idnits 2.17.1 draft-touch-tcpm-ao-test-vectors-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- -- The document has an IETF Trust Provisions (28 Dec 2009) Section 6.c(i) Publication Limitation clause. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. == There are 1 instance of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 23, 2020) is 1219 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 793 (Obsoleted by RFC 9293) -- Duplicate reference: RFC5925, mentioned in 'RFC5926', was also mentioned in 'RFC5925'. -- Duplicate reference: RFC2119, mentioned in 'RFC8174', was also mentioned in 'RFC2119'. -- No information found for draft-tsvwg-touch-sne - is the name correct? Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 TCPM J. Touch 2 Internet Draft Independent consultant 3 Intended status: Informational J. Kuusisaari 4 Expires: June 2021 Infinera 5 December 23, 2020 7 TCP-AO Test Vectors 9 draft-touch-tcpm-ao-test-vectors-02.txt 11 Status of this Memo 13 This Internet-Draft is submitted in full conformance with the 14 provisions of BCP 78 and BCP 79. This document may not be modified, 15 and derivative works of it may not be created, except to format it 16 for publication as an RFC or to translate it into languages other 17 than English. 19 Internet-Drafts are working documents of the Internet Engineering 20 Task Force (IETF), its areas, and its working groups. Note that 21 other groups may also distribute working documents as Internet- 22 Drafts. 24 Internet-Drafts are draft documents valid for a maximum of six 25 months and may be updated, replaced, or obsoleted by other documents 26 at any time. It is inappropriate to use Internet-Drafts as 27 reference material or to cite them other than as "work in progress." 29 The list of current Internet-Drafts can be accessed at 30 http://www.ietf.org/ietf/1id-abstracts.txt 32 The list of Internet-Draft Shadow Directories can be accessed at 33 http://www.ietf.org/shadow.html 35 This Internet-Draft will expire on June 23, 2021. 37 Copyright Notice 39 Copyright (c) 2020 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with 47 respect to this document. Code Components extracted from this 48 document must include Simplified BSD License text as described in 49 Section 4.e of the Trust Legal Provisions and are provided without 50 warranty as described in the Simplified BSD License. 52 Abstract 54 This document provides test vectors to validate implementations of 55 the two mandatory authentication algorithms specified for the TCP 56 Authentication Option over both IPv4 and IPv6. This includes 57 validation of the key derivation function (KDF) based on a set of 58 test connection parameters as well as validation of the message 59 authentication code (MAC). Vectors are provided for both currently 60 required pairs of KDF and MAC algorithms: one based on SHA-1 and the 61 other on AES-128. The vectors also validate both whole TCP segments 62 as well as segments whose options are excluded for NAT traversal. 64 Table of Contents 66 1. Introduction...................................................3 67 2. Conventions used in this document..............................4 68 3. Input Test Vectors.............................................4 69 3.1. TCP Connection Parameters.................................4 70 3.1.1. TCP-AO parameters....................................4 71 3.1.2. Active (client) side parameters......................4 72 3.1.3. Passive (server) side parameters.....................5 73 3.1.4. Other IP fields and options..........................5 74 3.1.5. Other TCP fields and options.........................5 75 4. IPv4 SHA-1 Output Test Vectors.................................5 76 4.1. SHA-1 MAC (default - covers TCP options)..................6 77 4.1.1. Send (client) SYN (covers options)...................6 78 4.1.2. Receive (server) SYN-ACK (covers options)............6 79 4.1.3. Send (client) non-SYN (covers options)...............7 80 4.1.4. Receive (server) non-SYN (covers options)............7 81 4.2. SHA-1 MAC (omits TCP options).............................8 82 4.2.1. Send (client) SYN (omits options)....................8 83 4.2.2. Receive (server) SYN-ACK (omits options).............8 84 4.2.3. Send (client) non-SYN (omits options)................9 85 4.2.4. Receive (server) non-SYN (omits options).............9 86 5. IPv4 AES-128 Output Test Vectors..............................10 87 5.1. AES MAC (default - covers TCP options)...................10 88 5.1.1. Send (client) SYN (covers options)..................10 89 5.1.2. Receive (server) SYN-ACK (covers options)...........11 90 5.1.3. Send (client) non-SYN (covers options)..............11 91 5.1.4. Receive (server) non-SYN (covers options)...........12 93 5.2. AES MAC (omits TCP options)..............................12 94 5.2.1. Send (client) SYN (omits options)...................12 95 5.2.2. Receive (server) SYN-ACK (omits options)............13 96 5.2.3. Send (client) non-SYN (omits options)...............13 97 5.2.4. Receive (server) non-SYN (omits options)............14 98 6. IPv6 SHA-1 Output Test Vectors................................14 99 6.1. SHA-1 MAC (default - covers TCP options).................14 100 6.1.1. Send (client) SYN (covers options)..................14 101 6.1.2. Receive (server) SYN-ACK (covers options)...........15 102 6.1.3. Send (client) non-SYN (covers options)..............15 103 6.1.4. Receive (server) non-SYN (covers options)...........16 104 6.2. SHA-1 MAC (omits TCP options)............................17 105 6.2.1. Send (client) SYN (omits options)...................17 106 6.2.2. Receive (server) SYN-ACK (omits options)............17 107 6.2.3. Send (client) non-SYN (omits options)...............18 108 6.2.4. Receive (server) non-SYN (omits options)............18 109 7. IPv6 AES-128 Output Test Vectors..............................19 110 7.1. AES MAC (default - covers TCP options)...................19 111 7.1.1. Send (client) SYN (covers options)..................19 112 7.1.2. Receive (server) SYN-ACK (covers options)...........20 113 7.1.3. Send (client) non-SYN (covers options)..............20 114 7.1.4. Receive (server) non-SYN (covers options)...........21 115 7.2. AES MAC (omits TCP options)..............................21 116 7.2.1. Send (client) SYN (omits options)...................21 117 7.2.2. Receive (server) SYN-ACK (omits options)............22 118 7.2.3. Send (client) non-SYN (omits options)...............22 119 7.2.4. Receive (server) non-SYN (omits options)............23 120 8. Observed Implementation Errors................................23 121 8.1. Algorithm issues.........................................23 122 8.2. Algorithm parameters.....................................24 123 8.3. String handling issues...................................24 124 8.4. Header coverage issues...................................24 125 9. Security Considerations.......................................24 126 10. IANA Considerations..........................................25 127 11. References...................................................25 128 11.1. Normative References....................................25 129 11.2. Informative References..................................25 130 12. Acknowledgments..............................................26 132 1. Introduction 134 This document provides test vectors to validate the correct 135 implementation of the TCP Authentication Option (TCP-AO) [RFC5925]. 136 It includes the specification of all endpoint parameters to generate 137 the variety of TCP segments covered by different keys and MAC 138 coverage, i.e., both the default case and the variant where TCP 139 options are ignored. It also includes both default key derivation 140 functions (KDFs) and MAC generation algorithms [RFC5926]. 142 The experimental extension to support NAT traversal is not included 143 in the provided test vectors [RFC6978]. 145 This document provides test vectors from an implementation. 147 2. Conventions used in this document 149 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 150 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 151 "OPTIONAL" in this document are to be interpreted as described in 152 BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all 153 capitals, as shown here. 155 3. Input Test Vectors 157 3.1. TCP Connection Parameters 159 The following parameters are used throughout this suite of test 160 vectors. The terms 'active' and 'passive' are used as defined for 161 TCP [RFC793]. 163 3.1.1. TCP-AO parameters 165 The following values are used for all exchanges. This suite does not 166 test key switchover. The KeyIDs are as indicated for TCP-AO 167 [RFC5925]. The Master Key is used to derive the traffic keys 168 [RFC5926]. 170 Active (client) side KeyID: 61 (3D) 172 Passive (server) side KeyID: 84 (54) 174 Master_key: "testvector" (length = 10 bytes) 176 3.1.2. Active (client) side parameters 178 The following endpoint parameters are used on the active side of the 179 TCP connection, i.e., the side that initiates the TCP SYN. 181 For IPv4: 10.11.12.13 183 For IPv6: FD00::1 185 TCP port: (varies) 187 3.1.3. Passive (server) side parameters 189 The following endpoint parameters are used for the passive side of 190 the TCP connection, i.e., the side that responds with a TCP SYN-ACK. 192 For IPv4: 172.27.28.29 194 For IPv6: FD00::2 196 TCP port = 179 (BGP) 198 3.1.4. Other IP fields and options 200 No IP options are used in these test vectors. 202 All IPv4 packets use the following other parameters [RFC791]: DSCP = 203 111000 (CS7) as is typical for BGP, ECN = 00, set DF, and clear MF. 205 IPv4 uses a TTL of 255; IPv6 uses a hopcount of 64. 207 All IPv6 use the following other parameters [RFC8200]: (TBD). 209 3.1.5. Other TCP fields and options 211 The SYN and SYN-ACK segments include MSS [RFC793], NOP, WindowScale 212 [RFC7323], SACK Permitted [RFC2018], TimeStamp [RFC7323], and TCP-AO 213 [RFC5925], in that order. 215 All other example segments include NOP, NOP, TimeStamp, and TCP-AO, 216 in that order. 218 All segment URG pointers are zero [RFC793]. All segments with data 219 set the PSH flag [RFC793]. 221 4. IPv4 SHA-1 Output Test Vectors 223 SHA-1 is computed as specified for TCP-AO [RFC5926]. 225 4.1. SHA-1 MAC (default - covers TCP options) 227 4.1.1. Send (client) SYN (covers options) 229 Send_SYN_traffic_key: 231 6d 63 ef 1b 02 fe 15 09 d4 b1 40 27 07 fd 7b 04 232 16 ab b7 4f 234 IPv4/TCP: 236 45 e0 00 4c dd 0f 40 00 ff 06 bf 6b 0a 0b 0c 0d 237 ac 1b 1c 1d e9 d7 00 b3 fb fb ab 5a 00 00 00 00 238 e0 02 ff ff ca c4 00 00 02 04 05 b4 01 03 03 08 239 04 02 08 0a 00 15 5a b7 00 00 00 00 1d 10 3d 54 240 2e e4 37 c6 f8 ed e6 d7 c4 d6 02 e7 242 MAC: 244 2e e4 37 c6 f8 ed e6 d7 c4 d6 02 e7 246 4.1.2. Receive (server) SYN-ACK (covers options) 248 Receive_SYN_traffic_key: 250 d9 e2 17 e4 83 4a 80 ca 2f 3f d8 de 2e 41 b8 e6 251 79 7f ea 96 253 IPv4/TCP: 255 45 e0 00 4c 65 06 40 00 ff 06 37 75 ac 1b 1c 1d 256 0a 0b 0c 0d 00 b3 e9 d7 11 c1 42 61 fb fb ab 5b 257 e0 12 ff ff 37 76 00 00 02 04 05 b4 01 03 03 08 258 04 02 08 0a 84 a5 0b eb 00 15 5a b7 1d 10 54 3d 259 ee ab 0f e2 4c 30 10 81 51 16 b3 be 261 MAC: 263 ee ab 0f e2 4c 30 10 81 51 16 b3 be 265 4.1.3. Send (client) non-SYN (covers options) 267 Send_other_traffic_key: 269 d2 e5 9c 65 ff c7 b1 a3 93 47 65 64 63 b7 0e dc 270 24 a1 3d 71 272 IPv4/TCP: 274 45 e0 00 87 36 a1 40 00 ff 06 65 9f 0a 0b 0c 0d 275 ac 1b 1c 1d e9 d7 00 b3 fb fb ab 5b 11 c1 42 62 276 c0 18 01 04 a1 62 00 00 01 01 08 0a 00 15 5a c1 277 84 a5 0b eb 1d 10 3d 54 70 64 cf 99 8c c6 c3 15 278 c2 c2 e2 bf ff ff ff ff ff ff ff ff ff ff ff ff 279 ff ff ff ff 00 43 01 04 da bf 00 b4 0a 0b 0c 0d 280 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 281 00 02 02 42 00 02 06 41 04 00 00 da bf 02 08 40 282 06 00 64 00 01 01 00 284 MAC: 286 70 64 cf 99 8c c6 c3 15 c2 c2 e2 bf 288 4.1.4. Receive (server) non-SYN (covers options) 290 Receive_other_traffic_key: 292 d9 e2 17 e4 83 4a 80 ca 2f 3f d8 de 2e 41 b8 e6 293 79 7f ea 96 295 IPv4/TCP: 297 45 e0 00 87 1f a9 40 00 ff 06 7c 97 ac 1b 1c 1d 298 0a 0b 0c 0d 00 b3 e9 d7 11 c1 42 62 fb fb ab 9e 299 c0 18 01 00 40 0c 00 00 01 01 08 0a 84 a5 0b f5 300 00 15 5a c1 1d 10 54 3d a6 3f 0e cb bb 2e 63 5c 301 95 4d ea c7 ff ff ff ff ff ff ff ff ff ff ff ff 302 ff ff ff ff 00 43 01 04 da c0 00 b4 ac 1b 1c 1d 303 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 304 00 02 02 42 00 02 06 41 04 00 00 da c0 02 08 40 305 06 00 64 00 01 01 00 307 MAC: 309 a6 3f 0e cb bb 2e 63 5c 95 4d ea c7 311 4.2. SHA-1 MAC (omits TCP options) 313 4.2.1. Send (client) SYN (omits options) 315 Send_SYN_traffic_key: 317 30 ea a1 56 0c f0 be 57 da b5 c0 45 22 9f b1 0a 318 42 3c d7 ea 320 IPv4/TCP: 322 45 e0 00 4c 53 99 40 00 ff 06 48 e2 0a 0b 0c 0d 323 ac 1b 1c 1d ff 12 00 b3 cb 0e fb ee 00 00 00 00 324 e0 02 ff ff 54 1f 00 00 02 04 05 b4 01 03 03 08 325 04 02 08 0a 00 02 4c ce 00 00 00 00 1d 10 3d 54 326 80 af 3c fe b8 53 68 93 7b 8f 9e c2 328 MAC: 330 80 af 3c fe b8 53 68 93 7b 8f 9e c2 332 4.2.2. Receive (server) SYN-ACK (omits options) 334 Receive_SYN_traffic_key: 336 b5 b2 89 6b b3 66 4e 81 76 b0 ed c6 e7 99 52 41a 337 01 a8 30 7f 339 IPv4/TCP: 341 45 e0 00 4c 32 84 40 00 ff 06 69 f7 ac 1b 1c 1d 342 0a 0b 0c 0d 00 b3 ff 12 ac d5 b5 e1 cb 0e fb ef 343 e0 12 ff ff 38 8e 00 00 02 04 05 b4 01 03 03 08 344 04 02 08 0a 57 67 72 f3 00 02 4c ce 1d 10 54 3d 345 09 30 6f 9a ce a6 3a 8c 68 cb 9a 70 347 MAC: 349 09 30 6f 9a ce a6 3a 8c 68 cb 9a 70 351 4.2.3. Send (client) non-SYN (omits options) 353 Send_other_traffic_key: 355 f3 db 17 93 d7 91 0e cd 80 6c 34 f1 55 ea 1f 00 356 34 59 53 e3 358 IPv4/TCP: 360 45 e0 00 87 a8 f5 40 00 ff 06 f3 4a 0a 0b 0c 0d 361 ac 1b 1c 1d ff 12 00 b3 cb 0e fb ef ac d5 b5 e2 362 c0 18 01 04 6c 45 00 00 01 01 08 0a 00 02 4c ce 363 57 67 72 f3 1d 10 3d 54 71 06 08 cc 69 6c 03 a2 364 71 c9 3a a5 ff ff ff ff ff ff ff ff ff ff ff ff 365 ff ff ff ff 00 43 01 04 da bf 00 b4 0a 0b 0c 0d 366 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 367 00 02 02 42 00 02 06 41 04 00 00 da bf 02 08 40 368 06 00 64 00 01 01 00 370 MAC: 372 71 06 08 cc 69 6c 03 a2 71 c9 3a a5 374 4.2.4. Receive (server) non-SYN (omits options) 376 Receive_other_traffic_key: 378 b5 b2 89 6b b3 66 4e 81 76 b0 ed c6 e7 99 52 41 379 01 a8 30 7f 381 IPv4/TCP: 383 45 e0 00 87 54 37 40 00 ff 06 48 09 ac 1b 1c 1d 384 0a 0b 0c 0d 00 b3 ff 12 ac d5 b5 e2 cb 0e fc 32 385 c0 18 01 00 46 b6 00 00 01 01 08 0a 57 67 72 f3 386 00 02 4c ce 1d 10 54 3d 97 76 6e 48 ac 26 2d e9 387 ae 61 b4 f9 ff ff ff ff ff ff ff ff ff ff ff ff 388 ff ff ff ff 00 43 01 04 da c0 00 b4 ac 1b 1c 1d 389 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 390 00 02 02 42 00 02 06 41 04 00 00 da c0 02 08 40 391 06 00 64 00 01 01 00 393 MAC: 395 97 76 6e 48 ac 26 2d e9 ae 61 b4 f9 397 5. IPv4 AES-128 Output Test Vectors 399 AES-128 is computed as required by TCP-AO [RFC5926]. 401 5.1. AES MAC (default - covers TCP options) 403 5.1.1. Send (client) SYN (covers options) 405 Send_SYN_traffic_key: 407 f5 b8 b3 d5 f3 4f db b6 eb 8d 4a b9 66 0e 60 e3 409 IP/TCP: 411 45 e0 00 4c 7b 9f 40 00 ff 06 20 dc 0a 0b 0c 0d 412 ac 1b 1c 1d c4 fa 00 b3 78 7a 1d df 00 00 00 00 413 e0 02 ff ff 5a 0f 00 00 02 04 05 b4 01 03 03 08 414 04 02 08 0a 00 01 7e d0 00 00 00 00 1d 10 3d 54 415 e4 77 e9 9c 80 40 76 54 98 e5 50 91 417 MAC: 419 e4 77 e9 9c 80 40 76 54 98 e5 50 91 421 5.1.2. Receive (server) SYN-ACK (covers options) 423 Receive_SYN_traffic_key: 425 4b c7 57 1a 48 6f 32 64 bb d8 88 47 40 66 b4 b1 427 IPv4/TCP: 429 45 e0 00 4c 4b ad 40 00 ff 06 50 ce ac 1b 1c 1d 430 0a 0b 0c 0d 00 b3 c4 fa fa dd 6d e9 78 7a 1d e0 431 e0 12 ff ff f3 f2 00 00 02 04 05 b4 01 03 03 08 432 04 02 08 0a 93 f4 e9 e8 00 01 7e d0 1d 10 54 3d 433 d6 ad a7 bc 4c dd 53 6d 17 69 db 5f 435 MAC: 437 d6 ad a7 bc 4c dd 53 6d 17 69 db 5f 439 5.1.3. Send (client) non-SYN (covers options) 441 Send_other_traffic_key: 443 8c 8a e0 e8 37 1e c5 cb b9 7e a7 9d 90 41 83 91 445 IPv4/TCP: 447 45 e0 00 87 fb 4f 40 00 ff 06 a0 f0 0a 0b 0c 0d 448 ac 1b 1c 1d c4 fa 00 b3 78 7a 1d e0 fa dd 6d ea 449 c0 18 01 04 95 05 00 00 01 01 08 0a 00 01 7e d0 450 93 f4 e9 e8 1d 10 3d 54 77 41 27 42 fa 4d c4 33 451 ef f0 97 3e ff ff ff ff ff ff ff ff ff ff ff ff 452 ff ff ff ff 00 43 01 04 da bf 00 b4 0a 0b 0c 0d 453 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 454 00 02 02 42 00 02 06 41 04 00 00 da bf 02 08 40 455 06 00 64 00 01 01 00 457 MAC: 459 77 41 27 42 fa 4d c4 33 ef f0 97 3e 461 5.1.4. Receive (server) non-SYN (covers options) 463 Receive_other_traffic_key: 465 4b c7 57 1a 48 6f 32 64 bb d8 88 47 40 66 b4 b1 467 IPv4/TCP: 469 45 e0 00 87 b9 14 40 00 ff 06 e3 2b ac 1b 1c 1d 470 0a 0b 0c 0d 00 b3 c4 fa fa dd 6d ea 78 7a 1e 23 471 c0 18 01 00 e7 db 00 00 01 01 08 0a 93 f4 e9 e8 472 00 01 7e d0 1d 10 54 3d f6 d9 65 a7 83 82 a7 48 473 45 f7 2d ac ff ff ff ff ff ff ff ff ff ff ff ff 474 ff ff ff ff 00 43 01 04 da c0 00 b4 ac 1b 1c 1d 475 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 476 00 02 02 42 00 02 06 41 04 00 00 da c0 02 08 40 477 06 00 64 00 01 01 00 479 MAC: 481 f6 d9 65 a7 83 82 a7 48 45 f7 2d ac 483 5.2. AES MAC (omits TCP options) 485 5.2.1. Send (client) SYN (omits options) 487 Send_SYN_traffic_key: 489 2c db ae 13 92 c4 94 49 fa 92 c4 50 97 35 d5 0e 491 IPv4/TCP: 493 45 e0 00 4c f2 2e 40 00 ff 06 aa 4c 0a 0b 0c 0d 494 ac 1b 1c 1d da 1c 00 b3 38 9b ed 71 00 00 00 00 495 e0 02 ff ff 70 bf 00 00 02 04 05 b4 01 03 03 08 496 04 02 08 0a 00 01 85 e1 00 00 00 00 1d 10 3d 54 497 c4 4e 60 cb 31 f7 c0 b1 de 3d 27 49 499 MAC: 501 c4 4e 60 cb 31 f7 c0 b1 de 3d 27 49 503 5.2.2. Receive (server) SYN-ACK (omits options) 505 Receive_SYN_traffic_key: 507 3c e6 7a 55 18 69 50 6b 63 47 b6 33 c5 0a 62 4a 509 IPv4/TCP: 511 45 e0 00 4c 6c c0 40 00 ff 06 2f bb ac 1b 1c 1d 512 0a 0b 0c 0d 00 b3 da 1c d3 84 4a 6f 38 9b ed 72 513 e0 12 ff ff e4 45 00 00 02 04 05 b4 01 03 03 08 514 04 02 08 0a ce 45 98 38 00 01 85 e1 1d 10 54 3d 515 3a 6a bb 20 7e 49 b1 be 71 36 db 90 517 MAC: 519 3a 6a bb 20 7e 49 b1 be 71 36 db 90 521 5.2.3. Send (client) non-SYN (omits options) 523 Send_other_traffic_key: 525 03 5b c4 00 a3 41 ff e5 95 f5 9f 58 00 50 06 ca 527 IPv4/TCP: 529 45 e0 00 87 ee 91 40 00 ff 06 ad ae 0a 0b 0c 0d 530 ac 1b 1c 1d da 1c 00 b3 38 9b ed 72 d3 84 4a 70 531 c0 18 01 04 88 51 00 00 01 01 08 0a 00 01 85 e1 532 ce 45 98 38 1d 10 3d 54 75 85 e9 e9 d5 c3 ec 85 533 7b 96 f8 37 ff ff ff ff ff ff ff ff ff ff ff ff 534 ff ff ff ff 00 43 01 04 da bf 00 b4 0a 0b 0c 0d 535 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 536 00 02 02 42 00 02 06 41 04 00 00 da bf 02 08 40 537 06 00 64 00 01 01 00 539 MAC: 541 75 85 e9 e9 d5 c3 ec 85 7b 96 f8 37 543 5.2.4. Receive (server) non-SYN (omits options) 545 Receive_other_traffic_key: 547 3c e6 7a 55 18 69 50 6b 63 47 b6 33 c5 0a 62 4a 549 IPv4/TCP: 551 45 e0 00 87 6a 21 40 00 ff 06 32 1f ac 1b 1c 1d 552 0a 0b 0c 0d 00 b3 da 1c d3 84 4a 70 38 9b ed 72 553 c0 18 01 00 04 49 00 00 01 01 08 0a ce 45 98 38 554 00 01 85 e1 1d 10 54 3d 5c 04 0f d9 23 33 04 76 555 5c 09 82 f4 ff ff ff ff ff ff ff ff ff ff ff ff 556 ff ff ff ff 00 43 01 04 da c0 00 b4 ac 1b 1c 1d 557 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 558 00 02 02 42 00 02 06 41 04 00 00 da c0 02 08 40 559 06 00 64 00 01 01 00 561 MAC: 563 5c 04 0f d9 23 33 04 76 5c 09 82 f4 565 6. IPv6 SHA-1 Output Test Vectors 567 SHA-1 is computed as specified for TCP-AO [RFC5926]. 569 6.1. SHA-1 MAC (default - covers TCP options) 571 6.1.1. Send (client) SYN (covers options) 573 Send_SYN_traffic_key: 575 62 5e c0 9d 57 58 36 ed c9 b6 42 84 18 bb f0 69 576 89 a3 61 bb 578 IPv6/TCP: 580 6e 08 91 dc 00 38 06 40 fd 00 00 00 00 00 00 00 581 00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00 582 00 00 00 00 00 00 00 02 f7 e4 00 b3 17 6a 83 3f 583 00 00 00 00 e0 02 ff ff 47 21 00 00 02 04 05 a0 584 01 03 03 08 04 02 08 0a 00 41 d0 87 00 00 00 00 585 1d 10 3d 54 90 33 ec 3d 73 34 b6 4c 5e dd 03 9f 587 MAC: 589 90 33 ec 3d 73 34 b6 4c 5e dd 03 9f 591 6.1.2. Receive (server) SYN-ACK (covers options) 593 Receive_SYN_traffic_key: 595 e4 a3 7a da 2a 0a fc a8 71 14 34 91 3f e1 38 c7 596 71 eb cb 4a 598 IPv6/TCP: 600 6e 01 00 9e 00 38 06 40 fd 00 00 00 00 00 00 00 601 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 602 00 00 00 00 00 00 00 01 00 b3 f7 e4 3f 51 99 4b 603 17 6a 83 40 e0 12 ff ff bf ec 00 00 02 04 05 a0 604 01 03 03 08 04 02 08 0a bd 33 12 9b 00 41 d0 87 605 1d 10 54 3d f1 cb a3 46 c3 52 61 63 f7 1f 1f 55 607 MAC: 609 f1 cb a3 46 c3 52 61 63 f7 1f 1f 55 611 6.1.3. Send (client) non-SYN (covers options) 613 Send_other_traffic_key: 615 1e d8 29 75 f4 ea 44 4c 61 58 0c 5b d9 0d bd 61 616 bb c9 1b 7e 618 IPv6/TCP: 620 6e 08 91 dc 00 73 06 40 fd 00 00 00 00 00 00 00 621 00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00 622 00 00 00 00 00 00 00 02 f7 e4 00 b3 17 6a 83 40 623 3f 51 99 4c c0 18 01 00 32 9c 00 00 01 01 08 0a 624 00 41 d0 91 bd 33 12 9b 1d 10 3d 54 bf 08 05 fe 625 b4 ac 7b 16 3d 6f cd f2 ff ff ff ff ff ff ff ff 626 ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4 627 01 01 01 79 26 02 06 01 04 00 01 00 01 02 02 80 628 00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd 629 e8 02 08 40 06 00 64 00 01 01 00 631 MAC: 633 bf 08 05 fe b4 ac 7b 16 3d 6f cd f2 635 6.1.4. Receive (server) non-SYN (covers options) 637 Receive_other_traffic_key: 639 e4 a3 7a da 2a 0a fc a8 71 14 34 91 3f e1 38 c7 640 71 eb cb 4a 642 IPv6/TCP: 644 6e 01 00 9e 00 73 06 40 fd 00 00 00 00 00 00 00 645 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 646 00 00 00 00 00 00 00 01 00 b3 f7 e4 3f 51 99 4c 647 17 6a 83 83 c0 18 01 00 ee 6e 00 00 01 01 08 0a 648 bd 33 12 a5 00 41 d0 91 1d 10 54 3d 6c 48 12 5c 649 11 33 5b ab 9a 07 a7 97 ff ff ff ff ff ff ff ff 650 ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4 651 01 01 01 7a 26 02 06 01 04 00 01 00 01 02 02 80 652 00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd 653 e8 02 08 40 06 00 64 00 01 01 00 655 MAC: 657 6c 48 12 5c 11 33 5b ab 9a 07 a7 97 659 6.2. SHA-1 MAC (omits TCP options) 661 6.2.1. Send (client) SYN (omits options) 663 Send_SYN_traffic_key: 665 31 a3 fa f6 9e ff ae 52 93 1b 7f 84 54 67 31 5c 666 27 0a 4e dc 668 IPv6/TCP: 670 6e 07 8f cd 00 38 06 40 fd 00 00 00 00 00 00 00 671 00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00 672 00 00 00 00 00 00 00 02 c6 cd 00 b3 02 0c 1e 69 673 00 00 00 00 e0 02 ff ff a4 1a 00 00 02 04 05 a0 674 01 03 03 08 04 02 08 0a 00 9d b9 5b 00 00 00 00 675 1d 10 3d 54 88 56 98 b0 53 0e d4 d5 a1 5f 83 46 677 MAC: 679 88 56 98 b0 53 0e d4 d5 a1 5f 83 46 681 6.2.2. Receive (server) SYN-ACK (omits options) 683 Receive_SYN_traffic_key: 685 40 51 08 94 7f 99 65 75 e7 bd bc 26 d4 02 16 a2 686 c7 fa 91 bd 688 IPv6/TCP: 690 6e 0a 7e 1f 00 38 06 40 fd 00 00 00 00 00 00 00 691 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 692 00 00 00 00 00 00 00 01 00 b3 c6 cd eb a3 73 4d 693 02 0c 1e 6a e0 12 ff ff 77 4d 00 00 02 04 05 a0 694 01 03 03 08 04 02 08 0a 5e c9 9b 70 00 9d b9 5b 695 1d 10 54 3d 3c 54 6b ad 97 43 f1 2d f8 b8 01 0d 697 MAC: 699 3c 54 6b ad 97 43 f1 2d f8 b8 01 0d 701 6.2.3. Send (client) non-SYN (omits options) 703 Send_other_traffic_key: 705 b3 4e ed 6a 93 96 a6 69 f1 c4 f4 f5 76 18 f3 65 706 6f 52 c7 ab 708 IPv6/TCP: 710 6e 07 8f cd 00 73 06 40 fd 00 00 00 00 00 00 00 711 00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00 712 00 00 00 00 00 00 00 02 c6 cd 00 b3 02 0c 1e 6a 713 eb a3 73 4e c0 18 01 00 83 e6 00 00 01 01 08 0a 714 00 9d b9 65 5e c9 9b 70 1d 10 3d 54 48 bd 09 3b 715 19 24 e0 01 19 2f 5b f0 ff ff ff ff ff ff ff ff 716 ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4 717 01 01 01 79 26 02 06 01 04 00 01 00 01 02 02 80 718 00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd 719 e8 02 08 40 06 00 64 00 01 01 00 721 MAC: 723 48 bd 09 3b 19 24 e0 01 19 2f 5b f0 725 6.2.4. Receive (server) non-SYN (omits options) 727 Receive_other_traffic_key: 729 40 51 08 94 7f 99 65 75 e7 bd bc 26 d4 02 16 a2 730 c7 fa 91 bd 732 IPv6/TCP: 734 6e 0a 7e 1f 00 73 06 40 fd 00 00 00 00 00 00 00 735 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 736 00 00 00 00 00 00 00 01 00 b3 c6 cd eb a3 73 4e 737 02 0c 1e ad c0 18 01 00 71 6a 00 00 01 01 08 0a 738 5e c9 9b 7a 00 9d b9 65 1d 10 54 3d 55 9a 81 94 739 45 b4 fd e9 8d 9e 13 17 ff ff ff ff ff ff ff ff 740 ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4 741 01 01 01 7a 26 02 06 01 04 00 01 00 01 02 02 80 742 00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd 743 e8 02 08 40 06 00 64 00 01 01 00 745 MAC: 747 55 9a 81 94 45 b4 fd e9 8d 9e 13 17 749 7. IPv6 AES-128 Output Test Vectors 751 AES-128 is computed as required by TCP-AO [RFC5926]. 753 7.1. AES MAC (default - covers TCP options) 755 7.1.1. Send (client) SYN (covers options) 757 Send_SYN_traffic_key: 759 fa 5a 21 08 88 2d 39 d0 c7 19 29 17 5a b1 b7 b8 761 IP/TCP: 763 6e 04 a7 06 00 38 06 40 fd 00 00 00 00 00 00 00 764 00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00 765 00 00 00 00 00 00 00 02 f8 5a 00 b3 19 3c cc ec 766 00 00 00 00 e0 02 ff ff de 5d 00 00 02 04 05 a0 767 01 03 03 08 04 02 08 0a 13 e4 ab 99 00 00 00 00 768 1d 10 3d 54 59 b5 88 10 74 81 ac 6d c3 92 70 40 770 MAC: 772 59 b5 88 10 74 81 ac 6d c3 92 70 40 774 7.1.2. Receive (server) SYN-ACK (covers options) 776 Receive_SYN_traffic_key: 778 cf 1b 1e 22 5e 06 a6 36 16 76 4a 06 7b 46 f4 b1 780 IPv6/TCP: 782 6e 06 15 20 00 38 06 40 fd 00 00 00 00 00 00 00 783 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 784 00 00 00 00 00 00 00 01 00 b3 f8 5a a6 74 4e cb 785 19 3c cc ed e0 12 ff ff ea bb 00 00 02 04 05 a0 786 01 03 03 08 04 02 08 0a 71 da ab c8 13 e4 ab 99 787 1d 10 54 3d dc 28 43 a8 4e 78 a6 bc fd c5 ed 80 789 MAC: 791 dc 28 43 a8 4e 78 a6 bc fd c5 ed 80 793 7.1.3. Send (client) non-SYN (covers options) 795 Send_other_traffic_key: 797 61 74 c3 55 7a be d2 75 74 db a3 71 85 f0 03 00 799 IPv6/TCP: 801 6e 04 a7 06 00 73 06 40 fd 00 00 00 00 00 00 00 802 00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00 803 00 00 00 00 00 00 00 02 f8 5a 00 b3 19 3c cc ed 804 a6 74 4e cc c0 18 01 00 32 80 00 00 01 01 08 0a 805 13 e4 ab a3 71 da ab c8 1d 10 3d 54 7b 6a 45 5c 806 0d 4f 5f 01 83 5b aa b3 ff ff ff ff ff ff ff ff 807 ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4 808 01 01 01 79 26 02 06 01 04 00 01 00 01 02 02 80 809 00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd 810 e8 02 08 40 06 00 64 00 01 01 00 812 MAC: 814 7b 6a 45 5c 0d 4f 5f 01 83 5b aa b3 816 7.1.4. Receive (server) non-SYN (covers options) 818 Receive_other_traffic_key: 820 cf 1b 1e 22 5e 06 a6 36 16 76 4a 06 7b 46 f4 b1 822 IPv6/TCP: 824 6e 06 15 20 00 73 06 40 fd 00 00 00 00 00 00 00 825 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 826 00 00 00 00 00 00 00 01 00 b3 f8 5a a6 74 4e cc 827 19 3c cd 30 c0 18 01 00 52 f4 00 00 01 01 08 0a 828 71 da ab d3 13 e4 ab a3 1d 10 54 3d c1 06 9b 7d 829 fd 3d 69 3a 6d f3 f2 89 ff ff ff ff ff ff ff ff 830 ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4 831 01 01 01 7a 26 02 06 01 04 00 01 00 01 02 02 80 832 00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd 833 e8 02 08 40 06 00 64 00 01 01 00 835 MAC: 837 c1 06 9b 7d fd 3d 69 3a 6d f3 f2 89 839 7.2. AES MAC (omits TCP options) 841 7.2.1. Send (client) SYN (omits options) 843 Send_SYN_traffic_key: 845 a9 4f 51 12 63 e4 09 3d 35 dd 81 8c 13 bb bf 53 847 IPv6/TCP: 849 6e 09 3d 76 00 38 06 40 fd 00 00 00 00 00 00 00 850 00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00 851 00 00 00 00 00 00 00 02 f2 88 00 b3 b0 1d a7 4a 852 00 00 00 00 e0 02 ff ff 75 ff 00 00 02 04 05 a0 853 01 03 03 08 04 02 08 0a 14 27 5b 3b 00 00 00 00 854 1d 10 3d 54 3d 45 b4 34 2d e8 bb 15 30 84 78 98 856 MAC: 858 3d 45 b4 34 2d e8 bb 15 30 84 78 98 860 7.2.2. Receive (server) SYN-ACK (omits options) 862 Receive_SYN_traffic_key: 864 92 de a5 bb c7 8b 1d 9f 5b 29 52 e9 cd 30 64 2a 866 IPv6/TCP: 868 6e 0c 60 0a 00 38 06 40 fd 00 00 00 00 00 00 00 869 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 870 00 00 00 00 00 00 00 01 00 b3 f2 88 a6 24 61 45 871 b0 1d a7 4b e0 12 ff ff a7 0c 00 00 02 04 05 a0 872 01 03 03 08 04 02 08 0a 17 82 24 5b 14 27 5b 3b 873 1d 10 54 3d 1d 01 f6 c8 7c 6f 93 ac ff a9 d4 b5 875 MAC: 877 1d 01 f6 c8 7c 6f 93 ac ff a9 d4 b5 879 7.2.3. Send (client) non-SYN (omits options) 881 Send_other_traffic_key: 883 4f b2 08 6e 40 2c 67 90 79 ed 65 d4 bf 97 69 3d 885 IPv6/TCP: 887 6e 09 3d 76 00 73 06 40 fd 00 00 00 00 00 00 00 888 00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00 889 00 00 00 00 00 00 00 02 f2 88 00 b3 b0 1d a7 4b 890 a6 24 61 46 c0 18 01 00 c3 6d 00 00 01 01 08 0a 891 14 27 5b 4f 17 82 24 5b 1d 10 3d 54 29 0c f4 14 892 cc b4 7a 33 32 76 e7 f8 ff ff ff ff ff ff ff ff 893 ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4 894 01 01 01 79 26 02 06 01 04 00 01 00 01 02 02 80 895 00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd 896 e8 02 08 40 06 00 64 00 01 01 00 898 MAC: 900 29 0c f4 14 cc b4 7a 33 32 76 e7 f8 902 7.2.4. Receive (server) non-SYN (omits options) 904 Receive_other_traffic_key: 906 92 de a5 bb c7 8b 1d 9f 5b 29 52 e9 cd 30 64 2a 908 IPv6/TCP: 910 6e 0c 60 0a 00 73 06 40 fd 00 00 00 00 00 00 00 911 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 912 00 00 00 00 00 00 00 01 00 b3 f2 88 a6 24 61 46 913 b0 1d a7 8e c0 18 01 00 34 51 00 00 01 01 08 0a 914 17 82 24 65 14 27 5b 4f 1d 10 54 3d 99 51 5f fc 915 d5 40 34 99 f6 19 fd 1b ff ff ff ff ff ff ff ff 916 ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4 917 01 01 01 7a 26 02 06 01 04 00 01 00 01 02 02 80 918 00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd 919 e8 02 08 40 06 00 64 00 01 01 00 921 MAC: 923 99 51 5f fc d5 40 34 99 f6 19 fd 1b 925 8. Observed Implementation Errors 927 The following is a partial list of implementation errors that this 928 set of test vectors is intended to validate. 930 8.1. Algorithm issues 932 o Underlying implementation of HMAC SHA1 or AES128 CMAC does not 933 pass their corresponding test vectors [RFC2202] [RFC4493] 935 o SNE algorithm does not consider corner cases (the pseudocode in 936 [RFC5925] was not intended as complete, as discussed in [To20]) 938 8.2. Algorithm parameters 940 o KDF context length is incorrect, e.g. it does not include TCP 941 header length + payload length (it should, per 5.2 of TCP-AO 942 [RFC5925]) 944 o KDF calculation does not start from counter i = 1 (it should, per 945 Sec. 3.1.1 of the TCP-AO crypto algorithms [RFC5926]) 947 o KDF calculation does not include output length in bits, contained 948 in two bytes in network byte order (it should, per Sec. 3.1.1 of 949 the TCP-AO crypto algorithms [RFC5926]) 951 o KDF uses keys generated from current TCP segment sequence numbers 952 (KDF should use only local and remote ISNs or zero, as indicated 953 in Sec. 5.2 of TCP-AO [RFC5925]) 955 8.3. String handling issues 957 The strings indicated in TCP-AO and its algorithms are indicated as 958 a sequence of bytes of known length. In some implementations, string 959 lengths are indicated by a terminal value (e.g., zero in C). This 960 terminal value is not included as part of the string for 961 calculations. 963 o Password includes the last zero-byte (it should not) 965 o Label "TCP-AO" includes the last zero byte (it should not) 967 8.4. Header coverage issues 969 o TCP checksum and/or MAC is not zeroed properly before calculation 970 (both should be) 972 o TCP header is not included to the MAC calculation (it should be) 974 o TCP options are not included to the MAC calculation by default 975 (there is a separate parameter in the master key tuple to ignore 976 options; this document provides test vectors for both options- 977 included and options-excluded cases) 979 9. Security Considerations 981 This document is intended to assist in the validation of 982 implementations of TCP-AO, to further enable its more widespread use 983 as a security mechanism to authenticate not only TCP payload 984 contents but the TCP headers and protocol. 986 The master_key of "testvector" used here for test vector generation 987 SHOULD NOT be used operationally. 989 10. IANA Considerations 991 This document contains no IANA issues. This section should be 992 removed upon publication as an RFC. 994 11. References 996 11.1. Normative References 998 [RFC791] Postel, J., "Internet Protocol," RFC 791, Sept. 1981. 1000 [RFC793] Postel, J., "Transmission Control Protocol," RFC 793, 1001 September 1981. 1003 [RFC2018] Mathis, M., J. Mahdavi, S. Floyd, A. Romanow, "TCP 1004 Selective Acknowledgment Options," RFC 2018, Oct. 1996. 1006 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1007 Requirement Levels," BCP 14, RFC 2119, March 1997. 1009 [RFC5925] Touch, J., A. Mankin, R. Bonica, "The TCP Authentication 1010 Option," RFC 5925, June 2010. 1012 [RFC5926] Lebovitz, G., and E. Rescorla, "Cryptographic Algorithms 1013 for the TCP Authentication Option (TCP-AO)," RFC 5925, 1014 June 2010. 1016 [RFC6978] Touch, J., "A TCP Authentication Option Extension for NAT 1017 Traversal," RFC 6978, July 2013. 1019 [RFC7323] Borman, D., B. Braden, V. Jacobson, R. Scheffenegger, Ed., 1020 "TCP Extensions for High Performance," RFC 7323, Sept. 1021 2014. 1023 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1024 2119 Key Words," RFC 2119, May 2017. 1026 [RFC8200] Deering, S., R. Hinden, "Internet Protocol Version 6 1027 (IPv6) Specification," RFC 8200, Jul. 2017. 1029 11.2. Informative References 1031 [RFC2202] Cheng, P., and R. Glenn, "Test Cases for HMAC-MD5 and 1032 HMAC-SHA-1," RFC 2202, Sept. 1997. 1034 [RFC4493] Song, JH, R. Poovendran, J. Lee, T. Iwata, "The AES-CMAC 1035 Algorithm," RFC 4493, June 2006. 1037 [To20] Touch, J., "Sequence Number Extension for Windowed 1038 Protocols," draft-tsvwg-touch-sne, Jun. 2020. 1040 12. Acknowledgments 1042 (TBD) 1044 This document was prepared using 2-Word-v2.0.template.dot. 1046 Authors' Addresses 1048 Joe Touch 1049 Manhattan Beach, CA 90266 USA 1050 Phone: +1 (310) 560-0334 1051 Email: touch@strayalpha.com 1053 Juhamatti Kuusisaari 1054 Infinera Corporation 1055 Sinimaentie 6c 1056 FI-02630 Espoo, Finland 1057 Email: jkuusisaari@infinera.com