CCSDS CRYPTOGRAPHIC ALGORITHMS TEST REPORT DRAFT CCSDS RECORD CCSDS 352.1-Y-1 Draft Yellow Book November 2011 DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN FOREWORD [Foreword text specific to this document goes here. The text below is boilerplate.] Through the process of normal evolution, it is expected that expansion, deletion, or modification of this document may occur. This document is therefore subject to CCSDS document management and change control procedures, which are defined in the Procedures Manual for the Consultative Committee for Space Data Systems. Current versions of CCSDS documents are maintained at the CCSDS Web site: http://www.ccsds.org/ Questions relating to the contents or status of this document should be addressed to the CCSDS Secretariat at the address indicated on page i. CCSDS 000.0-Y-0 Page i May 2011 DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN At time of publication, the active Member and Observer Agencies of the CCSDS were: Member Agencies – – – – – – – – – – – Agenzia Spaziale Italiana (ASI)/Italy. British National Space Centre (BNSC)/United Kingdom. Canadian Space Agency (CSA)/Canada. Centre National d’Etudes Spatiales (CNES)/France. China National Space Administration (CNSA)/People’s Republic of China. Deutsches Zentrum für Luft- und Raumfahrt e.V. (DLR)/Germany. European Space Agency (ESA)/Europe. Federal Space Agency (FSA)/Russian Federation. Instituto Nacional de Pesquisas Espaciais (INPE)/Brazil. Japan Aerospace Exploration Agency (JAXA)/Japan. National Aeronautics and Space Administration (NASA)/USA. Observer Agencies – – – – – – – – – – – – – – – – – – – – – – – – Austrian Space Agency (ASA)/Austria. Belgian Federal Science Policy Office (BFSPO)/Belgium. Central Research Institute of Machine Building (TsNIIMash)/Russian Federation. Centro Tecnico Aeroespacial (CTA)/Brazil. Chinese Academy of Sciences (CAS)/China. Chinese Academy of Space Technology (CAST)/China. Commonwealth Scientific and Industrial Research Organization (CSIRO)/Australia. Danish National Space Center (DNSC)/Denmark. European Organization for the Exploitation of Meteorological Satellites (EUMETSAT)/Europe. European Telecommunications Satellite Organization (EUTELSAT)/Europe. Hellenic National Space Committee (HNSC)/Greece. Indian Space Research Organization (ISRO)/India. Institute of Space Research (IKI)/Russian Federation. KFKI Research Institute for Particle & Nuclear Physics (KFKI)/Hungary. Korea Aerospace Research Institute (KARI)/Korea. MIKOMTEK: CSIR (CSIR)/Republic of South Africa. Ministry of Communications (MOC)/Israel. National Institute of Information and Communications Technology (NICT)/Japan. National Oceanic and Atmospheric Administration (NOAA)/USA. National Space Organization (NSPO)/Chinese Taipei. Naval Center for Space Technology (NCST)/USA. Space and Upper Atmosphere Research Commission (SUPARCO)/Pakistan. Swedish Space Corporation (SSC)/Sweden. United States Geological Survey (USGS)/USA. CCSDS 000.0-Y-0 Page ii May 2011 DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN DOCUMENT CONTROL Document Title and Issue Date Status CCSDS 352.1-Y-1 CCSDS Cryptographic Algorithms Test Report, Draft CCSDS Record, Issue 1 November 2011 Current draft CCSDS 000.0-Y-0 Page iii May 2011 DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN CONTENTS Section Page DOCUMENT CONTROL.................................................................................................... III CONTENTS........................................................................................................................... IV 1 INTRODUCTION.......................................................................................................... 1-1 1.1 PURPOSE ............................................................................................................... 1-1 1.2 SCOPE .................................................................................................................... 1-1 1.3 APPLICABILITY ................................................................................................... 1-1 1.4 RATIONALE.......................................................................................................... 1-1 1.5 DOCUMENT STRUCTURE ................................................................................. 1-1 1.6 REFERENCES ....................................................................................................... 1-1 2 OVERVIEW ................................................................................................................... 2-1 3 ALGORITHM TESTING GOALS .............................................................................. 3-2 3.1 CONFIDENTIALITY ALGORITHMS ................................................................. 3-2 3.2 AUTHENTICATION ALGORITHMS .................................................................. 3-2 4 TEST PLAN DETAILS ................................................................................................. 4-4 4.1 CONFIDENTIALITY TEST CASE #1: AES COUNTER MODE TEST WITH 128-BIT KEY ......................................................................................................... 4-5 4.1.1 TEST DESCRIPTION ................................................................................ 4-6 4.1.2 EXPECTED RESULTS .............................................................................. 4-6 4.2 CONFIDENTIALITY TEST CASE #2: AES COUNTER MODE TEST WITH 192-BIT KEY ......................................................................................................... 4-7 4.2.1 TEST DESCRIPTION ................................................................................ 4-7 4.2.2 EXPECTED RESULTS .............................................................................. 4-7 4.3 CONFIDENTIALITY TEST CASE #3: AES COUNTER MODE TEST WITH 256-BIT KEY ......................................................................................................... 4-7 4.3.1 TEST DESCRIPTION ................................................................................ 4-7 4.3.2 EXPECTED RESULTS .............................................................................. 4-8 4.4 CONFIDENTIALITY TEST CASE #4: AES GCM TEST WITH 128-BIT KEY 4-8 4.4.1 TEST DESCRIPTION ................................................................................ 4-8 4.4.2 EXPECTED RESULTS .............................................................................. 4-8 4.5 CONFIDENTIALITY TEST CASE #5: AES GCM TEST WITH 192-BIT KEY 4-9 4.5.1 TEST DESCRIPTION ................................................................................ 4-9 4.5.2 EXPECTED RESULTS .............................................................................. 4-9 4.6 CONFIDENTIALITY TEST CASE #6: AES GCM TEST WITH 256-BIT KEY 4-9 4.6.1 TEST DESCRIPTION ................................................................................ 4-9 4.6.2 EXPECTED RESULTS ............................................................................ 4-10 4.7 CONFIDENTIALITY TEST CASE #7: AES ECB TEST WITH 128-BIT KEY . 4-5 4.7.1 TEST DESCRIPTION ................................................................................ 4-5 4.7.2 EXPECTED RESULTS .............................................................................. 4-5 4.8 CONFIDENTIALITY TEST CASE #8: AES ECB WITH 192-BIT KEY ............ 4-5 4.8.1 TEST DESCRIPTION ................................................................................ 4-5 4.8.2 EXPECTED RESULTS .............................................................................. 4-5 4.9 CONFIDENTIALITY TEST CASE #9: AES ECB WITH 256-BIT KEY ............ 4-5 CCSDS 000.0-Y-0 Page iv May 2011 DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN 4.9.1 TEST DESCRIPTION ................................................................................ 4-5 4.9.2 EXPECTED RESULTS .............................................................................. 4-6 4.10 AUTHENTICATION TEST CASE #1: HMAC AUTHENTICATION WITH SHA256 4-10 4.10.1 TEST DESCRIPTION .............................................................................. 4-10 4.10.2 EXPECTED RESULTS ............................................................................ 4-11 4.11 AUTHENTICATION TEST CASE #2: CMAC AUTHENTICATION WITH AES USING A 128-BIT KEY ...................................................................................... 4-11 4.11.1 TEST DESCRIPTION .............................................................................. 4-11 4.11.2 EXPECTED RESULTS ............................................................................ 4-11 4.12 AUTHENTICATION TEST CASE #3: CMAC AUTHENTICATION WITH AES USING A 192-BIT KEY ...................................................................................... 4-11 4.12.1 TEST DESCRIPTION .............................................................................. 4-11 4.12.2 EXPECTED RESULTS ............................................................................ 4-12 4.13 AUTHENTICATION TEST CASE #4: CMAC AUTHENTICATION WITH AES USING A 256-BIT KEY ...................................................................................... 4-12 4.13.1 TEST DESCRIPTION .............................................................................. 4-12 4.13.2 EXPECTED RESULTS ............................................................................ 4-12 4.14 AUTHENTICATION TEST CASE #5: DIGITAL SIGNATURE AUTHENTICATION ........................................................................................... 4-12 4.14.1 TEST DESCRIPTION .............................................................................. 4-12 4.14.2 EXPECTED RESULTS ............................................................................ 4-13 5 TEST RESULTS .......................................................................................................... 5-14 5.1 CONFIDENTIALITY TEST RESULTS.............................................................. 5-14 5.2 AUTHENTICATION TEST RESULTS .............................................................. 5-14 Table Page Table 1- Confidentiality Algorithm Tests .............................................................................. 4-4 Table 2- Authentication/Integrity Algorithm Tests ............................................................... 4-4 CCSDS 000.0-Y-0 Page v May 2011 DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN 1 1.1 INTRODUCTION PURPOSE The purpose of this document is to describe the prototype testing to be conducted for the CCSDS Cryptographic Algorithms specified in CCSDS 353.0-B-1 (reference [1]). 1.2 SCOPE The scope of this document is the testing of the CCSDS cryptographic algorithms to provide confidentiality, authentication, and integrity for spacecraft and ground systems. 1.3 APPLICABILITY The CCSDS Cryptographic Algorithms will be used to provide data confidentiality, command authentication, and data/command integrity. The algorithms may be Agencyimplemented for specific missions, may be government produced, may be open source, or may be purchased as commercial-off-the-shelf products. In any case, the algorithms must be shown to be in conformance with their respective specifications, must be proven to be bug and malware free, and must be proven to be interoperable with other implementations of the same algorithm. 1.4 RATIONALE The CCSDS Procedures Manual states that for a Recommendation to become a Blue Book, the standard must be tested in an operational manner. The following requirement for an implementation exercise were excerpted from reference [2]: “At least two independent and interoperable prototypes or implementations must have been developed and demonstrated in an operationally relevant environment, either real or simulated.” This document outlines the Security Working Group’s approach to meeting this requirement. 1.5 DOCUMENT STRUCTURE This document describes the testing that must be accomplished to allow the CCSDS Cryptographic Algorithms to proceed forward as a Recommendation. 1.6 REFERENCES The following documents are referenced in this document. At the time of publication, the editions indicated were valid. All documents are subject to revision, and users of this CCSDS 000.0-Y-0 Page 1-1 May 2011 DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN document are encouraged to investigate the possibility of applying the most recent editions of the documents indicated below. The CCSDS Secretariat maintains a register of currently valid CCSDS documents. [1] CCSDS Cryptographic Algorithms. Washington DC: CCSDS, <date> CCSDS 353.0-B-1. Blue Book. Issue 1. [2] Procedures Manual for the Consultative Committee for Space Data Systems, CCSDS A00.0-Y-9. Yellow Book. Issue 9. Washington DC: CCSDS, November 2003. [3] Advanced Encryption Standard (AES). Federal Information Processing Standards Special Publication 197. Gaithersburg, Maryland: NIST, 2001. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf. [4] NIST, The Keyed Hash Message Authentication Code, Federal Information Processing Standard 198-1 (FIPS-198-1), U.S. National Institute of Standards and Technology (NIST), http://csrc.nist.gov/publications/fips/fips198-1/FIPS-1981_final.pdf, July 2008. [5] NIST, Digital Signature Standard, Federal Information Processing Standard 186-3, U.S. National Institute of Standards and Technology (NIST), http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf, June 2009. [6] Dworkin, M. Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. National Institute of Standards and Technology Special Publication 800-38D. Gaithersburg, Maryland: NIST, November 2007. http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf [7] Dworkin, M.; Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication; NIST Special Publication 800-38B; National Institute of Standards and Technology (NIST); http://csrc.nist.gov/publications/nistpubs/80038B/SP_800-38B.pdf; May 2005. [8] Dworkin, M. Recommendation for Block Cipher Modes of Operation: Methods and Techniques. National Institute of Standards and Technology Special Publication 80038A. Gaithersburg, Maryland: NIST, 2001. http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf. [9] Bassham, L.; The Advanced Encryption Standard Algorithm Validation Suite (AESAVS); National Institute of Standards and Technology; Nov 2002; http://csrc.nist.gov/groups/STM/cavp/documents/aes/AESAVS.pdf [10] Hall, T; The FIPS 186-3 Digital Signature Algorithm Validation System (DSA2VS); National Institute of Standards and Technology; June 2011; http://csrc.nist.gov/groups/STM/cavp/documents/dss2/dsa2vs.pdf CCSDS 000.0-Y-0 Page 1-2 May 2011 DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN [11] Keller, S; The RSA Validation System (RSAVS); National Institute of Standards and Technology; Nov 2004; http://csrc.nist.gov/groups/STM/cavp/documents/dss/RSAVS.pdf [12] Keller, S; The 186-3 RSA Validation System (RSA2VS); National Institute of Standards and Technology; June 2011; http://csrc.nist.gov/groups/STM/cavp/documents/dss2/rsa2vs.pdf [13] Bassham, L; The Secure Hash Algorithm Validation System (SHAVS); National Institute of Standards and Technology; July 2004; http://csrc.nist.gov/groups/STM/cavp/documents/shs/SHAVS.pdf [14] Keller, S; The CMAC Validation System (CMACVS); National Institute of Standards and Technology; Aug 2011; http://csrc.nist.gov/groups/STM/cavp/documents/mac/CMACVS.pdf [15] Hall, L; Keller, S; The Galois/Counter Mode (GCM) and GMAC Validation System (GCMVS); National Institute of Standards and Technology; Feb 2009; http://csrc.nist.gov/groups/STM/cavp/documents/mac/gcmvs.pdf [16] Bassham, L; The Keyed-Hash Message Authentication Code Validation System (HMACVS); National Institute of Standards and Technology; Dec 2004; http://csrc.nist.gov/groups/STM/cavp/documents/mac/HMACVS.pdf CCSDS 000.0-Y-0 Page 1-3 May 2011 DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN 2 OVERVIEW This CCSDS Cryptographic Algorithms test plan describes the manner in which algorithm testing will be accomplished. It describes the manner in which the algorithms are to be implemented, keyed, and data exchanged between the testing parties to determine if the algorithms are performing as expected. The CCSDS Procedures Manual requires that testing be performed in an “operational-like” setting. However, in this case, we are testing “raw” algorithms and not flight systems. This plan provides the details to test the cryptographic algorithms to ensure their correctness and interoperation. We propose that an independent algorithm implementation is used to encrypt data and another independent implementation is used to decrypt it. This would be performed using all the recommended modes for encryption. Likewise, for authentication one independent algorithm implementation is used to create a message authentication code (MAC) with a different independent algorithm implementation used to verify the MAC. Testing in this manner is performed for all of the specified authentication algorithms: HMAC, CMAC, and RSA Digital Signature. This testing could be performed in a single laboratory by one tester using multiple implementations of each algorithm under test. However, optimally the testing should be conducted at multiple sites via the internet potentially using something as simple as email to send encrypted or MAC’d data between the testing parties which would then be fed into the various independent algorithm implementations. For example, Test Agent A at site X could encrypt data using AES/GCM using a pre-distributed key. Test Agent A would email the ciphertext as an attachment to Test Agent B at site Y. Using the pre-distributed key and a different implementation of AES/GCM than used by Test Agent A, Test Agent B would attempt to decrypt the ciphertext. If the resulting plaintext (agreed to in advance by both testing agents) is an exact match, the test passes. In a more elaborate testing setup, the test sites could be interconnected and a simple network application could be used to provide the test framework of encrypting/authentication data, transmitting it, and on the receiving end, decrypting/authenticating the data. CCSDS 000.0-Y-0 Page 2-1 May 2011 DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN 3 ALGORITHM TESTING GOALS All algorithm implementations must conform to their respective specifications. AES must be shown to be conformant with FIPS Pub 197 (reference [3]) and tested in accordance with reference [9] . AES/GCM must be shown to be conformant with FIPS Pub 800-38D (reference [6] and tested in accordance with reference [15]. HMAC must be shown to be conformant with FIPS Pub 198-1 (reference [4]) and tested in accordance with reference [16]. CMAC must be shown to be conformant with FIPS Pub 800-38B (reference [7]) and tested in accordance with reference [14]. RSA Digital Signature must be shown to be conformant with FIPS Pub 186-3 (reference [5]) and tested in accordance with references [10], [11], and [12]. For reference, test vectors for each of the respective algorithms may be obtained from the National Institute of Standards and Technology: http://csrc.nist.gov/groups/STM/cavp/index.html. 3.1 CONFIDENTIALITY ALGORITHMS The CCSDS confidentiality algorithms will be tested to confirm that independent implementations can successfully interoperate in the cryptographic modes specified in CCSDS 353.0-B-1 (reference [1]). Testing will confirm that the implementations of the AES algorithm will support multiple key sizes. Specifically they must support 128-bit, 192-bit, and 256-bit size keys. Testing will be carried out using all three key sizes in electronic code book mode to confirm the correct operation of the base AES algorithm. Testing will also confirm that the implementations of AES operate correctly in counter mode. Testing will be carried out using all three key sizes with AES in counter mode (reference [8]). To confirm that authenticated encryption operates correctly, AES will be tested using the Galois/Counter Mode (GCM). Again, all three key sizes will be tested with AES in GCM mode (reference [6]). 3.2 AUTHENTICATION ALGORITHMS The CCSDS authentication algorithms will be tested to confirm that independent implementations can successfully interoperate. Three authentication algorithms are specified in CCSDS 353.0-B-1 (reference [1]). CCSDS 000.0-Y-0 Page 3-2 May 2011 DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN For hash-based authentication, testing will confirm that the implementations of HMAC utilize the SHA-256 hash algorithm and interoperate (reference [4]). Testing will be carried out using a reference test key known to the testing parties. Testing will be carried out without truncation of the resulting MAC. For cryptographic-based authentication, testing will confirm that the implementations of CMAC are interoperable (reference [7]). For digital signature-based authentication, testing will confirm that the implementations utilize the RSA Digital Signature Algorithm (DSA) (reference [5]) and that they are interoperable. CCSDS 000.0-Y-0 Page 3-3 May 2011 DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN 4 TEST PLAN DETAILS Table 1 synopsizes the tests to be performed on the confidentiality algorithm and modes. # Confidentiality Algorithm Mode Key Size 1 AES ECB 128 2 AES ECB 192 3 AES ECB 256 4 AES Counter 128 5 AES Counter 192 6 AES Counter 256 7 AES GCM 128 8 AES GCM 192 9 AES GCM 256 Table 1- Confidentiality Algorithm Tests Table 2 synopsizes the tests to be performed on the authentication/integrity algorithms. # Authentication/Integrity Algorithm Mode Key Size MAC Length 1 HMAC w/SHA-256 w/o truncation 256 256 2 CMAC w/AES N/A 128 128 3 CMAC w/AES N/A 192 128 4 CMAC w/AES N/A 256 128 5 Digital Signature RSA 2048 - Table 2- Authentication/Integrity Algorithm Tests CCSDS 000.0-Y-0 Page 4-4 May 2011 DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN 4.1 CONFIDENTIALITY TEST CASE #1: AES ECB TEST WITH 128-BIT KEY 4.1.1 TEST DESCRIPTION Two or more testers may participate. One tester will encrypt plaintext data using a 128-bit test key and 96-bit IV using AES ECB. The resultant cipher text will be sent to one or more recipient testers either via a network connection, via email, or some other agreed-to method. The recipient tester(s) will use the same 128-bit test key to decrypt the cipher text. 128-bit Plaintext input data: 00112233445566778899aabbccddeeff 128-Bit Key: 000102030405060708090a0b0c0d0e0f 4.1.2 EXPECTED RESULTS If the resultant plain text matches, the AES ECB encryption/decryption test is successful. 4.2 CONFIDENTIALITY TEST CASE #2: AES ECB WITH 192-BIT KEY 4.2.1 TEST DESCRIPTION Two or more testers may participate. One tester will encrypt data using a 192-bit test key and a 96-bit IV using AES ECB. The resultant cipher text will be sent to one or more recipient testers either via a network connection, via email, or some other agreed-to method. The recipient tester(s) will use the same 192-bit test key and 96-bit IV to decrypt the cipher text. 128-bit Plaintext input data: 00112233445566778899aabbccddeeff 192-bit Key: 000102030405060708090a0b0c0d0e0f1011121314151617 4.2.2 EXPECTED RESULTS If the resultant plain text matches, the AES ECB encryption/decryption test is successful. 4.3 CONFIDENTIALITY TEST CASE #3: AES ECB WITH 256-BIT KEY 4.3.1 TEST DESCRIPTION Two or more testers may participate. One tester will encrypt plaintext data using a 256-bit test key and 96-bit IV using AES ECB. The resultant cipher text will be sent to one or more CCSDS 000.0-Y-0 Page 4-5 May 2011 DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN recipient testers either via a network connection, via email, or some other agreed-to method. The recipient tester(s) will use the same 256-bit test key to decrypt the cipher text. 128-bit Plaintext input data: 00112233445566778899aabbccddeeff 256-bit Key: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F 4.3.2 EXPECTED RESULTS If the resultant plain text matches, the AES ECB encryption/decryption test is successful. 4.4 CONFIDENTIALITY TEST CASE #4: AES COUNTER MODE TEST WITH 128-BIT KEY 4.4.1 TEST DESCRIPTION Two or more testers may participate. One tester will encrypt plaintext data using a 128-bit test key and a 96-bit IV using AES in Counter Mode. The resultant cipher text will be sent to one or more recipient testers either via a network connection, via email, or some other agreed-to transfer method. The recipient tester(s) will use the same 128-bit test key and 96-bit IV to decrypt the cipher text. 1024-bit Plaintext input data: 2b9179d21cb884581b0e4f462455167f1f7899717245d4aed3d8db5983daccccebfc 2130a20c284563bea5997cc0438c83d8fa7bb9e3588efed285a0fcc31456dc9a3122 b97bb22f7edc36973475925828c323565e417ec95190db63b21881016b5332f2e400 bb4724c86a8ee0247149370ee5412f743dc6bf7ca5bcc31afa0f 128-Bit Key: 000102030405060708090a0b0c0d0e0f 96-bit IV: 001122334455667788990102 4.4.2 EXPECTED RESULTS If the resultant plain text matches, the AES counter mode encryption/decryption test is successful. CCSDS 000.0-Y-0 Page 4-6 May 2011 DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN 4.5 CONFIDENTIALITY TEST CASE #5: AES COUNTER MODE TEST WITH 192-BIT KEY 4.5.1 TEST DESCRIPTION Two or more testers may participate. One tester will encrypt platintext data using a 192-bit test key and a 96-bit IV using AES in Counter Mode. The resultant cipher text will be sent to one or more recipient testers either via a network connection, via email, or some other agreed-to method. The recipient tester(s) will use the same 192-bit test key and 96-bit IV to decrypt the cipher text. 1024-bit Plaintext input data: 7f4e4f11091bf51976c0fc71ecbcd0985cdad2135549c818c09567801d8a9a42c719 aab7dc2cb58a10b5067d14c52cabe6bb9b939e7b9cd395eaf10ba6a53fd2e6446e1e 501440134e04e662ef7ebb1c9c78bbd3fd7cb9de8b985418be1b43ebb5d7902ccb4c 299c325c8a7cc1de9174f544bc60828c1eebad49287caa4108a0 192-bit Key: 000102030405060708090a0b0c0d0e0f1011121314151617 96-bit IV: 001122334455667788990102 4.5.2 EXPECTED RESULTS If the resultant plain text matches, the AES counter mode encryption/decryption test is successful. 4.6 CONFIDENTIALITY TEST CASE #6: AES COUNTER MODE TEST WITH 256-BIT KEY 4.6.1 TEST DESCRIPTION Two or more testers may participate. One tester will encrypt plaintext data using a 256-bit test key and 96-bit IV using AES in Counter Mode. The resultant cipher text will be sent to one or more recipient testers either via a network connection, via email, or some other agreeto method. The recipient tester(s) will use the same 256-bit test key and 96-bit IV to decrypt the cipher text. 1024-bit Plaintext input data: bc7aa1b735a5f465cffeccd8dd4b0a33a571e9f006dc63b2a6f4df272a673bb2cc00 e603248ab6be5627eebc10934fe4d1dc5cd120a475936eefa2c7bddea9f36c6c794d 2c6bd2594094e56cac12d8f03e38f222a7ee4fc6c2adffe71c9c13003e301c31ff3a 0405dde89bb213044d41782c4bb4eb3c262595d1c0e00522047c 256-bit Key: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F 96-bit IV: 001122334455667788990102 CCSDS 000.0-Y-0 Page 4-7 May 2011 DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN 4.6.2 EXPECTED RESULTS If the resultant plain text matches, the AES counter mode encryption/decryption test is successful. 4.7 CONFIDENTIALITY TEST CASE #7: AES GCM TEST WITH 128-BIT KEY 4.7.1 TEST DESCRIPTION Two or more testers may participate. One tester will encrypt and authenticate plaintext data using a 128-bit test key and 96-bit IV using AES GCM with a 96-bit authentication tag. The Additional Authenticated Data (AAD) will be authenticated and not encrypted. The resultant cipher text and authentication tag will be sent to one or more recipient testers either via a network connection, via email, or some other agreed-to method. The recipient tester(s) will use the same 128-bit test key to decrypt and authenticate the cipher text. The AAD will be authenticated without decryption. 1024-bit Plaintext input data: 9eef7c9a0fa3e9a7fcc4b2f9d210a97d6653ded7913f2fb2de825a0dfd78ae1cca68 c040f2328009fffe62937d630ee9d6e0e67bc12c38c0b3d035697d4c2311371aacf4 1cce0d523016ee436a47d93af0df77011131856d072c718c310f0995b71530d70a3d a881481f46f21dda62e3e4c898bb9f819b22f816b7c4e2fb6729 1024-bit Additional Authenticated Data: 45fa52a0e8321d82caea95bd9506f7331923e2aa95e9238908f3ff30e17a96389dfe a75e225e34e1605354eaaf999a950f469c6e2e8722da5ad9daded6722baca00e5d1b 8e63266ad1b42cae161b9c089f4ffdfbbaa2f1fb0245d1a4c306d46e215e8c6c6ae3 7652a8f6016f92adb7695d40bde8c202ab9c2d70a96220b4b01b 128-Bit Key: 000102030405060708090a0b0c0d0e0f 96-bit IV: 001122334455667788990102 4.7.2 EXPECTED RESULTS If the resultant plain text matches, the AES GCM encryption/decryption test is successful. If the resultant authentication tag matches, the AES GCM authentication test is successful. CCSDS 000.0-Y-0 Page 4-8 May 2011 DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN 4.8 CONFIDENTIALITY TEST CASE #8: AES GCM TEST WITH 192-BIT KEY 4.8.1 TEST DESCRIPTION Two or more testers may participate. One tester will encrypt data using a 192-bit test key and a 96-bit IV using AES in GCM with a 96-bit authentication tag. The Additional Authenticated Data (AAD) will be authenticated and not encrypted. The resultant cipher text will be sent to one or more recipient testers either via a network connection, via email, or some other agreed-to method. The recipient tester(s) will use the same 192-bit test key and 96-bit IV to decrypt and authenticate the cipher text. The AAD will be authenticated without decryption. 1024-bit Plaintext input data: d406138587fbcb498e8ec37f0f3d7f6b2faa02e6880424e74cdba67ae3468b6823d3 7fd917a7fede6b34a2f0fc47c520e4088766ba82a989f0d8051a3a80cc8b1e3e1e2b 1c6620b90e99b27e65951aeb3936263fc2f76c1c8effa742f53987f8a38c731a411f a53b9f6c81340e0d7ce395c4190b364d9188dc5923f3126546c3 1024-bit Additional Authenticated Data: 756cf485b6a8e672d90d930a653c69fdbf260d3ea18cd3d0c02175d3966a88b70ab8 235d998b745a0eb6a5c92899f41e8c0b7aa4ec132c8cbb1bac97a45766a03923c9b9 3c2a055abd0127a83f81e6df603a375ca8cc1a2ee0a8b7fd226226b0b19bd2e81f73 c34dfafa4fcea08dd93dd4ab7e4b437408af91bff566068a5f34 192-bit Key: 000102030405060708090a0b0c0d0e0f1011121314151617 96-bit IV: 001122334455667788990102 4.8.2 EXPECTED RESULTS If the resultant plain text matches, the AES GCM encryption/decryption test is successful. If the resultant authentication tag matches, the AES GCM authentication test is successful. 4.9 CONFIDENTIALITY TEST CASE #9: AES GCM TEST WITH 256-BIT KEY 4.9.1 TEST DESCRIPTION Two or more testers may participate. One tester will encrypt plaintext data using a 256-bit test key and 96-bit IV using AES GCM with a 96-bit authentication tag. The Additional Authenticated Data (AAD) will be authenticated and not encrypted. The resultant cipher text will be sent to one or more recipient testers either via a network connection, via email, or some other agreed-to method. The recipient tester(s) will use the same 256-bit test key to decrypt and authenticate the cipher text. The AAD will be authenticated without decryption. CCSDS 000.0-Y-0 Page 4-9 May 2011 DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN 1024-bit Plaintext input data: bfc89d5049a5b4015c9eb64fdaf9fe9f4be7229e67c713a7b368f0550b3a5e12ba3a 4399c64f60b7157e1b289b154a494deadecff0d0686ab44fae2a34ae4cb120a7f002 68ab551f41c16a05f8999157be1103464127a8a9bccf736c32db045124178c90472e 664d8e67a2ade0efe9a3b048c453d2fb5292dd8d29e62d52c5b5 1024-bit Additional Authenticated Data: 335cc5c8fb5920b09e0263133eb481fd97f8d9f29db8689fb63034bc40959a176ccd ca6725e1f94f822e4d871138fc39776fbe062f07bf80e5c8891c2e1007efeb77c158 ced8d6c002b04442ed35c40a2187a59c02339c05762942208e3be964736a431017f4 72dfd5fdaf8fb8c645cdb684f9632057b9eb755253b4b75e3688 256-bit Key: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F 96-bit IV: 001122334455667788990102 4.9.2 EXPECTED RESULTS If the resultant plain text matches, the AES GCM encryption/decryption test is successful. If the resultant authentication tag matches, the AES GCM authentication test is successful. 4.10 AUTHENTICATION TEST CASE #1: HMAC AUTHENTICATION WITH SHA-256 4.10.1 TEST DESCRIPTION Two or more testers may participate. One tester will create a Message Authentication Code (MAC) over a data set using a 256-bit test key using HMAC with SHA-256. The resultant MAC will be sent to one or more recipient testers either via a network connection, via email, or some other agreed-to method. The recipient tester(s) will use the same 256-bit test key to verify the authenticity of the MAC. Test Data: Mary had a little lamp whose fleece was white as snow 256-bit Key: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F CCSDS 000.0-Y-0 Page 4-10 May 2011 DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN 4.10.2 EXPECTED RESULTS If the MAC is verified, the HMAC/SHA-256 test is successful. 4.11 AUTHENTICATION TEST CASE #2: CMAC AUTHENTICATION WITH AES USING A 128-BIT KEY 4.11.1 TEST DESCRIPTION Two or more testers may participate. One tester will create a Message Authentication Code (MAC) over a data set using a 128-bit test key using CMAC with AES. The resultant MAC will be sent to one or more recipient testers either via a network connection, via email, or some other agreed-to method. The recipient tester(s) will use the same 128-bit test key to verify the authenticity of the MAC. Test Data: Mary had a little lamb whose fleece was white as snow 128-bit Key: 2b7e151628aed2a6abf7158809cf4f3c 4.11.2 EXPECTED RESULTS If the MAC is verified, the CMAC/AES/128 test is successful. 4.12 AUTHENTICATION TEST CASE #3: CMAC AUTHENTICATION WITH AES USING A 192-BIT KEY 4.12.1 TEST DESCRIPTION Two or more testers may participate. One tester will create a Message Authentication Code (MAC) over a data set using a 192-bit test key using CMAC with AES. The resultant MAC will be sent to one or more recipient testers either via a network connection, via email, or some other agreed-to method. The recipient tester(s) will use the same 192-bit test key to verify the authenticity of the MAC. Test Data: Mary had a little lamb whose fleece was white as snow 192-bit Key: 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b CCSDS 000.0-Y-0 Page 4-11 May 2011 DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN 4.12.2 EXPECTED RESULTS If the MAC is verified, the CMAC/AES/192 test is successful. 4.13 AUTHENTICATION TEST CASE #4: CMAC AUTHENTICATION WITH AES USING A 256-BIT KEY 4.13.1 TEST DESCRIPTION Two or more testers may participate. One tester will create an Message Authentication Code (MAC) over a data set using a 256-bit test key using CMAC with AES. The resultant MAC will be sent to one or more recipient testers either via a network connection, via email, or some other agreed-to method. The recipient tester(s) will use the same 256-bit test key to verify the authenticity of the MAC. Test Data: Mary had a little lamb whose fleece was white as snow 256-bit Key: 603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4 4.13.2 EXPECTED RESULTS If the MAC is verified, the CMAC/AES/256 test is successful. 4.14 AUTHENTICATION TEST CASE #5: DIGITAL SIGNATURE AUTHENTICATION 4.14.1 TEST DESCRIPTION Two or more testers may participate. All testers involved must first obtain or generate a public/private key pair of 2048 bits. The public keys of all involved testers must be shared either directly, via a public key server, pre-cached, or by some other means determined by the testers. One tester will use the RSA Digital Signature Algorithm to digitally sign a test data set (using the tester’s private key. The resultant digitally signed data will be sent to one or more recipient testers either via a network connection, via email, or some other agreed-to method. The recipient tester(s) will use the signer’s public key to verify the authenticity of the data. Test Data: Mary had a little lamb whose fleece was white as snow Test Key: 2048-bit generated RSA public/private key pairs CCSDS 000.0-Y-0 Page 4-12 May 2011 DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN 4.14.2 EXPECTED RESULTS If the digital signature is verified, the Digital Signature Authentication test is successful. CCSDS 000.0-Y-0 Page 4-13 May 2011 DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN 5 TEST RESULTS 5.1 CONFIDENTIALITY TEST RESULTS CONFIDENTIALITY TEST # CONFIDENTIALITY ALGORITHM ALGORITHM MODE KEY SIZE 1 AES Counter 128 2 AES Counter 192 3 AES Counter 256 4 AES GCM 128 5 AES GCM 192 6 AES GCM 256 7 AES ECB 128 8 AES ECB 192 9 AES ECB 256 5.2 TEST RESULT AUTHENTICATION TEST RESULTS AUTH TEST # AUTHENTICATION ALGORITHM ALGORITHM MODE KEY SIZE MAC LENGTH 1 HMAC w/SHA-256 No truncation 256 256 2 CMAC w/AES N/A 128 128 3 CMAC w/AES N/A 192 128 4 CMAC w/AES N/A 256 128 5 DIGITAL SIGNATURE RSA 2048 - CCSDS 000.0-Y-0 Page 5-14 TEST RESULT May 2011 DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN ANNEX A [ANNEX TITLE] [Annexes contain ancillary information. See CCSDS A20.0-Y-2, CCSDS Publications Manual (Yellow Book, Issue 2, June 2005) for discussion of the kinds of material contained in annexes.] CCSDS 000.0-Y-0 Page A-1 May 2011