IEEE C802.16m-09/2954r1 Project Title

advertisement
IEEE C802.16m-09/2954r1
Project
IEEE 802.16 Broadband Wireless Access Working Group <http://ieee802.org/16>
Title
Proposal on 16m encryption test vectors (Annex Q)
Date
Submitted
2010-01-07
Source(s)
Avishay Shraga
Xiangying Yang
Liran Harlev
Elad Levy
Intel
Re:
Call for LB #30b on “ P802.16m/D3”:
Target topic: Annex associated with Security “16.2.5”
Abstract
This contribution proposes an Annex with test vectors for the 16m encryption
algorithms.
Purpose
Adopt proposed text.
Notice
This document does not represent the agreed views of the IEEE 802.16 Working Group or any of its
subgroups. It represents only the views of the participants listed in the “Source(s)” field above. It is
offered as a basis for discussion. It is not binding on the contributor(s), who reserve(s) the right to add,
amend or withdraw material contained herein.
Release
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this
contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to
copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this
contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the
resulting IEEE Standards publication. The contributor also acknowledges and accepts that this
contribution may be made public by IEEE 802.16.
Patent
Policy
The contributor is familiar with the IEEE-SA Patent Policy and Procedures:
<http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and
<http://standards.ieee.org/guides/opman/sect6.html#6.3>.
Further information is located at <http://standards.ieee.org/board/pat/pat-material.html> and
<http://standards.ieee.org/board/pat>.
E-mail: avishay.shraga@intel.com
Phone : +972-54-5551063
Proposal on 16m encryption test vectors (Annex Q)
Avishay Shraga, Xiangying Yang, Liran Harlev, Elad Levy
Intel
Introduction
PKMv3 introduce a new way to build the inputs for the AES-CCM and AES-CTR algorithms.
In order to increase the vendors confidence on the encryption mechanism implementation (usually
1
IEEE C802.16m-09/2954r1
HW) – it is good to include some test vectors for the different methods
References
Proposed Text
Add informative ANNEX Q with test vectors
-------------------------------------- Start of first Proposed Text ------------------------------------------------
Annex Q
(informative)
Test vectors
Q.1 Cryptographic method test vectors
Q.1.1 AES-CCM:
Q.1.1.1 Short payload and short ICV
- Plaintext PDU
 Advanced Generic MAC header = D0 06
 Payload = 9c 05 3f 24
 STID=0x234, FID=0xD
- Ciphertext PDU where TEK = 0xD50E18A844AC5BF38E4CD72D9B0942E5, EKS=0x1
(2bits), PN=0x17F6BC (22 bits) and ICV length is 4B:
 Advanced Generic MAC header = D0 0D
 Initial CCM block B0 (128bits):
19 D0 0D 23
4D 00 00 00
00 00 00 57
F6 BC 00 04
 Encrypted payload of EKS+PN (3B), encrypted payload (4B), encrypted ICV (4B):
57 F6 BC
10 71 D1 B0
3C DF A2 28
After decryption
 Plaintext ICV= 99 C7 97 F7
Q.1.1.2 Long payload and long ICV
- Plaintext PDU
 Advanced Generic MAC header = A0 CA
 Payload (200B):
-
00
10
20
30
40
50
60
70
01
11
21
31
41
51
61
71
02
12
22
32
42
52
62
72
03
13
23
33
43
53
63
73
04
14
24
34
44
54
64
74
05
15
25
35
45
55
65
75
06
16
26
36
46
56
66
76
07
17
27
37
47
57
67
77
08
18
28
38
48
58
68
78
2
09
19
29
39
49
59
69
79
0A
1A
2A
3A
4A
5A
6A
7A
0B
1B
2B
3B
4B
5B
6B
7B
0C
1C
2C
3C
4C
5C
6C
7C
0D
1D
2D
3D
4D
5D
6D
7D
0E
1E
2E
3E
4E
5E
6E
7E
0F
1F
2F
3F
4F
5F
6F
7F
IEEE C802.16m-09/2954r1
80
90
A0
B0
C0
-
81
91
A1
B1
C1
82 83
92 93
A2 A3
B2 B3
C2 C3
STID=0x234,
84
94
A4
B4
C4
85 86
95 96
A5 A6
B5 B6
C5 C6
FID=0xA
87
97
A7
B7
C7
19 A0 D5 23
4A 00 00 00
88
98
A8
B8
89
99
A9
B9
8A
9A
AA
BA
8B
9B
AB
BB
8C
9C
AC
BC
8D
9D
AD
BD
8E
9E
AE
BE
8F
9F
AF
BF

Ciphertext PDU where TEK = 0xB74EB0E4F81AD63D121B7E9AECCD268F, EKS=0x3
(2bits), PN=0x3B5F11 (22 bits) and ICV length is 8B:
 Advanced Generic MAC header = A0 D5
 IV (128bits):
00 00 00 FB
5F 11 00 C8
 Encrypted payload of EKS+PN (3B), encrypted payload (200B), encrypted ICV
(8B):
FB
EA
B8
8C
4E
13
C0
63
2C
02
F2
7C
5A
EE
2F
-
5F
53
D2
76
A9
A8
74
63
AB
50
E5
7B
10
74
6B
11
E1
67
AC
0A
BA
F3
1A
C2
32
80
DC
7C
67
08
74
35
C1
F4
16
C1
F3
C9
81
83
AC
FA
A7
CF
89
4F
0C
B9
3B
CC
D9
8C
14
B2
E9
39
13
49
B2
F6
B5
AC
9F
BF
39
BC
B2
08
D1
D6
DC
2A
0B
95
A6
B5
88
D0
F2
87
32
24
1B
51
03
E1
F3
D1
BB
AF
42
84
8F
41
8C
4E
6B
17
EF
04
F0
8B
6C
28
56
C2
6D
78
28
7A
8B
67
After decryption
 Plaintext ICV= C2 C4 36 8F
9B
60
54
21
3E
7F
F5
B7
C7
C4
EF
16
0C
79
1B
20
B4
D1
64
85
11
18
E3
46
1B
F6
61
95
0B
AC
31
27
72
63
54
3B
84
67
FB
41
8C
48
06
C4
75
3F
16
26
9A
DB
13
02
4C
44
4B
DD
CE
CB
AE
EE
A7
FF
45
7B
EA
E6
AA
33
FF
38
3D
EF
78
3D
DA
4B
68
7D
DE
D0
57
85
26
85
24 01 2F 1F
Q.1.2 AES-CTR:
Q.1.2.1 Short payload
- Plaintext PDU
 Advanced Generic MAC header = 20 06
 Payload = 9c 05 3f 24
 STID=0x234, FID=0xD
- Ciphertext PDU where TEK = 0xD50E18A844AC5BF38E4CD72D9B0942E5, EKS=0x1
(2bits) and PN=0x17F6BC (22 bits):
 Advanced Generic MAC header = D0 09
 Encrypted payload of EKS+PN (3B), encrypted payload (4B):
57 F6 BC 86 FB 65 B7
Q.1.2.2 Long payload
- Plaintext PDU
 Advanced Generic MAC header = A0 CA
 Payload (200B):
00 01 02 03
04 05 06 07
08 09 0A 0B
3
0C 0D 0E 0F
IEEE C802.16m-09/2954r1
10
20
30
40
50
60
70
80
90
A0
B0
C0
-
11
21
31
41
51
61
71
81
91
A1
B1
C1
12
22
32
42
52
62
72
82
92
A2
B2
C2
13
23
33
43
53
63
73
83
93
A3
B3
C3
14
24
34
44
54
64
74
84
94
A4
B4
C4
15
25
35
45
55
65
75
85
95
A5
B5
C5
16
26
36
46
56
66
76
86
96
A6
B6
C6
17
27
37
47
57
67
77
87
97
A7
B7
C7
18
28
38
48
58
68
78
88
98
A8
B8
19
29
39
49
59
69
79
89
99
A9
B9
1A
2A
3A
4A
5A
6A
7A
8A
9A
AA
BA
1B
2B
3B
4B
5B
6B
7B
8B
9B
AB
BB
1C
2C
3C
4C
5C
6C
7C
8C
9C
AC
BC
1D
2D
3D
4D
5D
6D
7D
8D
9D
AD
BD
1E
2E
3E
4E
5E
6E
7E
8E
9E
AE
BE
1F
2F
3F
4F
5F
6F
7F
8F
9F
AF
BF
 STID=0x234, FID=0xA
Ciphertext PDU where TEK = 0xB74EB0E4F81AD63D121B7E9AECCD268F, EKS=0x3
(2bits) and PN=0x3B5F11 (22 bits):
 Advanced Generic MAC header = A0 CD
 Encrypted payload of EKS+PN (3B), encrypted payload (200B):
FB
EC
CD
83
BF
DA
F9
51
6C
E5
91
2E
43
A6
5F
86
0E
99
52
21
DA
43
7C
01
DA
0D
F6
BF
11
6C
AC
58
34
2B
AD
D4
A0
86
F2
D2
7A
AB
FF
0F
DF
9C
87
86
C8
9F
12
98
58
31
C6
73
0B
B8
85
04
5B
D5
FB
22
C5
55
E2
77
C8
A6
BB
25
D6
20
CF
48
BD
A2
0F
6F
2E
CF
EE
89
92
70
5F
0B
14
1C
49
DB
1B
6E
A6
50
74
27
6C
8D
FA
EB
8A
EC
7F
EB
27
25
6C
10
79
CC
20
92
08
B5
FC
97
51
A6
CC
37
85
FD
37
8D
03
E3
92
A6
12
2D
13
3A
D3
2E
BA
49
DA
4E
39
3B
D4
E5
81
C3
5C
B6
36
0F
9E
17
ED
3B
1C
8E
67
37
62
AD
13
91
13
A5
6B
67
07
68
6C
0B
F1
27
CD
2B
A0
00
4C
E3
F6
0E
85
7D
A9
64
E8
70
1C
FC
F4
BF
48
35
6E
C6
67
CD
E0
9A
A3
C7
6A
29
B0
Q.1.3 AES-CMAC:
This section is assuming the CAMC calculation is performed according to the formula indicated in the
approved contribution C80216m-09_2022r3.
2 flavors of test vectors are included- one with CMAC calculation that includes 16bit padding (as
stated in the contribution above) and one with the suggested remedy of 24bit padding.
Q.1.3.1 Short message (assuming 24 bit padding):
- Plaintext PDU
 Payload = 9c 05 3f 24
 STID=0x234, FID=0xD
- Signature where CMAC_KEY= 0xD50E18A844AC5BF38E4CD72D9B0942E5,
PMKID=0xA67B1FE254CD290A (64bits) and CMAC_PN=0x57F6BC (24 bits):
 Message header (PMK ID | CMAC_PN |STID|FID|24-bit zero padding |
MAC_Management_Message)=
A6 7B 1F E2
54 CD 29 0A
57 F6 BC 23
 CMAC value (8B)= 78 1C 63 71
Q.1.3.2 Long message (assuming 24 bit padding):
- Plaintext PDU
4
4D 00 00 00
6F 48 6A 6F
IEEE C802.16m-09/2954r1
 Payload (100B):
00
10
20
30
40
50
60
-
01
11
21
31
41
51
61
02
12
22
32
42
52
62
03
13
23
33
43
53
63
04
14
24
34
44
54
05
15
25
35
45
55
06
16
26
36
46
56
07
17
27
37
47
57
08
18
28
38
48
58
09
19
29
39
49
59
0A
1A
2A
3A
4A
5A
0B
1B
2B
3B
4B
5B
0C
1C
2C
3C
4C
5C
0D
1D
2D
3D
4D
5D
0E
1E
2E
3E
4E
5E
0F
1F
2F
3F
4F
5F
 STID=0xABC, FID=0xA
Signature where CMAC_KEY= 0xB74EB0E4F81AD63D121B7E9AECCD268F,
PMKID=0xD5F725AE30F45B3C (64bits) and CMAC_PN=0x3B5F11 (24 bits):
 Message header (PMK ID | CMAC_PN |STID|FID|24-bit zero padding |
MAC_Management_Message)=
D5 F7 25 AE
30 F4 5B 3C
3B 5F 11 AB
CA 00 00 00
 CMAC value (8B)= DA 0A 50 5D 04 2A 08 38
Q.1.3.1 Short message (assuming 16 bit padding):
- Plaintext PDU
 Payload = 9c 05 3f 24
 STID=0x234, FID=0xD
- Signature where CMAC_KEY= 0xD50E18A844AC5BF38E4CD72D9B0942E5,
PMKID=0xA67B1FE254CD290A (64bits) and CMAC_PN=0x57F6BC (24 bits):
 Message header (PMK ID | CMAC_PN |STID|FID|16-bit zero padding |
MAC_Management_Message)=
A6 7B 1F E2
54 CD 29 0A
57 F6 BC 23
 CMAC value (8B)= 69 6F 20 E8
Q.1.3.2 Long message (assuming 16 bit padding):
- Plaintext PDU
 Payload (100B):
00
10
20
30
40
50
60
-
01
11
21
31
41
51
61
02
12
22
32
42
52
62
03
13
23
33
43
53
63
04
14
24
34
44
54
05
15
25
35
45
55
06
16
26
36
46
56
07
17
27
37
47
57
08
18
28
38
48
58
4D 00 00
88 D9 E6 68
09
19
29
39
49
59
0A
1A
2A
3A
4A
5A
0B
1B
2B
3B
4B
5B
0C
1C
2C
3C
4C
5C
0D
1D
2D
3D
4D
5D
0E
1E
2E
3E
4E
5E
0F
1F
2F
3F
4F
5F
 STID=0xABC, FID=0xA
Signature where CMAC_KEY= 0xB74EB0E4F81AD63D121B7E9AECCD268F,
PMKID=0xD5F725AE30F45B3C (64bits) and CMAC_PN=0x3B5F11 (24 bits):
 Message header (PMK ID | CMAC_PN |STID|FID|16-bit zero padding |
MAC_Management_Message)=
D5 F7 25 AE
30 F4 5B 3C
3B 5F 11 AB
 CMAC value (8B)= DD F1 2E 6A
5
CA 00 00
F6 34 F1 2A
Download