Hi Everyone,
Here are proposals for
P1619.1 test vectors for the CCM and GCM modes. I'd like to thank Danh
Tran of Maxxan for generating the CCM vectors. I leveraged that work to
generate similar test vectors for the GCM mode, along with two more vectors to
test the longer IV. These test vectors are attached as the files 'ccm.2'
and 'gcm.2'. These vectors were generated and verified by Dr. Bill
Glatman's implementation (see <http://fp.gladman.plus.com/AES/modes.zip>). You can verify these vectors yourself by placing 'ccm.2'
and 'gcm.2' into the 'testvals' subdirectory after extracting the modes.zip
archive, then running the compiled C source.
Note that we still need to validate
these test vectors using a different implementation. Doug Whiting and
David McGrew, do you have independent implementations suitable for this
purpose?
Here is a definition for each of the keywords
within the attached files:
- MDE = Mode (either CCM or GCM in this context)
- VEC = Test vector number (in decimal)
- KEY = 256-bit encryption key
- IV = Initialization vector
- HDR = AAD (Additional Authentication Data)
- RPT = Repeat the previous HDR (AAD) a given number of times
- PTX = Plaintext
- CTX = Ciphertext
- TAG = MAC (Message Authentication Code)
Let me know if you have any
questions!
-Matt
ccm.2
Description: ccm.2
gcm.2
Description: gcm.2
