3 B2 57 B3 6C E8 86 CF 91 9A AC 79 4E 6F 73 3E 724 CTR[0002]: 65 10 C8 72 39 AF 0F 52 9F D0 A4 DF 54 BF D6 EB 725 CTR[MIC ]: E1 04 E0 6A 29 B1 80 A9 726 Total packet length = 39. [Encrypted] 727 DE 97 DF 3B 8C BD 6D 8E 50 30 DA 4C 63 B7 8B 49 728 67 B1 9E DB B7 33 CD 11 14 F6 4E B2 26 08 93 68 729 C3 54 82 8D 95 0C C5 731 =============== Packet Vector #17 ================== 732 CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD 733 Nonce = 00 60 CF F1 A3 1E A1 B1 60 B6 A3 1C 1C 734 Total packet length = 32. [Input (12 cleartext header octets)] 735 A5 EE 93 E4 57 DF 05 46 6E 78 2D CF 2E 20 21 12 736 98 10 5F 12 9D 5E D9 5B 93 F7 2D 30 B2 FA CC D7 737 CBC IV in: 59 00 60 CF F1 A3 1E A1 B1 60 B6 A3 1C 1C 00 14 738 CBC IV out:C3 34 69 7D 11 38 73 06 BD 34 E2 10 1F 66 17 E8 739 After xor: C3 38 CC 93 82 DC 24 D9 B8 72 8C 68 32 A9 17 E8 [hdr] 740 After CAM: 43 6F 37 74 AB 94 3B 41 EA AD 00 CA C3 99 13 7B 741 After xor: 6D 4F 16 66 33 84 64 53 77 F3 D9 91 50 6E 3E 4B [msg] 742 After CAM: 2D 28 FB 62 DA 06 97 A7 4C D4 31 B8 B5 AE AE EE 743 After xor: 9F D2 37 B5 DA 06 97 A7 4C D4 31 B8 B5 AE AE EE [msg] 744 After CAM: F3 DE 10 CD 91 4D B1 B6 CC 37 F0 A2 4A 5A B7 A1 745 MIC tag : F3 DE 10 CD 91 4D B1 B6 746 CTR Start: 01 00 60 CF F1 A3 1E A1 B1 60 B6 A3 1C 1C 00 01 747 CTR[0001]: 25 E6 9A F0 30 A9 56 E6 FF C0 3F 87 87 7A 89 74 748 CTR[0002]: A2 1B 46 23 76 A2 1E DD F2 AC 4B EC 42 95 3D D3 749 CTR[MIC ]: C2 99 28 FF E7 BB DB 29 750 Total packet length = 40. [Encrypted] 751 A5 EE 93 E4 57 DF 05 46 6E 78 2D CF 0B C6 BB E2 752 A8 B9 09 F4 62 9E E6 DC 14 8D A4 44 10 E1 8A F4 753 31 47 38 32 76 F6 6A 9F 755 =============== Packet Vector #18 ================== 756 CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD 757 Nonce = 00 0F 85 CD 99 5C 97 B1 60 B6 A3 1C 1C 758 Total packet length = 33. [Input (12 cleartext header octets)] 759 24 AA 1B F9 A5 CD 87 61 82 A2 50 74 26 45 94 1E 760 75 63 2D 34 91 AF 0F C0 C9 87 6C 3B E4 AA 74 68 761 C9 762 CBC IV in: 59 00 0F 85 CD 99 5C 97 B1 60 B6 A3 1C 1C 00 15 763 CBC IV out:72 0A 46 75 0F 40 59 53 F2 3B D2 1F 6A 11 60 F6 764 After xor: 72 06 62 DF 14 B9 FC 9E 75 5A 50 BD 3A 65 60 F6 [hdr] 765 After CAM: 67 73 A0 FD D5 7E D3 5E E8 24 06 D0 A1 8B 0E 18 766 After xor: 41 36 34 E3 A0 1D FE 6A 79 8B 09 10 68 0C 62 23 [msg] 767 After CAM: BB 1E D8 9F 60 29 D0 99 09 14 06 A5 E3 8B 72 7B 768 After xor: 5F B4 AC F7 A9 29 D0 99 09 14 06 A5 E3 8B 72 7B [msg] 769 After CAM: 3E 4F 40 73 D1 31 E9 B8 02 C8 99 BC FD AC 19 4B 770 MIC tag : 3E 4F 40 73 D1 31 E9 B8 771 CTR Start: 01 00 0F 85 CD 99 5C 97 B1 60 B6 A3 1C 1C 00 01 772 CTR[0001]: 04 6F 42 2C 8F 52 FB 9B 06 A3 3B 9F B7 F0 A6 00 773 CTR[0002]: 34 76 51 DB 89 10 FB E6 73 E8 56 6E DB 66 47 5D 774 CTR[MIC ]: 9F EC 93 6C 5C 7A AD 0F 775 Total packet length = 41. [Encrypted] 776 24 AA 1B F9 A5 CD 87 61 82 A2 50 74 22 2A D6 32 777 FA 31 D6 AF 97 0C 34 5F 7E 77 CA 3B D0 DC 25 B3 778 40 A1 A3 D3 1F 8D 4B 44 B7 780 =============== Packet Vector #19 ================== 781 CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD 782 Nonce = 00 C2 9B 2C AA C4 CD B1 60 B6 A3 1C 1C 783 Total packet length = 31. [Input (8 cleartext header octets)] 784 69 19 46 B9 CA 07 BE 87 07 01 35 A6 43 7C 9D B1 785 20 CD 61 D8 F6 C3 9C 3E A1 25 FD 95 A0 D2 3D 786 CBC IV in: 61 00 C2 9B 2C AA C4 CD B1 60 B6 A3 1C 1C 00 17 787 CBC IV out:74 AD F8 04 05 2A 48 E7 46 97 38 D5 BA A1 27 79 788 After xor: 74 A5 91 1D 43 93 82 E0 F8 10 38 D5 BA A1 27 79 [hdr] 789 After CAM: BD C3 B1 41 1C 64 C8 B3 A9 DC 6A 94 78 97 88 E2 790 After xor: BA C2 84 E7 5F 18 55 02 89 11 0B 4C 8E 54 14 DC [msg] 791 After CAM: 7D 6C 8A BF AD 68 48 D8 C5 FB CD 1E AF F2 44 99 792 After xor: DC 49 77 2A 0D BA 75 D8 C5 FB CD 1E AF F2 44 99 [msg] 793 After CAM: 19 99 AB 92 5E 30 46 96 3D EF FB 1B 4C 87 F7 76 794 MIC tag : 19 99 AB 92 5E 30 46 96 3D EF 795 CTR Start: 01 00 C2 9B 2C AA C4 CD B1 60 B6 A3 1C 1C 00 01 796 CTR[0001]: 02 B9 D4 1F 87 E0 60 E7 EF DE 6B 7E D3 DE 5E D2 797 CTR[0002]: 61 49 31 C5 2F 34 AA 47 A3 E4 D3 2C 0B 36 41 C6 798 CTR[MIC ]: B9 9F C6 C5 96 7B AA 8E 1A 87 799 Total packet length = 41. [Encrypted] 800 69 19 46 B9 CA 07 BE 87 05 B8 E1 B9 C4 9C FD 56 801 CF 13 0A A6 25 1D C2 EC C0 6C CC 50 8F E6 97 A0 802 06 6D 57 C8 4B EC 18 27 68 804 =============== Packet Vector #20 ================== 805 CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD 806 Nonce = 00 2C 6B 75 95 EE 62 B1 60 B6 A3 1C 1C 807 Total packet length = 32. [Input (8 cleartext header octets)] 808 D0 C5 4E CB 84 62 7D C4 C8 C0 88 0E 6C 63 6E 20 809 09 3D D6 59 42 17 D2 E1 88 77 DB 26 4E 71 A5 CC 810 CBC IV in: 61 00 2C 6B 75 95 EE 62 B1 60 B6 A3 1C 1C 00 18 811 CBC IV out:35 A9 48 70 F9 B0 C7 85 FB 32 1A D1 3C 8C A4 9A 812 After xor: 35 A1 98 B5 B7 7B 43 E7 86 F6 1A D1 3C 8C A4 9A [hdr] 813 After CAM: 0A 3C E3 0F AC 09 DC 5C 00 10 5C 69 AC 19 F7 19 814 After xor: C2 FC 6B 01 C0 6A B2 7C 09 2D 8A 30 EE 0E 25 F8 [msg] 815 After CAM: 61 CD 80 D0 72 E6 84 E1 BF E1 4A 00 27 2A 4D 96 816 After xor: E9 BA 5B F6 3C 97 21 2D BF E1 4A 00 27 2A 4D 96 [msg] 817 After CAM: E5 F9 F2 AB 47 FD 7B 8D 6F 72 F4 72 74 D7 69 BB 818 MIC tag : E5 F9 F2 AB 47 FD 7B 8D 6F 72 819 CTR Start: 01 00 2C 6B 75 95 EE 62 B1 60 B6 A3 1C 1C 00 01 820 CTR[0001]: 9C 0E 31 66 B2 81 58 31 5E 63 16 5A 9D BD CE 35 821 CTR[0002]: 00 3E 66 D3 E0 5F 7E A7 EF C8 9A 5F DD 39 E3 54 822 CTR[MIC ]: 9A 5E 87 1A 17 10 38 0E AA DB 823 Total packet length = 42. [Encrypted] 824 D0 C5 4E CB 84 62 7D C4 54 CE B9 68 DE E2 36 11 825 57 5E C0 03 DF AA 1C D4 88 49 BD F5 AE 2E DB 6B 826 7F A7 75 B1 50 ED 43 83 C5 A9 828 =============== Packet Vector #21 ================== 829 CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD 830 Nonce = 00 C5 3C D4 C2 AA 24 B1 60 B6 A3 1C 1C 831 Total packet length = 33. [Input (8 cleartext header octets)] 832 E2 85 E0 E4 80 8C DA 3D F7 5D AA 07 10 C4 E6 42 833 97 79 4D C2 B7 D2 A2 07 57 B1 AA 4E 44 80 02 FF 834 AB 835 CBC IV in: 61 00 C5 3C D4 C2 AA 24 B1 60 B6 A3 1C 1C 00 19 836 CBC IV out:2A 3C 23 B2 43 F5 1C 35 F7 79 5A CB 3B 20 21 2F 837 After xor: 2A 34 C1 37 A3 11 9C B9 2D 44 5A CB 3B 20 21 2F [hdr] 838 After CAM: A1 7E AD 4C EE AB 51 21 1D 2A 32 F2 D4 45 A6 D6 839 After xor: 56 23 07 4B FE 6F B7 63 8A 53 7F 30 63 97 04 D1 [msg] 840 After CAM: A9 A1 32 55 8F C6 9B 98 A9 CC 23 96 FE CA 84 EB 841 After xor: FE 10 98 1B CB 46 99 67 02 CC 23 96 FE CA 84 EB [msg] 842 After CAM: 6A 5E 04 42 D1 A5 7E 17 9A 6C 8B 56 F7 19 80 C5 843 MIC tag : 6A 5E 04 42 D1 A5 7E 17 9A 6C 844 CTR Start: 01 00 C5 3C D4 C2 AA 24 B1 60 B6 A3 1C 1C 00 01 845 CTR[0001]: 46 1D EF 41 AF A2 94 52 5D 51 AE CB 04 49 74 CD 846 CTR[0002]: 29 2E 62 66 1B 66 9A 2B 97 72 6B 77 32 A8 DC 35 847 CTR[MIC ]: B8 54 06 A2 6C 6F 93 37 8A BF 848 Total packet length = 43. [Encrypted] 849 E2 85 E0 E4 80 8C DA 3D B1 40 45 46 BF 66 72 10 850 CA 28 E3 09 B3 9B D6 CA 7E 9F C8 28 5F E6 98 D4 851 3C D2 0A 02 E0 BD CA ED 20 10 D3 853 =============== Packet Vector #22 ================== 854 CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD 855 Nonce = 00 BE E9 26 7F BA DC B1 60 B6 A3 1C 1C 856 Total packet length = 31. [Input (12 cleartext header octets)] 857 6C AE F9 94 11 41 57 0D 7C 81 34 05 C2 38 82 2F 858 AC 5F 98 FF 92 94 05 B0 AD 12 7A 4E 41 85 4E 859 CBC IV in: 61 00 BE E9 26 7F BA DC B1 60 B6 A3 1C 1C 00 13 860 CBC IV out:20 60 6A D1 E1 A0 84 52 2F A3 8B F4 88 1D D6 8B 861 After xor: 20 6C 06 7F 18 34 95 13 78 AE F7 75 BC 18 D6 8B [hdr] 862 After CAM: 71 FD FF E7 D9 C8 95 75 D3 EC 0B 7E 7B 8B BE E7 863 After xor: B3 C5 7D C8 75 97 0D 8A 41 78 0E CE D6 99 C4 A9 [msg] 864 After CAM: CA AD 93 9C 59 BA 40 AA 1A 0B 88 1B EE 3D 3C 65 865 After xor: 8B 28 DD 9C 59 BA 40 AA 1A 0B 88 1B EE 3D 3C 65 [msg] 866 After CAM: DC 48 8F AA 9C 75 E7 03 17 56 C2 C7 48 48 8D 1B 867 MIC tag : DC 48 8F AA 9C 75 E7 03 17 56 868 CTR Start: 01 00 BE E9 26 7F BA DC B1 60 B6 A3 1C 1C 00 01 869 CTR[0001]: 56 F0 17 B3 BD 09 02 D6 EA A5 A2 91 AD 4A 2D E5 870 CTR[0002]: 20 3D 34 21 EF 5B F8 FC 7B 21 5C 76 7B A5 21 A6 871 CTR[MIC ]: F1 A2 86 9C 2A 9E B8 61 48 0B 872 Total packet length = 41. [Encrypted] 873 6C AE F9 94 11 41 57 0D 7C 81 34 05 94 C8 95 9C 874 11 56 9A 29 78 31 A7 21 00 58 57 AB 61 B8 7A 2D 875 EA 09 36 B6 EB 5F 62 5F 5D 877 =============== Packet Vector #23 ================== 878 CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD 879 Nonce = 00 DF A8 B1 24 50 07 B1 60 B6 A3 1C 1C 880 Total packet length = 32. [Input (12 cleartext header octets)] 881 36 A5 2C F1 6B 19 A2 03 7A B7 01 1E 4D BF 3E 77 882 4A D2 45 E5 D5 89 1F 9D 1C 32 A0 AE 02 2C 85 D7 883 CBC IV in: 61 00 DF A8 B1 24 50 07 B1 60 B6 A3 1C 1C 00 14 884 CBC IV out:78 FD B6 AF 61 9E 1C 8D 82 41 17 A8 73 60 1B 70 885 After xor: 78 F1 80 0A 4D 6F 77 94 20 42 6D 1F 72 7E 1B 70 [hdr] 886 After CAM: 62 2E 28 65 92 43 DB 82 88 79 09 1E A7 24 54 67 887 After xor: 2F 91 16 12 D8 91 9E 67 5D F0 16 83 BB 16 F4 C9 [msg] 888 After CAM: 95 0E 52 08 FF 16 70 8C 1E D9 BB 06 3E 1E 41 CF 889 After xor: 97 22 D7 DF FF 16 70 8C 1E D9 BB 06 3E 1E 41 CF [msg] 890 After CAM: BA CD 51 FC 77 F4 02 8D 47 D5 7D 54 7D 46 33 4B 891 MIC tag : BA CD 51 FC 77 F4 02 8D 47 D5 892 CTR Start: 01 00 DF A8 B1 24 50 07 B1 60 B6 A3 1C 1C 00 01 893 CTR[0001]: 15 D6 DD DD 98 96 39 91 35 75 1A 64 B8 D8 D4 F9 894 CTR[0002]: 7D 61 6D 1D EB 92 00 2B 6F FA AB 53 BC AF 69 89 895 CTR[MIC ]: 33 E9 27 BE E1 59 06 9C DB 32 896 Total packet length = 42. [Encrypted] 897 36 A5 2C F1 6B 19 A2 03 7A B7 01 1E 58 69 E3 AA 898 D2 44 7C 74 E0 FC 05 F9 A4 EA 74 57 7F 4D E8 CA 899 89 24 76 42 96 AD 04 11 9C E7 901 =============== Packet Vector #24 ================== 902 CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD 903 Nonce = 00 3B 8F D8 D3 A9 37 B1 60 B6 A3 1C 1C 904 Total packet length = 33. [Input (12 cleartext header octets)] 905 A4 D4 99 F7 84 19 72 8C 19 17 8B 0C 9D C9 ED AE 906 2F F5 DF 86 36 E8 C6 DE 0E ED 55 F7 86 7E 33 33 907 7D 908 CBC IV in: 61 00 3B 8F D8 D3 A9 37 B1 60 B6 A3 1C 1C 00 15 909 CBC IV out:84 E6 CF DD 6A 37 68 5D E6 71 AD 54 B3 BE FE B9 910 After xor: 84 EA 6B 09 F3 C0 EC 44 94 FD B4 43 38 B2 FE B9 [hdr] 911 After CAM: C5 0F A0 62 20 18 F1 21 0E BC 3D 2E 47 B7 B8 C3 912 After xor: 58 C6 4D CC 0F ED 2E A7 38 54 FB F0 49 5A ED 34 [msg] 913 After CAM: C4 6F 6D C3 17 3C 2A 7A 81 FC 2D DA 7F B7 C6 60 914 After xor: 42 11 5E F0 6A 3C 2A 7A 81 FC 2D DA 7F B7 C6 60 [msg] 915 After CAM: DF AB 2E 76 B0 67 50 B3 7C DD 9A AC F3 79 17 71 916 MIC tag : DF AB 2E 76 B0 67 50 B3 7C DD 917 CTR Start: 01 00 3B 8F D8 D3 A9 37 B1 60 B6 A3 1C 1C 00 01 918 CTR[0001]: D6 D0 6C F8 16 CE D0 F1 A0 E0 AC 71 BA B9 AD 34 919 CTR[0002]: 76 4A FF 9A 1B F8 55 1F 68 54 39 0A EE 37 24 28 920 CTR[MIC ]: 4B F4 31 B8 17 86 4B 5D 16 F2 921 Total packet length = 43. [Encrypted] 922 A4 D4 99 F7 84 19 72 8C 19 17 8B 0C 4B 19 81 56 923 39 3B 0F 77 96 08 6A AF B4 54 F8 C3 F0 34 CC A9 924 66 94 5F 1F CE A7 E1 1B EE 6A 2F 926 5. Security Considerations 928 Camellia-CTR and Camellia-CCM employ CTR mode for confidentiality. 929 About the security on CTR mode, refer to Security Considerations on 930 [16] . 932 6. IANA Considerations 934 There are no IANA assignments to be performed. 936 7. Acknowledgments 938 Thanks to Rui Hodai for their comments and suggestions. Special 939 thanks to Alfred Hoenes for several very detailed reviews and 940 suggestions. 942 This document includes text borrowed from RFC 3610 [15]. 944 8. References 946 8.1. Normative 948 [1] Matsui, M., Nakajima, J., and S. Moriai, "A Description of the 949 Camellia Encryption Algorithm", RFC 3713, April 2004. 951 [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement 952 Levels", BCP 14, RFC 2119, March 1997. 954 [3] Dworkin, M., "Recommendation for Block Cipher Modes of 955 Operation - Methods and Techniques", NIST Special 956 Publication 800-38A, December 2001, . 959 [4] National Institute of Standards and Technology, "Recommendation 960 for Block Cipher Modes Operation : The CCM Mode for 961 Authentication and Confidentiality", May 2004, . 964 8.2. Informative 966 [5] National Institute of Standards and Technology, "Advanced 967 Encryption Standard (AES)", FIPS PUB 197, November 2001, 968 . 970 [6] Kato, A., Moriai, S., and M. Kanda, "The Camellia Cipher 971 Algorithm and Its Use With IPsec", RFC 4312, December 2005. 973 [7] Moriai, S., Kato, A., and M. Kanda, "Addition of Camellia 974 Cipher Suites to Transport Layer Security (TLS)", RFC 4132, 975 July 2005. 977 [8] Moriai, S. and A. Kato, "Use of the Camellia Encryption 978 Algorithm in Cryptographic Message Syntax (CMS)", RFC 3657, 979 January 2004. 981 [9] Eastlake, D., "Additional XML Security Uniform Resource 982 Identifiers (URIs)", RFC 4051, April 2005. 984 [10] International Organization for Standardization, "Information 985 technology - Security techniques - Encryption algorithms - Part 986 3: Block ciphers", ISO/IEC 18033-3, July 2005. 988 [11] "The NESSIE project (New European Schemes for Signatures, 989 Integrity and Encryption)", 990 . 992 [12] Information-technology Promotion Agency (IPA), "Cryptography 993 Research and Evaluation Committees", 994 . 996 [13] "Camellia open source software", 997 . 999 [14] "Camellia web site", . 1001 [15] Whiting, D., Housley, R., and N. Ferguson, "Counter with CBC- 1002 MAC (CCM)", RFC 3610, September 2003. 1004 [16] Housley, R., "Using Advanced Encryption Standard (AES) Counter 1005 Mode With IPsec Encapsulating Security Payload (ESP)", 1006 RFC 3686, January 2004. 1008 Authors' Addresses 1010 Akihiro Kato 1011 NTT Software Corporation 1013 Phone: +81-45-212-7577 1014 Fax: +81-45-212-9800 1015 Email: akato@po.ntts.co.jp 1017 Masayuki Kanda 1018 Nippon Telegraph and Telephone Corporation 1020 Phone: +81-422-59-3456 1021 Fax: +81-422-59-4015 1022 Email: kanda.masayuki@lab.ntt.co.jp 1024 Satoru Kanno 1025 NTT Software Corporation 1027 Phone: +81-45-212-7577 1028 Fax: +81-45-212-9800 1029 Email: kanno-s@po.ntts.co.jp