Re: [kitten] I-D Action: draft-ietf-kitten-aes-cts-hmac-sha2-03.txt

"Peck, Michael A" <mpeck@mitre.org> Mon, 07 July 2014 14:04 UTC

Return-Path: <mpeck@mitre.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 549071A011C for <kitten@ietfa.amsl.com>; Mon, 7 Jul 2014 07:04:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.851
X-Spam-Level:
X-Spam-Status: No, score=-4.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aGpvTLUOc4Br for <kitten@ietfa.amsl.com>; Mon, 7 Jul 2014 07:03:59 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id 935A51A0120 for <kitten@ietf.org>; Mon, 7 Jul 2014 07:03:59 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id F3E241F0267; Mon, 7 Jul 2014 10:03:58 -0400 (EDT)
Received: from IMCCAS01.MITRE.ORG (imccas01.mitre.org [129.83.29.78]) by smtpksrv1.mitre.org (Postfix) with ESMTP id D0A661F00EA; Mon, 7 Jul 2014 10:03:58 -0400 (EDT)
Received: from IMCMBX04.MITRE.ORG ([169.254.4.226]) by IMCCAS01.MITRE.ORG ([129.83.29.68]) with mapi id 14.03.0174.001; Mon, 7 Jul 2014 10:03:58 -0400
From: "Peck, Michael A" <mpeck@mitre.org>
To: Benjamin Kaduk <kaduk@MIT.EDU>, "kitten@ietf.org" <kitten@ietf.org>
Thread-Topic: [kitten] I-D Action: draft-ietf-kitten-aes-cts-hmac-sha2-03.txt
Thread-Index: AQHPlgxyGHeCy5BqJE6NR5iOV7LZfJuSjYgAgAIfAYA=
Date: Mon, 07 Jul 2014 14:03:57 +0000
Message-ID: <CFE01F83.10E1B%mpeck@mitre.org>
References: <20140702154337.23812.83936.idtracker@ietfa.amsl.com> <alpine.GSO.1.10.1407052139080.17412@multics.mit.edu>
In-Reply-To: <alpine.GSO.1.10.1407052139080.17412@multics.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.1.140326
x-originating-ip: [172.31.33.175]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <99349540A195794B94B4E5B8613989A4@imc.mitre.org>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/1xSg-G_xKsomYC5iaiGjbV62Yzk
Subject: Re: [kitten] I-D Action: draft-ietf-kitten-aes-cts-hmac-sha2-03.txt
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jul 2014 14:04:02 -0000

Ben,

Thanks for reviewing the changes.

I put together test vectors this morning for deriving Kp from the base-key
and for the pseudo-random function invocations.
I can add the following text to Appendix A (Test Vectors) once
Internet-Draft submission reopens.
If you'd like to verify these I certainly wouldn't mind.


Sample results for key derivation:
   ----------------------------------

   enctype aes128-cts-hmac-sha256-128:
   128-bit base-key:
      37 05 D9 60 80 C1 77 28 A0 E8 00 EA B6 E0 D2 3C
   Kc value for key usage 2 (constant = 0x0000000299):
      B3 1A 01 8A 48 F5 47 76 F4 03 E9 A3 96 32 5D C3
   Ke value for key usage 2 (constant = 0x00000002AA):
      9B 19 7D D1 E8 C5 60 9D 6E 67 C3 E3 7C 62 C7 2E
   Ki value for key usage 2 (constant = 0x0000000255):
      9F DA 0E 56 AB 2D 85 E1 56 9A 68 86 96 C2 6A 6C
   Kp value (constant = 0x707266):
      9C 66 77 98 08 4F 16 82 1E 77 15 DD 5A A6 EB 71

   enctype aes256-cts-hmac-sha384-192:
   256-bit base-key:
      6D 40 4D 37 FA F7 9F 9D F0 D3 35 68 D3 20 66 98
      00 EB 48 36 47 2E A8 A0 26 D1 6B 71 82 46 0C 52
   Kc value for key usage 2 (constant = 0x0000000299):
      EF 57 18 BE 86 CC 84 96 3D 8B BB 50 31 E9 F5 C4
      BA 41 F2 8F AF 69 E7 3D
   Ke value for key usage 2 (constant = 0x00000002AA):
      56 AB 22 BE E6 3D 82 D7 BC 52 27 F6 77 3F 8E A7
      A5 EB 1C 82 51 60 C3 83 12 98 0C 44 2E 5C 7E 49
   Ki value for key usage 2 (constant = 0x0000000255):
      69 B1 65 14 E3 CD 8E 56 B8 20 10 D5 C7 30 12 B6
      22 C4 D0 0F FC 23 ED 1F
   Kp value (constant = 0x707266):
      5D 63 0D B7 EF DE 37 DE 9C 92 03 C5 2B D9 6C 77
      31 BE 1C 5B DD 50 DC 75 44 D9 60 AF F3 CC 23 04

Sample pseudo-random function (PRF) invocations:
   -----------------------------------------

   PRF input octet-string: "test" (0x74657374)

   enctype aes128-cts-hmac-sha256-128:
   Kp value:
      9C 66 77 98 08 4F 16 82 1E 77 15 DD 5A A6 EB 71
   PRF output:
3A CA 18 6C C1 26 56 76 5C FE B1 D2 2D 1C B1 36

   enctype aes256-cts-hmac-sha384-192:
   Kp value:
      5D 63 0D B7 EF DE 37 DE 9C 92 03 C5 2B D9 6C 77
      31 BE 1C 5B DD 50 DC 75 44 D9 60 AF F3 CC 23 04
   PRF output:
      01 72 03 F2 90 CD 16 6C D6 B2 BB 4F 18 7D 16 23
      6B 9A 4E D7 66 19 D8 11 6C 64 06 A3 37 E7 F9 08








On 7/5/14, 9:40 PM, "Benjamin Kaduk" <kaduk@MIT.EDU> wrote:

>On Wed, 2 Jul 2014, internet-drafts@ietf.org wrote:
>
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts
>>directories.
>> This draft is a work item of the Common Authentication Technology Next
>>Generation Working Group of the IETF.
>>
>>        Title           : AES Encryption with HMAC-SHA2 for Kerberos 5
>>        Authors         : Michael J. Jenkins
>>                          Michael A. Peck
>>                          Kelley W. Burgin
>> 	Filename        : draft-ietf-kitten-aes-cts-hmac-sha2-03.txt
>> 	Pages           : 15
>> 	Date            : 2014-07-02
>>
>> Abstract:
>>   This document specifies two encryption types and two corresponding
>>   checksum types for Kerberos 5.  The new types use AES in CTS mode
>>   (CBC mode with ciphertext stealing) for confidentiality and HMAC with
>>   a SHA-2 hash for integrity.
>>
>>
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-ietf-kitten-aes-cts-hmac-sha2/
>>
>> There's also a htmlized version available at:
>> http://tools.ietf.org/html/draft-ietf-kitten-aes-cts-hmac-sha2-03
>>
>> A diff from the previous version is available at:
>> http://www.ietf.org/rfcdiff?url2=draft-ietf-kitten-aes-cts-hmac-sha2-03
>
>The text changes look good to me; thanks.
>
>I would still like to have pseudo-random test vectors (though I do not
>think I will insist on it).  I may try to find time to generate some.
>
>-Ben
>
>_______________________________________________
>Kitten mailing list
>Kitten@ietf.org
>https://www.ietf.org/mailman/listinfo/kitten