RE: P1619.1 (Tape): D5 draft

[Matt Ball]

Title: P1619.1 (Tape): D5 draft

Hi Danh (or anyone else),   Thanks for your help!  If possible, I'd like to get test vectors for the following additional cases:   CCM   1) Simple case (This will help implementers resolve bit-order issues on output): Key = 32 bytes of all zeros Plaintext = 16 bytes of all zeros IV = 12 bytes of all zeros No AAD   2) Simple Authenticate-only: Key = 32 bytes of all zeros No plaintext IV = 12 bytes of all zeros AAD = 16 bytes of all zeros   3) Simple encrypt and authenticate: Key = 32 bytes of all zeros Plaintext = 16 bytes of all zeros IV = 12 bytes of all zeros AAD = 16 bytes of all zeros   4) Random data input (this will help resolve bit-order issues on the input): Key = 32 bytes of non-zero data (must not be a palindrome -- i.e. same number forwards and backwards) Plaintext = 16 bytes of non-zero data (not a palindrome) No AAD IV = 12 bytes of non-zero data   5) Include both plaintext and AAD See 'VEC 0001' of Danh's test case   6) Long AAD test See 'VEC 0002' of Danh's test case   7) Long Plaintext test See 'VEC 0002', but use a large plaintext instead of AAD   8) Odd-size plaintext test, part 1: Key = 32 bytes of non-zero data (must not be a palindrome) Plaintext = 1 byte of non-zero data (must not be a palindrome) AAD = 1 byte of non-zero data (must not be a palindrome) IV = 12 bytes of non-zero data   9) Odd-size plaintext test, part 2 (this is for implementations that have a 32-bit alignment limitation: Key = 32 bytes of non-zero data (must not be a palindrome) Plaintext = 20 bytes of non-zero data (must not be a palindrome) AAD = 20 bytes of non-zero data (must not be a palindrome) IV = 12 bytes of non-zero data     GCM   Duplicate all CCM tests 1-9.   10) Long IV test (Tests an IV longer than 12 bytes) Key = 32 bytes of non-zero data (must not be a palindrome -- i.e. same number forwards and backwards) Plaintext = 16 bytes of non-zero data (not a palindrome) No AAD IV = 16 bytes of non-zero data   11) Long IV test with AAD and odd IV length Key = 32 bytes of non-zero data (must not be a palindrome -- i.e. same number forwards and backwards) Plaintext = 20 bytes of non-zero data (not a palindrome) AAD = 20 bytes of non-zero data (not a palindrome) IV = 17 bytes of non-zero data     Key Transform with SHA-256   1) Simple transform to test output: Key = 32 bytes of all-zeros VendorID (OUI) = 3 bytes of FFFFFF in hexadecimal (000000 is reserved for Xerox) FormatSpecific = none   2) Simple transform to test input Key = 32 bytes of non-zero data (must not be a palindrome) VendorID (OUI) = 3 bytes of FEDCBA in hexadecimal FormatSpecific = 10 bytes of the ASCII string "TESTVECTOR"   3) Multiple block test (requires hashing 2 blocks) Key = 32 bytes of non-zero data (must not be a palindrome) VendorID (OUI) = 3 bytes of FEDCBA in hexadecimal FormatSpecific = 13 bytes of the ASCII string "TESTVECTOR123"     Please let me know if anyone would like to see additional test vectors or would like some of the following vectors removed.   Thanks, -Matt   -----Original Message----- From Danh Tran [mailto:[EMAIL PROTECTED] Sent: Monday, March 27, 2006 8:53 AM To: Matt Ball Subject: RE: P1619.1 (Tape): D5 draft   Hi Matt,   Sounds good. I can generate more test vectors if needed.     Danh -----Original Message----- From Matt Ball [mailto:[EMAIL PROTECTED] Sent: Friday, March 24, 2006 3:15 PM To: Danh Tran Subject: RE: P1619.1 (Tape): D5 draft Hi Danh,   Thanks for generating these vectors!  When I get some time next week, I'll look into double-checking them and adding them to the standard.   -Matt -----Original Message----- From Danh Tran [mailto:[EMAIL PROTECTED] Sent: Thursday, March 23, 2006 2:24 PM To: Matt Ball; [EMAIL PROTECTED] Cc: Danh Tran Subject: RE: P1619.1 (Tape): D5 draft Hi Matt,   I took the liberty of generating some sample test vectors for CCM mode (see the attached file CCM.1). The codes that I used are based on Dr. Brian Gladman.   I can generate more test vectors if desired. Please let me know of any questions.     Regards, Danh          [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Ball Sent: Tuesday, March 21, 2006 11:13 AM To: Matt Ball; [EMAIL PROTECTED] Subject: RE: P1619.1 (Tape): D5 draft   Hi Everyone,   For those who prefer PDF, I've attached an identical PDF version of 1619.1-D5   Please read over this draft when you get a chance and give me any feedback!   The next big thing we need to add is a set of test vectors.  Is there anyone who would be willing to help generate or double-check some test vectors?  We especially need vectors for CCM mode, since the CCM document does not have any 256-bit key vectors.   Thanks, -Matt -----Original Message----- [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Matt Ball Sent: Wednesday, March 15, 2006 6:04 PM To: [EMAIL PROTECTED] Subject: P1619.1 (Tape): D5 draft Hi All, Here's the new draft I promised to deliver.  It's got quite a few changes, including some of the following: Draft now uses the standard IEEE template GCM mode can have a long IV Key transform using SHA-256 and the IEEE OUI High-entropy nonce requirements Option for host to send the device a nonce along with the key Requirements for self-test Requirements for documentation Updated bibliography and references sections New test vectors section (we still need to create some test vectors) Please sent me or the group any comments! (I'm willing to continue editing these changes.  I'm also willing to let someone else grab the document and edit it if they want.) Thanks, Matt Ball Embedded Software Engineer Quantum Corporation 4001 Discovery Drive, Suite 1100 Boulder, CO 80303 (720) 406-5766 <<P1619.1-D5.zip>>