idnits 2.17.1 draft-touch-tcpm-ao-test-vectors-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- -- The document has an IETF Trust Provisions (28 Dec 2009) Section 6.c(i) Publication Limitation clause. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. == There are 1 instance of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 5, 2020) is 1358 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 793 (Obsoleted by RFC 9293) -- Duplicate reference: RFC5925, mentioned in 'RFC5926', was also mentioned in 'RFC5925'. -- Duplicate reference: RFC2119, mentioned in 'RFC8174', was also mentioned in 'RFC2119'. -- No information found for draft-tsvwg-touch-sne - is the name correct? Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 TCPM J. Touch 2 Internet Draft Independent consultant 3 Intended status: Informational J. Kuusisaari 4 Expires: February 2021 Infinera 5 August 5, 2020 7 TCP-AO Test Vectors 9 draft-touch-tcpm-ao-test-vectors-01.txt 11 Status of this Memo 13 This Internet-Draft is submitted in full conformance with the 14 provisions of BCP 78 and BCP 79. This document may not be modified, 15 and derivative works of it may not be created, except to format it 16 for publication as an RFC or to translate it into languages other 17 than English. 19 Internet-Drafts are working documents of the Internet Engineering 20 Task Force (IETF), its areas, and its working groups. Note that 21 other groups may also distribute working documents as Internet- 22 Drafts. 24 Internet-Drafts are draft documents valid for a maximum of six 25 months and may be updated, replaced, or obsoleted by other documents 26 at any time. It is inappropriate to use Internet-Drafts as 27 reference material or to cite them other than as "work in progress." 29 The list of current Internet-Drafts can be accessed at 30 http://www.ietf.org/ietf/1id-abstracts.txt 32 The list of Internet-Draft Shadow Directories can be accessed at 33 http://www.ietf.org/shadow.html 35 This Internet-Draft will expire on February 7, 2020. 37 Copyright Notice 39 Copyright (c) 2020 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with 47 respect to this document. Code Components extracted from this 48 document must include Simplified BSD License text as described in 49 Section 4.e of the Trust Legal Provisions and are provided without 50 warranty as described in the Simplified BSD License. 52 Abstract 54 This document provides test vectors to validate implementations of 55 the two mandatory authentication algorithms specified for the TCP 56 Authentication Option over both IPv4 and IPv6. This includes 57 validation of the key derivation function (KDF) based on a set of 58 test connection parameters as well as validation of the message 59 authentication code (MAC). Vectors are provided for both currently 60 required pairs of KDF and MAC algorithms: one based on SHA-1 and the 61 other on AES-128. The vectors also validate both whole TCP segments 62 as well as segments whose options are excluded for NAT traversal. 64 Table of Contents 66 1. Introduction...................................................3 67 2. Conventions used in this document..............................3 68 3. Background.....................................................3 69 4. Input Test Vectors.............................................4 70 4.1. TCP Connection Parameters.................................4 71 4.1.1. TCP-AO parameters....................................4 72 4.1.2. Active (client) side parameters......................4 73 4.1.3. Passive (server) side parameters.....................4 74 4.1.4. Other IP fields and options..........................4 75 4.1.5. Other TCP fields and options.........................5 76 5. IPv4 SHA-1 Output Test Vectors.................................5 77 5.1. SHA-1 MAC (default - covers TCP options)..................5 78 5.1.1. Send (client) SYN (covers options)...................5 79 5.1.2. Receive (server) SYN-ACK (covers options)............6 80 5.1.3. Send (client) non-SYN (covers options)...............6 81 5.1.4. Receive (server) non-SYN (covers options)............7 82 5.2. SHA-1 MAC (omits TCP options).............................7 83 5.2.1. Send (client) SYN (omits options)....................7 84 5.2.2. Receive (server) SYN-ACK (omits options).............8 85 5.2.3. Send (client) non-SYN (omits options)................8 86 5.2.4. Receive (server) non-SYN (omits options).............9 87 6. IPv4 AES-128 Output Test Vectors...............................9 88 6.1. AES MAC (default - covers TCP options)....................9 89 6.1.1. Send (client) SYN (covers options)...................9 90 6.1.2. Receive (server) SYN-ACK (covers options)...........10 91 6.1.3. Send (client) non-SYN (covers options)..............10 92 6.1.4. Receive (server) non-SYN (covers options)...........11 93 6.2. AES MAC (omits TCP options)..............................12 94 6.2.1. Send (client) SYN (omits options)...................12 95 6.2.2. Receive (server) SYN-ACK (omits options)............12 96 6.2.3. Send (client) non-SYN (omits options)...............13 97 6.2.4. Receive (server) non-SYN (omits options)............13 98 7. IPv6 SHA-1 Output Test Vectors................................14 99 8. IPv6 AES-128 Output Test Vectors..............................14 100 9. Observed Implementation Errors................................14 101 9.1. Algorithm issues.........................................14 102 9.2. Algorithm parameters.....................................14 103 9.3. String handling issues...................................14 104 9.4. Header coverage issues...................................15 105 10. Security Considerations......................................15 106 11. IANA Considerations..........................................15 107 12. References...................................................15 108 12.1. Normative References....................................15 109 12.2. Informative References..................................16 110 13. Acknowledgments..............................................16 112 1. Introduction 114 This document provides test vectors to validate the correct 115 implementation of the TCP Authentication Option (TCP-AO) [RFC5925]. 116 It includes the specification of all endpoint parameters to generate 117 the variety of TCP segments covered by different keys and MAC 118 coverage, i.e., both the default case and the variant where TCP 119 options are ignored. It also includes both default key derivation 120 functions (KDFs) and MAC generation algorithms [RFC5926]. 122 The experimental extension to support NAT traversal is not included 123 in the provided test vectors [RFC6978]. 125 This document provides test vectors from an implementation. 127 2. Conventions used in this document 129 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 130 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 131 "OPTIONAL" in this document are to be interpreted as described in 132 BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all 133 capitals, as shown here. 135 3. Background 137 (TBD) 139 4. Input Test Vectors 141 4.1. TCP Connection Parameters 143 The following parameters are used throughout this suite of test 144 vectors. The terms 'active' and 'passive' are used as defined for 145 TCP [RFC793]. 147 4.1.1. TCP-AO parameters 149 The following values are used for all exchanges. This suite does not 150 test key switchover. The KeyIDs are as indicated for TCP-AO 151 [RFC5925]. The Master Key is used to derive the traffic keys 152 [RFC5926]. 154 Active (client) side KeyID: 61 (3D) 156 Passive (server) side KeyID: 84 (54) 158 Master_key: "testvector" (length = 10 bytes) 160 4.1.2. Active (client) side parameters 162 The following endpoint parameters are used on the active side of the 163 TCP connection, i.e., the side that initiates the TCP SYN. 165 For IPv4: 10.11.12.13 167 For IPv6: (TBD) 169 TCP port: 57969 (E271) 171 4.1.3. Passive (server) side parameters 173 The following endpoint parameters are used for the passive side of 174 the TCP connection, i.e., the side that responds with a TCP SYN-ACK. 176 For IPv4: 172.27.28.29 178 For IPv6: (TBD) 180 TCP port = 179 (BGP) 182 4.1.4. Other IP fields and options 184 No IP options are used in these test vectors. 186 All IPv4 packets use the following other parameters [RFC791]: DSCP = 187 111000 (CS7) as is typical for BGP, ECN = 00, set DF, clear MF, and 188 TTL of 255. 190 All IPv6 use the following other parameters [RFC8200]: (TBD). 192 4.1.5. Other TCP fields and options 194 The SYN and SYN-ACK segments include MSS [RFC793], NOP, WindowScale 195 [RFC7323], SACK Permitted [RFC2018], TimeStamp [RFC7323], and TCP-AO 196 [RFC5925], in that order. 198 All other example segments include NOP, NOP, TimeStamp, and TCP-AO, 199 in that order. 201 All segment URG pointers are zero [RFC793]. All segments with data 202 set the PSH flag [RFC793]. 204 5. IPv4 SHA-1 Output Test Vectors 206 SHA-1 is computed as specified for TCP-AO [RFC5926]. 208 5.1. SHA-1 MAC (default - covers TCP options) 210 5.1.1. Send (client) SYN (covers options) 212 Send_SYN_traffic_key: 214 6d 63 ef 1b 02 fe 15 09 d4 b1 40 27 07 fd 7b 04 215 16 ab b7 4f 217 IPv4/TCP: 219 45 e0 00 4c dd 0f 40 00 ff 06 bf 6b 0a 0b 0c 0d 220 ac 1b 1c 1d e9 d7 00 b3 fb fb ab 5a 00 00 00 00 221 e0 02 ff ff ca c4 00 00 02 04 05 b4 01 03 03 08 222 04 02 08 0a 00 15 5a b7 00 00 00 00 1d 10 3d 54 223 2e e4 37 c6 f8 ed e6 d7 c4 d6 02 e7 225 MAC: 227 2e e4 37 c6 f8 ed e6 d7 c4 d6 02 e7 229 5.1.2. Receive (server) SYN-ACK (covers options) 231 Receive_SYN_traffic_key: 233 d9 e2 17 e4 83 4a 80 ca 2f 3f d8 de 2e 41 b8 e6 234 79 7f ea 96 236 IPv4/TCP: 238 45 e0 00 4c 65 06 40 00 ff 06 37 75 ac 1b 1c 1d 239 0a 0b 0c 0d 00 b3 e9 d7 11 c1 42 61 fb fb ab 5b 240 e0 12 ff ff 37 76 00 00 02 04 05 b4 01 03 03 08 241 04 02 08 0a 84 a5 0b eb 00 15 5a b7 1d 10 54 3d 242 ee ab 0f e2 4c 30 10 81 51 16 b3 be 244 MAC: 246 ee ab 0f e2 4c 30 10 81 51 16 b3 be 248 5.1.3. Send (client) non-SYN (covers options) 250 Send_other_traffic_key: 252 d2 e5 9c 65 ff c7 b1 a3 93 47 65 64 63 b7 0e dc 253 24 a1 3d 71 255 IPv4/TCP: 257 45 e0 00 87 36 a1 40 00 ff 06 65 9f 0a 0b 0c 0d 258 ac 1b 1c 1d e9 d7 00 b3 fb fb ab 5b 11 c1 42 62 259 c0 18 01 04 a1 62 00 00 01 01 08 0a 00 15 5a c1 260 84 a5 0b eb 1d 10 3d 54 70 64 cf 99 8c c6 c3 15 261 c2 c2 e2 bf ff ff ff ff ff ff ff ff ff ff ff ff 262 ff ff ff ff 00 43 01 04 da bf 00 b4 0a 0b 0c 0d 263 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 264 00 02 02 42 00 02 06 41 04 00 00 da bf 02 08 40 265 06 00 64 00 01 01 00 267 MAC: 269 70 64 cf 99 8c c6 c3 15 c2 c2 e2 bf 271 5.1.4. Receive (server) non-SYN (covers options) 273 Receive_other_traffic_key: 275 d9 e2 17 e4 83 4a 80 ca 2f 3f d8 de 2e 41 b8 e6 276 79 7f ea 96 278 IPv4/TCP: 280 45 e0 00 87 1f a9 40 00 ff 06 7c 97 ac 1b 1c 1d 281 0a 0b 0c 0d 00 b3 e9 d7 11 c1 42 62 fb fb ab 9e 282 c0 18 01 00 40 0c 00 00 01 01 08 0a 84 a5 0b f5 283 00 15 5a c1 1d 10 54 3d a6 3f 0e cb bb 2e 63 5c 284 95 4d ea c7 ff ff ff ff ff ff ff ff ff ff ff ff 285 ff ff ff ff 00 43 01 04 da c0 00 b4 ac 1b 1c 1d 286 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 287 00 02 02 42 00 02 06 41 04 00 00 da c0 02 08 40 288 06 00 64 00 01 01 00 290 MAC: 292 a6 3f 0e cb bb 2e 63 5c 95 4d ea c7 294 5.2. SHA-1 MAC (omits TCP options) 296 5.2.1. Send (client) SYN (omits options) 298 Send_SYN_traffic_key: 300 30 ea a1 56 0c f0 be 57 da b5 c0 45 22 9f b1 0a 301 42 3c d7 ea 303 IPv4/TCP: 305 45 e0 00 4c 53 99 40 00 ff 06 48 e2 0a 0b 0c 0d 306 ac 1b 1c 1d ff 12 00 b3 cb 0e fb ee 00 00 00 00 307 e0 02 ff ff 54 1f 00 00 02 04 05 b4 01 03 03 08 308 04 02 08 0a 00 02 4c ce 00 00 00 00 1d 10 3d 54 309 80 af 3c fe b8 53 68 93 7b 8f 9e c2 311 MAC: 313 80 af 3c fe b8 53 68 93 7b 8f 9e c2 315 5.2.2. Receive (server) SYN-ACK (omits options) 317 Receive_SYN_traffic_key: 319 b5 b2 89 6b b3 66 4e 81 76 b0 ed c6 e7 99 52 41a 320 01 a8 30 7f 322 IPv4/TCP: 324 45 e0 00 4c 32 84 40 00 ff 06 69 f7 ac 1b 1c 1d 325 0a 0b 0c 0d 00 b3 ff 12 ac d5 b5 e1 cb 0e fb ef 326 e0 12 ff ff 38 8e 00 00 02 04 05 b4 01 03 03 08 327 04 02 08 0a 57 67 72 f3 00 02 4c ce 1d 10 54 3d 328 09 30 6f 9a ce a6 3a 8c 68 cb 9a 70 330 MAC: 332 09 30 6f 9a ce a6 3a 8c 68 cb 9a 70 334 5.2.3. Send (client) non-SYN (omits options) 336 Send_other_traffic_key: 338 f3 db 17 93 d7 91 0e cd 80 6c 34 f1 55 ea 1f 00 339 34 59 53 e3 341 IPv4/TCP: 343 45 e0 00 87 a8 f5 40 00 ff 06 f3 4a 0a 0b 0c 0d 344 ac 1b 1c 1d ff 12 00 b3 cb 0e fb ef ac d5 b5 e2 345 c0 18 01 04 6c 45 00 00 01 01 08 0a 00 02 4c ce 346 57 67 72 f3 1d 10 3d 54 71 06 08 cc 69 6c 03 a2 347 71 c9 3a a5 ff ff ff ff ff ff ff ff ff ff ff ff 348 ff ff ff ff 00 43 01 04 da bf 00 b4 0a 0b 0c 0d 349 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 350 00 02 02 42 00 02 06 41 04 00 00 da bf 02 08 40 351 06 00 64 00 01 01 00 353 MAC: 355 71 06 08 cc 69 6c 03 a2 71 c9 3a a5 357 5.2.4. Receive (server) non-SYN (omits options) 359 Receive_other_traffic_key: 361 b5 b2 89 6b b3 66 4e 81 76 b0 ed c6 e7 99 52 41 01 a8 30 7f 363 IPv4/TCP: 365 45 e0 00 87 54 37 40 00 ff 06 48 09 ac 1b 1c 1d 366 0a 0b 0c 0d 00 b3 ff 12 ac d5 b5 e2 cb 0e fc 32 367 c0 18 01 00 46 b6 00 00 01 01 08 0a 57 67 72 f3 368 00 02 4c ce 1d 10 54 3d 97 76 6e 48 ac 26 2d e9 369 ae 61 b4 f9 ff ff ff ff ff ff ff ff ff ff ff ff 370 ff ff ff ff 00 43 01 04 da c0 00 b4 ac 1b 1c 1d 371 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 372 00 02 02 42 00 02 06 41 04 00 00 da c0 02 08 40 373 06 00 64 00 01 01 00 375 MAC: 377 97 76 6e 48 ac 26 2d e9 ae 61 b4 f9 379 6. IPv4 AES-128 Output Test Vectors 381 AES-128 is computed as required by TCP-AO [RFC5926]. 383 6.1. AES MAC (default - covers TCP options) 385 6.1.1. Send (client) SYN (covers options) 387 Send_SYN_traffic_key: 389 f5 b8 b3 d5 f3 4f db b6 eb 8d 4a b9 66 0e 60 e3 391 IP/TCP: 393 45 e0 00 4c 7b 9f 40 00 ff 06 20 dc 0a 0b 0c 0d 394 ac 1b 1c 1d c4 fa 00 b3 78 7a 1d df 00 00 00 00 395 e0 02 ff ff 5a 0f 00 00 02 04 05 b4 01 03 03 08 396 04 02 08 0a 00 01 7e d0 00 00 00 00 1d 10 3d 54 397 e4 77 e9 9c 80 40 76 54 98 e5 50 91 399 MAC: 401 e4 77 e9 9c 80 40 76 54 98 e5 50 91 403 6.1.2. Receive (server) SYN-ACK (covers options) 405 Receive_SYN_traffic_key: 407 4b c7 57 1a 48 6f 32 64 bb d8 88 47 40 66 b4 b1 409 IPv4/TCP: 411 45 e0 00 4c 4b ad 40 00 ff 06 50 ce ac 1b 1c 1d 412 0a 0b 0c 0d 00 b3 c4 fa fa dd 6d e9 78 7a 1d e0 413 e0 12 ff ff f3 f2 00 00 02 04 05 b4 01 03 03 08 414 04 02 08 0a 93 f4 e9 e8 00 01 7e d0 1d 10 54 3d 415 d6 ad a7 bc 4c dd 53 6d 17 69 db 5f 417 MAC: 419 d6 ad a7 bc 4c dd 53 6d 17 69 db 5f 421 6.1.3. Send (client) non-SYN (covers options) 423 Send_other_traffic_key: 425 8c 8a e0 e8 37 1e c5 cb b9 7e a7 9d 90 41 83 91 427 IPv4/TCP: 429 45 e0 00 87 fb 4f 40 00 ff 06 a0 f0 0a 0b 0c 0d 430 ac 1b 1c 1d c4 fa 00 b3 78 7a 1d e0 fa dd 6d ea 431 c0 18 01 04 95 05 00 00 01 01 08 0a 00 01 7e d0 432 93 f4 e9 e8 1d 10 3d 54 77 41 27 42 fa 4d c4 33 433 ef f0 97 3e ff ff ff ff ff ff ff ff ff ff ff ff 434 ff ff ff ff 00 43 01 04 da bf 00 b4 0a 0b 0c 0d 435 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 436 00 02 02 42 00 02 06 41 04 00 00 da bf 02 08 40 437 06 00 64 00 01 01 00 439 MAC: 441 77 41 27 42 fa 4d c4 33 ef f0 97 3e 443 6.1.4. Receive (server) non-SYN (covers options) 445 Receive_other_traffic_key: 447 4b c7 57 1a 48 6f 32 64 bb d8 88 47 40 66 b4 b1 449 IPv4/TCP: 451 45 e0 00 87 b9 14 40 00 ff 06 e3 2b ac 1b 1c 1d 452 0a 0b 0c 0d 00 b3 c4 fa fa dd 6d ea 78 7a 1e 23 453 c0 18 01 00 e7 db 00 00 01 01 08 0a 93 f4 e9 e8 454 00 01 7e d0 1d 10 54 3d f6 d9 65 a7 83 82 a7 48 455 45 f7 2d ac ff ff ff ff ff ff ff ff ff ff ff ff 456 ff ff ff ff 00 43 01 04 da c0 00 b4 ac 1b 1c 1d 457 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 458 00 02 02 42 00 02 06 41 04 00 00 da c0 02 08 40 459 06 00 64 00 01 01 00 461 MAC: 463 f6 d9 65 a7 83 82 a7 48 45 f7 2d ac 465 6.2. AES MAC (omits TCP options) 467 6.2.1. Send (client) SYN (omits options) 469 Send_SYN_traffic_key: 471 2c db ae 13 92 c4 94 49 fa 92 c4 50 97 35 d5 0e 473 IPv4/TCP: 475 45 e0 00 4c f2 2e 40 00 ff 06 aa 4c 0a 0b 0c 0d 476 ac 1b 1c 1d da 1c 00 b3 38 9b ed 71 00 00 00 00 477 e0 02 ff ff 70 bf 00 00 02 04 05 b4 01 03 03 08 478 04 02 08 0a 00 01 85 e1 00 00 00 00 1d 10 3d 54 479 c4 4e 60 cb 31 f7 c0 b1 de 3d 27 49 481 MAC: 483 c4 4e 60 cb 31 f7 c0 b1 de 3d 27 49 485 6.2.2. Receive (server) SYN-ACK (omits options) 487 Receive_SYN_traffic_key: 489 3c e6 7a 55 18 69 50 6b 63 47 b6 33 c5 0a 62 4a 491 IPv4/TCP: 493 45 e0 00 4c 6c c0 40 00 ff 06 2f bb ac 1b 1c 1d 494 0a 0b 0c 0d 00 b3 da 1c d3 84 4a 6f 38 9b ed 72 495 e0 12 ff ff e4 45 00 00 02 04 05 b4 01 03 03 08 496 04 02 08 0a ce 45 98 38 00 01 85 e1 1d 10 54 3d 497 3a 6a bb 20 7e 49 b1 be 71 36 db 90 499 MAC: 501 3a 6a bb 20 7e 49 b1 be 71 36 db 90 503 6.2.3. Send (client) non-SYN (omits options) 505 Send_other_traffic_key: 507 03 5b c4 00 a3 41 ff e5 95 f5 9f 58 00 50 06 ca 509 IPv4/TCP: 511 45 e0 00 87 ee 91 40 00 ff 06 ad ae 0a 0b 0c 0d 512 ac 1b 1c 1d da 1c 00 b3 38 9b ed 72 d3 84 4a 70 513 c0 18 01 04 88 51 00 00 01 01 08 0a 00 01 85 e1 514 ce 45 98 38 1d 10 3d 54 75 85 e9 e9 d5 c3 ec 85 515 7b 96 f8 37 ff ff ff ff ff ff ff ff ff ff ff ff 516 ff ff ff ff 00 43 01 04 da bf 00 b4 0a 0b 0c 0d 517 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 518 00 02 02 42 00 02 06 41 04 00 00 da bf 02 08 40 519 06 00 64 00 01 01 00 521 MAC: 523 75 85 e9 e9 d5 c3 ec 85 7b 96 f8 37 525 6.2.4. Receive (server) non-SYN (omits options) 527 Receive_other_traffic_key: 529 3c e6 7a 55 18 69 50 6b 63 47 b6 33 c5 0a 62 4a 531 IPv4/TCP: 533 45 e0 00 87 6a 21 40 00 ff 06 32 1f ac 1b 1c 1d 534 0a 0b 0c 0d 00 b3 da 1c d3 84 4a 70 38 9b ed 72 535 c0 18 01 00 04 49 00 00 01 01 08 0a ce 45 98 38 536 00 01 85 e1 1d 10 54 3d 5c 04 0f d9 23 33 04 76 537 5c 09 82 f4 ff ff ff ff ff ff ff ff ff ff ff ff 538 ff ff ff ff 00 43 01 04 da c0 00 b4 ac 1b 1c 1d 539 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 540 00 02 02 42 00 02 06 41 04 00 00 da c0 02 08 40 541 06 00 64 00 01 01 00 543 MAC: 545 5c 04 0f d9 23 33 04 76 5c 09 82 f4 547 7. IPv6 SHA-1 Output Test Vectors 549 (TBD) 551 8. IPv6 AES-128 Output Test Vectors 553 (TBD) 555 9. Observed Implementation Errors 557 The following is a partial list of implementation errors that this 558 set of test vectors is intended to validate. 560 9.1. Algorithm issues 562 o Underlying implementation of HMAC SHA1 or AES128 CMAC does not 563 pass their corresponding test vectors [RFC2202] [RFC4493] 565 o SNE algorithm does not consider corner cases (the pseudocode in 566 [RFC5925] was not intended as complete, as discussed in [To20]) 568 9.2. Algorithm parameters 570 o KDF context length is incorrect, e.g. it does not include TCP 571 header length + payload length (it should, per 5.2 of TCP-AO 572 [RFC5925]) 574 o KDF calculation does not start from counter i = 1 (it should, per 575 Sec. 3.1.1 of the TCP-AO crypto algorithms [RFC5926]) 577 o KDF calculation does not include output length in bits, contained 578 in two bytes in network byte order (it should, per Sec. 3.1.1 of 579 the TCP-AO crypto algorithms [RFC5926]) 581 o KDF uses keys generated from current TCP segment sequence numbers 582 (KDF should use only local and remote ISNs or zero, as indicated 583 in Sec. 5.2 of TCP-AO [RFC5925]) 585 9.3. String handling issues 587 The strings indicated in TCP-AO and its algorithms are indicated as 588 a sequence of bytes of known length. In some implementations, string 589 lengths are indicated by a terminal value (e.g., zero in C). This 590 terminal value is not included as part of the string for 591 calculations. 593 o Password includes the last zero-byte (it should not) 595 o Label "TCP-AO" includes the last zero byte (it should not) 597 9.4. Header coverage issues 599 o TCP checksum and/or MAC is not zeroed properly before calculation 600 (both should be) 602 o TCP header is not included to the MAC calculation (it should be) 604 o TCP options are not included to the MAC calculation by default 605 (there is a separate parameter in the master key tuple to ignore 606 options; this document provides test vectors for both options- 607 included and options-excluded cases) 609 10. Security Considerations 611 This document is intended to assist in the validation of 612 implementations of TCP-AO, to further enable its more widespread use 613 as a security mechanism to authenticate not only TCP payload 614 contents but the TCP headers and protocol. 616 The master_key of "testvector" used here for test vector generation 617 SHOULD NOT be used operationally. 619 11. IANA Considerations 621 This document contains no IANA issues. This section should be 622 removed upon publication as an RFC. 624 12. References 626 12.1. Normative References 628 [RFC791] Postel, J., "Internet Protocol," RFC 791, Sept. 1981. 630 [RFC793] Postel, J., "Transmission Control Protocol," RFC 793, 631 September 1981. 633 [RFC2018] Mathis, M., J. Mahdavi, S. Floyd, A. Romanow, "TCP 634 Selective Acknowledgment Options," RFC 2018, Oct. 1996. 636 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 637 Requirement Levels," BCP 14, RFC 2119, March 1997. 639 [RFC5925] Touch, J., A. Mankin, R. Bonica, "The TCP Authentication 640 Option," RFC 5925, June 2010. 642 [RFC5926] Lebovitz, G., and E. Rescorla, "Cryptographic Algorithms 643 for the TCP Authentication Option (TCP-AO)," RFC 5925, 644 June 2010. 646 [RFC6978] Touch, J., "A TCP Authentication Option Extension for NAT 647 Traversal," RFC 6978, July 2013. 649 [RFC7323] Borman, D., B. Braden, V. Jacobson, R. Scheffenegger, Ed., 650 "TCP Extensions for High Performance," RFC 7323, Sept. 651 2014. 653 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 654 2119 Key Words," RFC 2119, May 2017. 656 [RFC8200] Deering, S., R. Hinden, "Internet Protocol Version 6 657 (IPv6) Specification," RFC 8200, Jul. 2017. 659 12.2. Informative References 661 [RFC2202] Cheng, P., and R. Glenn, "Test Cases for HMAC-MD5 and 662 HMAC-SHA-1," RFC 2202, Sept. 1997. 664 [RFC4493] Song, JH, R. Poovendran, J. Lee, T. Iwata, "The AES-CMAC 665 Algorithm," RFC 4493, June 2006. 667 [To20] Touch, J., "Sequence Number Extension for Windowed 668 Protocols," draft-tsvwg-touch-sne, Jun. 2020. 670 13. Acknowledgments 672 (TBD) 674 This document was prepared using 2-Word-v2.0.template.dot. 676 Authors' Addresses 678 Joe Touch 679 Manhattan Beach, CA 90266 USA 680 Phone: +1 (310) 560-0334 681 Email: touch@strayalpha.com 683 Juhamatti Kuusisaari 684 Infinera Corporation 685 Sinimaentie 6c 686 FI-02630 Espoo, Finland 687 Email: jkuusisaari@infinera.com