idnits 2.17.1 draft-nystrom-smime-hmac-sha-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 15. -- Found old boilerplate from RFC 3978, Section 5.5 on line 394. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 371. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 378. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 384. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 27, 2005) is 6850 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 2104 (ref. '1') -- Possible downref: Non-RFC (?) normative reference: ref. '2' -- Obsolete informational reference (is this intentional?): RFC 3852 (ref. '4') (Obsoleted by RFC 5652) Summary: 4 errors (**), 0 flaws (~~), 3 warnings (==), 9 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group M. Nystrom 3 Internet-Draft RSA Security 4 Expires: December 29, 2005 June 27, 2005 6 Identifiers and Test Vectors for HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA- 7 384, and HMAC-SHA-512 8 draft-nystrom-smime-hmac-sha-02 10 Status of this Memo 12 By submitting this Internet-Draft, each author represents that any 13 applicable patent or other IPR claims of which he or she is aware 14 have been or will be disclosed, and any of which he or she becomes 15 aware will be disclosed, in accordance with Section 6 of BCP 79. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as Internet- 20 Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 The list of current Internet-Drafts can be accessed at 28 http://www.ietf.org/ietf/1id-abstracts.txt. 30 The list of Internet-Draft Shadow Directories can be accessed at 31 http://www.ietf.org/shadow.html. 33 This Internet-Draft will expire on December 29, 2005. 35 Copyright Notice 37 Copyright (C) The Internet Society (2005). 39 Abstract 41 This document provides test vectors for the HMAC-SHA-224, HMAC-SHA- 42 256, HMAC-SHA-384 and HMAC-SHA-512 message authentication schemes. 43 It also provides ASN.1 object identifiers and URIs to identify use of 44 these schemes in protocols. The test vectors provided in this 45 document may be used for conformance testing. 47 Table of Contents 49 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 50 2. Conventions used in this document . . . . . . . . . . . . . . 3 51 3. Scheme identifiers . . . . . . . . . . . . . . . . . . . . . . 3 52 3.1 ASN.1 Object Identifiers . . . . . . . . . . . . . . . . . 3 53 3.2 Algorithm URIs . . . . . . . . . . . . . . . . . . . . . . 4 54 4. Test vectors . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . 4 56 4.2 Test case 1 . . . . . . . . . . . . . . . . . . . . . . . 4 57 4.3 Test case 2 . . . . . . . . . . . . . . . . . . . . . . . 4 58 4.4 Test case 3 . . . . . . . . . . . . . . . . . . . . . . . 5 59 4.5 Test case 4 . . . . . . . . . . . . . . . . . . . . . . . 5 60 4.6 Test case 5 . . . . . . . . . . . . . . . . . . . . . . . 6 61 4.7 Test case 6 . . . . . . . . . . . . . . . . . . . . . . . 6 62 4.8 Test case 7 . . . . . . . . . . . . . . . . . . . . . . . 7 63 5. IANA considerations . . . . . . . . . . . . . . . . . . . . . 8 64 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 65 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 66 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 67 8.1 Normative references . . . . . . . . . . . . . . . . . . . 9 68 8.2 Informative references . . . . . . . . . . . . . . . . . . 9 69 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 9 70 Intellectual Property and Copyright Statements . . . . . . . . 10 72 1. Introduction 74 This document provides test vectors for the HMAC-SHA-224, HMAC-SHA- 75 256, HMAC-SHA384, and HMAC-SHA-512 message authentication schemes. 76 It also provides ASN.1 object identifiers and URIs to identify use of 77 these schemes in protocols using ASN.1 constructs (such as those 78 built on S/MIME [4]) or protocols based on XML constructs (such as 79 those leveraging XML Digital Signatures [5]). 81 HMAC-SHA-224 is the realization of the HMAC message authentication 82 code [1] using the SHA-224 hash function, HMAC-SHA-256 is the 83 realization of the HMAC message authentication code using the SHA-256 84 hash function, HMAC-SHA-384 is the realization of the HMAC message 85 authentication code using the SHA-384 hash function, and HMAC-SHA-512 86 is the realization of the HMAC message authentication code using the 87 SHA-512 hash function. SHA-224, SHA-256, SHA-384, and SHA-512 are 88 all described in [2]. 90 2. Conventions used in this document 92 The key word "SHOULD" in this document is to be interpreted as 93 described in RFC 2119 [3]. 95 3. Scheme identifiers 97 3.1 ASN.1 Object Identifiers 99 The following ASN.1 object identifiers have been allocated for these 100 schemes: 102 rsadsi OBJECT IDENTIFIER ::= 103 {iso(1) member-body(2) us(840) rsadsi(113549)} 105 digestAlgorithm OBJECT IDENTIFIER ::= {rsadsi 2} 107 id-hmacWithSHA224 OBJECT IDENTIFIER ::= {digestAlgorithm 8} 108 id-hmacWithSHA256 OBJECT IDENTIFIER ::= {digestAlgorithm 9} 109 id-hmacWithSHA384 OBJECT IDENTIFIER ::= {digestAlgorithm 10} 110 id-hmacWithSHA512 OBJECT IDENTIFIER ::= {digestAlgorithm 11} 112 When the "algorithm" component in a value of ASN.1 type 113 AlgorithmIdentifier (see, e.g. [4], Section 10) identifies one of 114 these schemes, the "parameter" component SHOULD be present but have 115 type NULL. 117 3.2 Algorithm URIs 119 The following URIs have been allocated for these schemes: 121 http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5#hmac-sha-224 122 http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5#hmac-sha-256 123 http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5#hmac-sha-384 124 http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5#hmac-sha-512 126 As usual, when used in the context of [5], the 127 element may specify the truncated length of the scheme output. 129 4. Test vectors 131 4.1 Introduction 133 The test vectors in this document have been cross-verified by three 134 independent implementations. An implementation that concurs with the 135 results provided in this document should be interoperable with other 136 similar implementations. 138 Keys, data and digests are provided in hex. 140 4.2 Test case 1 142 Key = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b 143 0b0b0b0b (20 bytes) 144 Data = 4869205468657265 ("Hi There") 146 HMAC-SHA-224 = 896fb1128abbdf196832107cd49df33f 147 47b4b1169912ba4f53684b22 148 HMAC-SHA-256 = b0344c61d8db38535ca8afceaf0bf12b 149 881dc200c9833da726e9376c2e32cff7 150 HMAC-SHA-384 = afd03944d84895626b0825f4ab46907f 151 15f9dadbe4101ec682aa034c7cebc59c 152 faea9ea9076ede7f4af152e8b2fa9cb6 153 HMAC-SHA-512 = 87aa7cdea5ef619d4ff0b4241a1d6cb0 154 2379f4e2ce4ec2787ad0b30545e17cde 155 daa833b7d6b8a702038b274eaea3f4e4 156 be9d914eeb61f1702e696c203a126854 158 4.3 Test case 2 160 Test with key shorter than the length of the HMAC output. 162 Key = 4a656665 ("Jefe") 163 Data = 7768617420646f2079612077616e7420 ("what do ya want ") 164 666f72206e6f7468696e673f ("for nothing?") 166 HMAC-SHA-224 = a30e01098bc6dbbf45690f3a7e9e6d0f 167 8bbea2a39e6148008fd05e44 168 HMAC-SHA-256 = 5bdcc146bf60754e6a042426089575c7 169 5a003f089d2739839dec58b964ec3843 170 HMAC-SHA-384 = af45d2e376484031617f78d2b58a6b1b 171 9c7ef464f5a01b47e42ec3736322445e 172 8e2240ca5e69e2c78b3239ecfab21649 173 HMAC-SHA-512 = 164b7a7bfcf819e2e395fbe73b56e0a3 174 87bd64222e831fd610270cd7ea250554 175 9758bf75c05a994a6d034f65f8f0e6fd 176 caeab1a34d4a6b4b636e070a38bce737 178 4.4 Test case 3 180 Test with combined length of key and data larger than 64 bytes (= 181 block-size of SHA-224 and SHA-256). 183 Key aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 184 aaaaaaaa (20 bytes) 185 Data = dddddddddddddddddddddddddddddddd 186 dddddddddddddddddddddddddddddddd 187 dddddddddddddddddddddddddddddddd 188 dddd (50 bytes) 190 HMAC-SHA-224 = 7fb3cb3588c6c1f6ffa9694d7d6ad264 191 9365b0c1f65d69d1ec8333ea 192 HMAC-SHA-256 = 773ea91e36800e46854db8ebd09181a7 193 2959098b3ef8c122d9635514ced565fe 194 HMAC-SHA-384 = 88062608d3e6ad8a0aa2ace014c8a86f 195 0aa635d947ac9febe83ef4e55966144b 196 2a5ab39dc13814b94e3ab6e101a34f27 197 HMAC-SHA-512 = fa73b0089d56a284efb0f0756c890be9 198 b1b5dbdd8ee81a3655f83e33b2279d39 199 bf3e848279a722c806b485a47e67c807 200 b946a337bee8942674278859e13292fb 202 4.5 Test case 4 204 Test with combined length of key and data larger than 64 bytes (= 205 block-size of SHA-224 and SHA-256). 207 Key = 0102030405060708090a0b0c0d0e0f10 208 111213141516171819 (25 bytes) 209 Data = cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd 210 cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd 211 cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd 212 cdcd (50 bytes) 214 HMAC-SHA-224 = 6c11506874013cac6a2abc1bb382627c 215 ec6a90d86efc012de7afec5a 216 HMAC-SHA-256 = 82558a389a443c0ea4cc819899f2083a 217 85f0faa3e578f8077a2e3ff46729665b 218 HMAC-SHA-384 = 3e8a69b7783c25851933ab6290af6ca7 219 7a9981480850009cc5577c6e1f573b4e 220 6801dd23c4a7d679ccf8a386c674cffb 221 HMAC-SHA-512 = b0ba465637458c6990e5a8c5f61d4af7 222 e576d97ff94b872de76f8050361ee3db 223 a91ca5c11aa25eb4d679275cc5788063 224 a5f19741120c4f2de2adebeb10a298dd 226 4.6 Test case 5 228 Test with truncation of output to 128 bits. 230 Key = 0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c 231 0c0c0c0c (20 bytes) 232 Data = 546573742057697468205472756e6361 ("Test With Trunca") 233 74696f6e ("tion") 235 HMAC-SHA-224 = 0e2aea68a90c8d37c988bcdb9fca6fa8 236 HMAC-SHA-256 = a3b6167473100ee06e0c796c2955552b 237 HMAC-SHA-384 = 3abf34c3503b2a23a46efc619baef897 238 HMAC-SHA-512 = 415fad6271580a531d4179bc891d87a6 240 4.7 Test case 6 242 Test with key larger than 128 bytes (= block-size of SHA-384 and SHA- 243 512). 245 Key = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 246 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 247 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 248 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 249 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 250 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 251 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 252 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 253 aaaaaa (131 bytes) 254 Data = 54657374205573696e67204c61726765 ("Test Using Large") 255 72205468616e20426c6f636b2d53697a ("r Than Block-Siz") 256 65204b6579202d2048617368204b6579 ("e Key - Hash Key") 257 204669727374 (" First") 259 HMAC-SHA-224 = 95e9a0db962095adaebe9b2d6f0dbce2 260 d499f112f2d2b7273fa6870e 261 HMAC-SHA-256 = 60e431591ee0b67f0d8a26aacbf5b77f 262 8e0bc6213728c5140546040f0ee37f54 263 HMAC-SHA-384 = 4ece084485813e9088d2c63a041bc5b4 264 4f9ef1012a2b588f3cd11f05033ac4c6 265 0c2ef6ab4030fe8296248df163f44952 266 HMAC-SHA-512 = 80b24263c7c1a3ebb71493c1dd7be8b4 267 9b46d1f41b4aeec1121b013783f8f352 268 6b56d037e05f2598bd0fd2215d6a1e52 269 95e64f73f63f0aec8b915a985d786598 271 4.8 Test case 7 273 Test with key and data larger than 128 bytes (= block-size of SHA-384 274 and SHA-512). 276 Key = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 277 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 278 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 279 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 280 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 281 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 282 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 283 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 284 aaaaaa (131 bytes) 285 Data = 54686973206973206120746573742075 ("This is a test u") 286 73696e672061206c6172676572207468 ("sing a larger th") 287 616e20626c6f636b2d73697a65206b65 ("an block-size ke") 288 7920616e642061206c61726765722074 ("y and a larger t") 289 68616e20626c6f636b2d73697a652064 ("han block-size d") 290 6174612e20546865206b6579206e6565 ("ata. The key nee") 291 647320746f2062652068617368656420 ("ds to be hashed ") 292 6265666f7265206265696e6720757365 ("before being use") 293 642062792074686520484d414320616c ("d by the HMAC al") 294 676f726974686d2e ("gorithm.") 296 HMAC-SHA-224 = 3a854166ac5d9f023f54d517d0b39dbd 297 946770db9c2b95c9f6f565d1 298 HMAC-SHA-256 = 9b09ffa71b942fcb27635fbcd5b0e944 299 bfdc63644f0713938a7f51535c3a35e2 300 HMAC-SHA-384 = 6617178e941f020d351e2f254e8fd32c 301 602420feb0b8fb9adccebb82461e99c5 302 a678cc31e799176d3860e6110c46523e 303 HMAC-SHA-512 = e37b6a775dc87dbaa4dfa9f96e5e3ffd 304 debd71f8867289865df5a32d20cdc944 305 b6022cac3c4982b10d5eeb55c3e4de15 306 134676fb6de0446065c97440fa8c6a58 308 5. IANA considerations 310 This document does not have any actions for IANA. 312 6. Security Considerations 314 This document is intended to provide the identifications and test 315 vectors for the four identified message authentication code schemes 316 to the Internet community. No assertion of the security of these 317 message authentication code schemes for any particular use is 318 intended. The reader is referred to [1] for a discussion of the 319 general security of the HMAC construction. 321 7. Acknowledgments 323 The test cases in this document are derived from the test cases in 324 [6], although the keys and data are slightly different. 326 Thanks to Jim Schaad and Brad Hards for assistance in verifying the 327 results. 329 8. References 331 8.1 Normative references 333 [1] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-Hashing 334 for Message Authentication", RFC 2104, February 1997. 336 [2] National Institute of Standards and Technology, "Secure Hash 337 Standard", FIPS 180-2, August 2002, with Change Notice 1 dated 338 February 2004. 340 [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement 341 Levels", RFC 2119, March 1997. 343 8.2 Informative references 345 [4] Housley, R., "Cryptographic Message Syntax (CMS)", RFC 3852, 346 July 2004. 348 [5] Eastlake 3rd, D., Reagle, J., and D. Solo, "(Extensible Markup 349 Language) XML-Signature Syntax and Processing", RFC 3275, 350 March 2002. 352 [6] Cheng, P. and R. Glenn, "Test Cases for HMAC-MD5 and 353 HMAC-SHA-1", RFC 2202, September 1997. 355 Author's Address 357 Magnus Nystrom 358 RSA Security 360 Email: magnus@rsasecurity.com 362 Intellectual Property Statement 364 The IETF takes no position regarding the validity or scope of any 365 Intellectual Property Rights or other rights that might be claimed to 366 pertain to the implementation or use of the technology described in 367 this document or the extent to which any license under such rights 368 might or might not be available; nor does it represent that it has 369 made any independent effort to identify any such rights. Information 370 on the procedures with respect to rights in RFC documents can be 371 found in BCP 78 and BCP 79. 373 Copies of IPR disclosures made to the IETF Secretariat and any 374 assurances of licenses to be made available, or the result of an 375 attempt made to obtain a general license or permission for the use of 376 such proprietary rights by implementers or users of this 377 specification can be obtained from the IETF on-line IPR repository at 378 http://www.ietf.org/ipr. 380 The IETF invites any interested party to bring to its attention any 381 copyrights, patents or patent applications, or other proprietary 382 rights that may cover technology that may be required to implement 383 this standard. Please address the information to the IETF at 384 ietf-ipr@ietf.org. 386 Disclaimer of Validity 388 This document and the information contained herein are provided on an 389 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 390 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 391 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 392 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 393 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 394 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 396 Copyright Statement 398 Copyright (C) The Internet Society (2005). This document is subject 399 to the rights, licenses and restrictions contained in BCP 78, and 400 except as set forth therein, the authors retain all their rights. 402 Acknowledgment 404 Funding for the RFC Editor function is currently provided by the 405 Internet Society.