Camellia Counter Mode and Camellia Counter with CBC-MAC Mode Algorithms
RFC 5528
| Document | Type |
RFC
- Informational
(April 2009)
Was
draft-kato-camellia-ctrccm
(individual in sec area)
|
|
|---|---|---|---|
| Authors | 加藤 明洋 , Masayuki Kanda , Satoru Kanno | ||
| Last updated | 2015-10-14 | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Formats | |||
| IESG | Responsible AD | Tim Polk | |
| Send notices to | (None) |
RFC 5528
IANA Review state changed to IANA OK - Actions Needed=============== Packet Vector #9 ==================
CAM Key: C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF
Nonce = 00 00 00 0B 0A 09 08 A0 A1 A2 A3 A4 A5
Total packet length = 33. [Input (8 cleartext header octets)]
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F
20
CBC IV in: 61 00 00 00 0B 0A 09 08 A0 A1 A2 A3 A4 A5 00 19
CBC IV out:D0 A9 A5 94 00 63 86 40 11 0D DB 40 CA F8 4A 9C
After xor: D0 A1 A5 95 02 60 82 45 17 0A DB 40 CA F8 4A 9C [hdr]
After CAM: 7B CA 4E 2D 79 82 0D 1E 15 22 DD E8 37 B9 B1 F0
After xor: 73 C3 44 26 75 8F 03 11 05 33 CF FB 23 AC A7 E7 [msg]
After CAM: 6B 75 9F 83 C0 8F 56 64 F2 FA D5 7F 67 01 B8 21
After xor: 73 6C 85 98 DC 92 48 7B D2 FA D5 7F 67 01 B8 21 [msg]
After CAM: 7D B7 BE FF 72 F3 26 74 9E 20 07 28 1E 5B 1A 8A
MIC tag : 7D B7 BE FF 72 F3 26 74 9E 20
CTR Start: 01 00 00 00 0B 0A 09 08 A0 A1 A2 A3 A4 A5 00 01
CTR[0001]: 55 B9 87 69 4C 73 60 3E C6 1E 8E B1 D2 11 62 36
CTR[0002]: 82 D9 A4 4B DC C9 BB 68 A7 FE 15 A5 19 51 57 87
CTR[MIC ]: E9 61 5C CF BF D6 EF 8A 21 A7
Total packet length = 43. [Encrypted]
00 01 02 03 04 05 06 07 5D B0 8D 62 40 7E 6E 31
D6 0F 9C A2 C6 04 74 21 9A C0 BE 50 C0 D4 A5 77
87 94 D6 E2 30 CD 25 C9 FE BF 87
=============== Packet Vector #10 ==================
CAM Key: C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF
Nonce = 00 00 00 0C 0B 0A 09 A0 A1 A2 A3 A4 A5
Total packet length = 31. [Input (12 cleartext header octets)]
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E
CBC IV in: 61 00 00 00 0C 0B 0A 09 A0 A1 A2 A3 A4 A5 00 13
CBC IV out:B1 85 73 A3 1C 6F EC 01 90 E3 CE 94 27 11 04 B9
After xor: B1 89 73 A2 1E 6C E8 04 96 E4 C6 9D 2D 1A 04 B9 [hdr]
After CAM: A6 AD EA 9C FA 3F 76 78 4C 17 8A F3 DC 69 F0 82
After xor: AA A0 E4 93 EA 2E 64 6B 58 02 9C E4 C4 70 EA 99 [msg]
After CAM: 35 50 B7 27 78 F8 C6 BF 02 4B 65 60 05 C0 E1 ED
After xor: 29 4D A9 27 78 F8 C6 BF 02 4B 65 60 05 C0 E1 ED [msg]
After CAM: 3D B5 A6 E6 85 AF 1C 58 80 B0 32 2E 01 74 91 FC
MIC tag : 3D B5 A6 E6 85 AF 1C 58 80 B0
CTR Start: 01 00 00 00 0C 0B 0A 09 A0 A1 A2 A3 A4 A5 00 01
CTR[0001]: D7 1C 82 C1 D1 A9 64 0F 93 69 CE 81 22 7E CC E8
CTR[0002]: A7 A1 42 44 32 4E 69 FE 4C D0 36 65 A5 31 0B AB
CTR[MIC ]: ED 27 3F 0D 94 5C 0E AA B2 87
Total packet length = 41. [Encrypted]
00 01 02 03 04 05 06 07 08 09 0A 0B DB 11 8C CE
C1 B8 76 1C 87 7C D8 96 3A 67 D6 F3 BB BC 5C D0
92 99 EB 11 F3 12 F2 32 37
Kato, et al. Informational [Page 12]
RFC 5528 Camellia-CTR and Camellia-CCM algorithms April 2009
=============== Packet Vector #11 ==================
CAM Key: C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF
Nonce = 00 00 00 0D 0C 0B 0A A0 A1 A2 A3 A4 A5
Total packet length = 32. [Input (12 cleartext header octets)]
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F
CBC IV in: 61 00 00 00 0D 0C 0B 0A A0 A1 A2 A3 A4 A5 00 14
CBC IV out:45 DF B5 07 6F BB 10 EA F1 15 15 AD 21 4F B0 0E
After xor: 45 D3 B5 06 6D B8 14 EF F7 12 1D A4 2B 44 B0 0E [hdr]
After CAM: 17 52 F9 6D DD BC 5B 1C 1E EB 80 FC F6 10 AC 03
After xor: 1B 5F F7 62 CD AD 49 0F 0A FE 96 EB EE 09 B6 18 [msg]
After CAM: BE F0 A0 B9 EC 94 B6 B3 E8 EC 1B 82 14 14 09 87
After xor: A2 ED BE A6 EC 94 B6 B3 E8 EC 1B 82 14 14 09 87 [msg]
After CAM: 70 16 E4 F9 C4 2C 30 10 84 BF EC 69 34 89 91 FD
MIC tag : 70 16 E4 F9 C4 2C 30 10 84 BF
CTR Start: 01 00 00 00 0D 0C 0B 0A A0 A1 A2 A3 A4 A5 00 01
CTR[0001]: 70 C5 33 82 D4 80 11 41 4F 5D 2B D2 D2 67 B3 B0
CTR[0002]: 9D 36 6E 49 39 C5 16 76 5C 1C 25 12 81 79 94 70
CTR[MIC ]: 77 8B 4B 03 1E 3A FC DF A8 F1
Total packet length = 42. [Encrypted]
00 01 02 03 04 05 06 07 08 09 0A 0B 7C C8 3D 8D
C4 91 03 52 5B 48 3D C5 CA 7E A9 AB 81 2B 70 56
07 9D AF FA DA 16 CC CF 2C 4E
=============== Packet Vector #12 ==================
CAM Key: C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF
Nonce = 00 00 00 0E 0D 0C 0B A0 A1 A2 A3 A4 A5
Total packet length = 33. [Input (12 cleartext header octets)]
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F
20
CBC IV in: 61 00 00 00 0E 0D 0C 0B A0 A1 A2 A3 A4 A5 00 15
CBC IV out:81 E4 EB 1E 50 A9 70 CE 18 CA 1A 4B 68 39 80 2E
After xor: 81 E8 EB 1F 52 AA 74 CB 1E CD 12 42 62 32 80 2E [hdr]
After CAM: 04 AB D9 62 34 B9 8F 32 8C 0F 08 3F 3D 87 9D 57
After xor: 08 A6 D7 6D 24 A8 9D 21 98 1A 1E 28 25 9E 87 4C [msg]
After CAM: BD A2 EA CB 3A DA 6A E7 9F BB C2 2C E6 4C 98 89
After xor: A1 BF F4 D4 1A DA 6A E7 9F BB C2 2C E6 4C 98 89 [msg]
After CAM: B6 FC E1 46 D3 EA DC 91 E0 AB 10 AD D8 55 E7 03
MIC tag : B6 FC E1 46 D3 EA DC 91 E0 AB
CTR Start: 01 00 00 00 0E 0D 0C 0B A0 A1 A2 A3 A4 A5 00 01
CTR[0001]: 20 DE 55 87 30 C3 2C 69 B7 44 A6 FE 37 DE 89 7C
CTR[0002]: 3F 96 32 D8 68 6D C2 B5 22 97 42 27 EB F9 26 5E
CTR[MIC ]: 7D 45 AD 6F 94 93 E1 F5 4F DE
Total packet length = 43. [Encrypted]
00 01 02 03 04 05 06 07 08 09 0A 0B 2C D3 5B 88
20 D2 3E 7A A3 51 B0 E9 2F C7 93 67 23 8B 2C C7
48 CB B9 4C 29 47 79 3D 64 AF 75
Kato, et al. Informational [Page 13]
RFC 5528 Camellia-CTR and Camellia-CCM algorithms April 2009
=============== Packet Vector #13 ==================
CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD
Nonce = 00 A9 70 11 0E 19 27 B1 60 B6 A3 1C 1C
Total packet length = 31. [Input (8 cleartext header octets)]
6B 7F 46 45 07 FA E4 96 C6 B5 F3 E6 CA 23 11 AE
F7 47 2B 20 3E 73 5E A5 61 AD B1 7D 56 C5 A3
CBC IV in: 59 00 A9 70 11 0E 19 27 B1 60 B6 A3 1C 1C 00 17
CBC IV out:D7 24 B0 0F B1 87 04 C6 C1 4E 90 37 AA F2 F1 F9
After xor: D7 2C DB 70 F7 C2 03 3C 25 D8 90 37 AA F2 F1 F9 [hdr]
After CAM: 9B 13 6D E3 D9 9F C3 6D 7D 0D B7 D8 A1 BF E9 BD
After xor: 5D A6 9E 05 13 BC D2 C3 8A 4A 9C F8 9F CC B7 18 [msg]
After CAM: F8 BF 25 7D 23 F8 D9 B5 82 E6 C9 3E C8 9B 85 73
After xor: 99 12 94 00 75 3D 7A B5 82 E6 C9 3E C8 9B 85 73 [msg]
After CAM: D9 D6 62 21 6D B2 CA FD 1F C6 FE 9D 2C AF 5B 69
MIC tag : D9 D6 62 21 6D B2 CA FD
CTR Start: 01 00 A9 70 11 0E 19 27 B1 60 B6 A3 1C 1C 00 01
CTR[0001]: 62 80 24 C1 FE AE CC 8C 67 38 55 98 CB 8E E5 E8
CTR[0002]: F2 30 17 2F 1B 71 55 9F 8B CE 79 E5 13 01 FC 6A
CTR[MIC ]: 9C 8E A2 0C 48 03 ED 13
Total packet length = 39. [Encrypted]
6B 7F 46 45 07 FA E4 96 A4 35 D7 27 34 8D DD 22
90 7F 7E B8 F5 FD BB 4D 93 9D A6 52 4D B4 F6 45
58 C0 2D 25 B1 27 EE
=============== Packet Vector #14 ==================
CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD
Nonce = 00 83 CD 8C E0 CB 42 B1 60 B6 A3 1C 1C
Total packet length = 32. [Input (8 cleartext header octets)]
98 66 05 B4 3D F1 5D E7 01 F6 CE 67 64 C5 74 48
3B B0 2E 6B BF 1E 0A BD 26 A2 25 72 B4 D8 0E E7
CBC IV in: 59 00 83 CD 8C E0 CB 42 B1 60 B6 A3 1C 1C 00 18
CBC IV out:A0 8A 29 78 36 23 1D 84 96 76 93 FF 0A 4C 92 7A
After xor: A0 82 B1 1E 33 97 20 75 CB 91 93 FF 0A 4C 92 7A [hdr]
After CAM: 8C F5 F4 23 BF 09 1C 74 CD 47 00 C1 32 5D 5C 92
After xor: 8D 03 3A 44 DB CC 68 3C F6 F7 2E AA 8D 43 56 2F [msg]
After CAM: 69 DA 48 24 41 1E AC 8E A9 0A CD 8B DD 00 2B 9A
After xor: 4F 78 6D 56 F5 C6 A2 69 A9 0A CD 8B DD 00 2B 9A [msg]
After CAM: C2 03 3B 08 6D B3 CB 3B 2C C8 5D E7 76 A1 C0 44
MIC tag : C2 03 3B 08 6D B3 CB 3B
CTR Start: 01 00 83 CD 8C E0 CB 42 B1 60 B6 A3 1C 1C 00 01
CTR[0001]: 8B 16 9C 37 EB 7B BE DB 15 84 41 6E 5F C2 07 46
CTR[0002]: E9 31 BB DD 4E E6 56 9B 68 95 13 5F AB A4 DF EF
CTR[MIC ]: 44 7E 55 14 25 C3 F3 3D
Total packet length = 40. [Encrypted]
98 66 05 B4 3D F1 5D E7 8A E0 52 50 8F BE CA 93
2E 34 6F 05 E0 DC 0D FB CF 93 9E AF FA 3E 58 7C
86 7D 6E 1C 48 70 38 06
Kato, et al. Informational [Page 14]
RFC 5528 Camellia-CTR and Camellia-CCM algorithms April 2009
=============== Packet Vector #15 ==================
CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD
Nonce = 00 5F 54 95 0B 18 F2 B1 60 B6 A3 1C 1C
Total packet length = 33. [Input (8 cleartext header octets)]
48 F2 E7 E1 A7 67 1A 51 CD F1 D8 40 6F C2 E9 01
49 53 89 70 05 FB FB 8B A5 72 76 F9 24 04 60 8E
08
CBC IV in: 59 00 5F 54 95 0B 18 F2 B1 60 B6 A3 1C 1C 00 19
CBC IV out:76 74 53 37 95 23 3C F0 EB 77 CE 93 73 06 99 A8
After xor: 76 7C 1B C5 72 C2 9B 97 F1 26 CE 93 73 06 99 A8 [hdr]
After CAM: EF 79 8B 70 34 E4 D5 6B 57 3A F9 44 F0 AF D6 9A
After xor: 22 88 53 30 5B 26 3C 6A 1E 69 70 34 F5 54 2D 11 [msg]
After CAM: 63 BF 4E 10 01 79 38 0B E4 EC C1 39 B2 B4 3B 8C
After xor: C6 CD 38 E9 25 7D 58 85 EC EC C1 39 B2 B4 3B 8C [msg]
After CAM: 39 E1 0E FA BD 2F 43 00 50 9E E7 EB A4 FF 6B 8F
MIC tag : 39 E1 0E FA BD 2F 43 00
CTR Start: 01 00 5F 54 95 0B 18 F2 B1 60 B6 A3 1C 1C 00 01
CTR[0001]: C5 47 A6 A2 73 49 1B 6F 0E 6D C9 F5 9C 12 3B 08
CTR[0002]: C8 18 86 42 3C DB 35 C8 64 4D 8C 4C 58 01 47 27
CTR[MIC ]: 91 E9 76 5D 2D 68 2E E5
Total packet length = 41. [Encrypted]
48 F2 E7 E1 A7 67 1A 51 08 B6 7E E2 1C 8B F2 6E
47 3E 40 85 99 E9 C0 83 6D 6A F0 BB 18 DF 55 46
6C A8 08 78 A7 90 47 6D E5
=============== Packet Vector #16 ==================
CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD
Nonce = 00 EC 60 08 63 31 9A B1 60 B6 A3 1C 1C
Total packet length = 31. [Input (12 cleartext header octets)]
DE 97 DF 3B 8C BD 6D 8E 50 30 DA 4C B0 05 DC FA
0B 59 18 14 26 A9 61 68 5A 99 3D 8C 43 18 5B
CBC IV in: 59 00 EC 60 08 63 31 9A B1 60 B6 A3 1C 1C 00 13
CBC IV out:78 EE 05 5A 88 48 E3 5B 8A 45 46 8F 35 4F 0C A2
After xor: 78 E2 DB CD 57 73 6F E6 E7 CB 16 BF EF 03 0C A2 [hdr]
After CAM: A9 C6 7F 15 00 1A C6 92 81 67 BD EC DF D2 35 C9
After xor: 19 C3 A3 EF 0B 43 DE 86 A7 CE DC 84 85 4B 08 45 [msg]
After CAM: 7C A8 9C 90 46 42 4B E2 4D 96 DF CF BA 12 FD 18
After xor: 3F B0 C7 90 46 42 4B E2 4D 96 DF CF BA 12 FD 18 [msg]
After CAM: 89 C7 B4 E8 A4 24 8C 6C 52 ED 34 50 E3 53 AD F5
MIC tag : 89 C7 B4 E8 A4 24 8C 6C
CTR Start: 01 00 EC 60 08 63 31 9A B1 60 B6 A3 1C 1C 00 01
CTR[0001]: D3 B2 57 B3 6C E8 86 CF 91 9A AC 79 4E 6F 73 3E
CTR[0002]: 65 10 C8 72 39 AF 0F 52 9F D0 A4 DF 54 BF D6 EB
CTR[MIC ]: E1 04 E0 6A 29 B1 80 A9
Total packet length = 39. [Encrypted]
DE 97 DF 3B 8C BD 6D 8E 50 30 DA 4C 63 B7 8B 49
67 B1 9E DB B7 33 CD 11 14 F6 4E B2 26 08 93 68
C3 54 82 8D 95 0C C5
Kato, et al. Informational [Page 15]
RFC 5528 Camellia-CTR and Camellia-CCM algorithms April 2009
=============== Packet Vector #17 ==================
CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD
Nonce = 00 60 CF F1 A3 1E A1 B1 60 B6 A3 1C 1C
Total packet length = 32. [Input (12 cleartext header octets)]
A5 EE 93 E4 57 DF 05 46 6E 78 2D CF 2E 20 21 12
98 10 5F 12 9D 5E D9 5B 93 F7 2D 30 B2 FA CC D7
CBC IV in: 59 00 60 CF F1 A3 1E A1 B1 60 B6 A3 1C 1C 00 14
CBC IV out:C3 34 69 7D 11 38 73 06 BD 34 E2 10 1F 66 17 E8
After xor: C3 38 CC 93 82 DC 24 D9 B8 72 8C 68 32 A9 17 E8 [hdr]
After CAM: 43 6F 37 74 AB 94 3B 41 EA AD 00 CA C3 99 13 7B
After xor: 6D 4F 16 66 33 84 64 53 77 F3 D9 91 50 6E 3E 4B [msg]
After CAM: 2D 28 FB 62 DA 06 97 A7 4C D4 31 B8 B5 AE AE EE
After xor: 9F D2 37 B5 DA 06 97 A7 4C D4 31 B8 B5 AE AE EE [msg]
After CAM: F3 DE 10 CD 91 4D B1 B6 CC 37 F0 A2 4A 5A B7 A1
MIC tag : F3 DE 10 CD 91 4D B1 B6
CTR Start: 01 00 60 CF F1 A3 1E A1 B1 60 B6 A3 1C 1C 00 01
CTR[0001]: 25 E6 9A F0 30 A9 56 E6 FF C0 3F 87 87 7A 89 74
CTR[0002]: A2 1B 46 23 76 A2 1E DD F2 AC 4B EC 42 95 3D D3
CTR[MIC ]: C2 99 28 FF E7 BB DB 29
Total packet length = 40. [Encrypted]
A5 EE 93 E4 57 DF 05 46 6E 78 2D CF 0B C6 BB E2
A8 B9 09 F4 62 9E E6 DC 14 8D A4 44 10 E1 8A F4
31 47 38 32 76 F6 6A 9F
=============== Packet Vector #18 ==================
CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD
Nonce = 00 0F 85 CD 99 5C 97 B1 60 B6 A3 1C 1C
Total packet length = 33. [Input (12 cleartext header octets)]
24 AA 1B F9 A5 CD 87 61 82 A2 50 74 26 45 94 1E
75 63 2D 34 91 AF 0F C0 C9 87 6C 3B E4 AA 74 68
C9
CBC IV in: 59 00 0F 85 CD 99 5C 97 B1 60 B6 A3 1C 1C 00 15
CBC IV out:72 0A 46 75 0F 40 59 53 F2 3B D2 1F 6A 11 60 F6
After xor: 72 06 62 DF 14 B9 FC 9E 75 5A 50 BD 3A 65 60 F6 [hdr]
After CAM: 67 73 A0 FD D5 7E D3 5E E8 24 06 D0 A1 8B 0E 18
After xor: 41 36 34 E3 A0 1D FE 6A 79 8B 09 10 68 0C 62 23 [msg]
After CAM: BB 1E D8 9F 60 29 D0 99 09 14 06 A5 E3 8B 72 7B
After xor: 5F B4 AC F7 A9 29 D0 99 09 14 06 A5 E3 8B 72 7B [msg]
After CAM: 3E 4F 40 73 D1 31 E9 B8 02 C8 99 BC FD AC 19 4B
MIC tag : 3E 4F 40 73 D1 31 E9 B8
CTR Start: 01 00 0F 85 CD 99 5C 97 B1 60 B6 A3 1C 1C 00 01
CTR[0001]: 04 6F 42 2C 8F 52 FB 9B 06 A3 3B 9F B7 F0 A6 00
CTR[0002]: 34 76 51 DB 89 10 FB E6 73 E8 56 6E DB 66 47 5D
CTR[MIC ]: 9F EC 93 6C 5C 7A AD 0F
Total packet length = 41. [Encrypted]
24 AA 1B F9 A5 CD 87 61 82 A2 50 74 22 2A D6 32
FA 31 D6 AF 97 0C 34 5F 7E 77 CA 3B D0 DC 25 B3
40 A1 A3 D3 1F 8D 4B 44 B7
Kato, et al. Informational [Page 16]
RFC 5528 Camellia-CTR and Camellia-CCM algorithms April 2009
=============== Packet Vector #19 ==================
CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD
Nonce = 00 C2 9B 2C AA C4 CD B1 60 B6 A3 1C 1C
Total packet length = 31. [Input (8 cleartext header octets)]
69 19 46 B9 CA 07 BE 87 07 01 35 A6 43 7C 9D B1
20 CD 61 D8 F6 C3 9C 3E A1 25 FD 95 A0 D2 3D
CBC IV in: 61 00 C2 9B 2C AA C4 CD B1 60 B6 A3 1C 1C 00 17
CBC IV out:74 AD F8 04 05 2A 48 E7 46 97 38 D5 BA A1 27 79
After xor: 74 A5 91 1D 43 93 82 E0 F8 10 38 D5 BA A1 27 79 [hdr]
After CAM: BD C3 B1 41 1C 64 C8 B3 A9 DC 6A 94 78 97 88 E2
After xor: BA C2 84 E7 5F 18 55 02 89 11 0B 4C 8E 54 14 DC [msg]
After CAM: 7D 6C 8A BF AD 68 48 D8 C5 FB CD 1E AF F2 44 99
After xor: DC 49 77 2A 0D BA 75 D8 C5 FB CD 1E AF F2 44 99 [msg]
After CAM: 19 99 AB 92 5E 30 46 96 3D EF FB 1B 4C 87 F7 76
MIC tag : 19 99 AB 92 5E 30 46 96 3D EF
CTR Start: 01 00 C2 9B 2C AA C4 CD B1 60 B6 A3 1C 1C 00 01
CTR[0001]: 02 B9 D4 1F 87 E0 60 E7 EF DE 6B 7E D3 DE 5E D2
CTR[0002]: 61 49 31 C5 2F 34 AA 47 A3 E4 D3 2C 0B 36 41 C6
CTR[MIC ]: B9 9F C6 C5 96 7B AA 8E 1A 87
Total packet length = 41. [Encrypted]
69 19 46 B9 CA 07 BE 87 05 B8 E1 B9 C4 9C FD 56
CF 13 0A A6 25 1D C2 EC C0 6C CC 50 8F E6 97 A0
06 6D 57 C8 4B EC 18 27 68
=============== Packet Vector #20 ==================
CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD
Nonce = 00 2C 6B 75 95 EE 62 B1 60 B6 A3 1C 1C
Total packet length = 32. [Input (8 cleartext header octets)]
D0 C5 4E CB 84 62 7D C4 C8 C0 88 0E 6C 63 6E 20
09 3D D6 59 42 17 D2 E1 88 77 DB 26 4E 71 A5 CC
CBC IV in: 61 00 2C 6B 75 95 EE 62 B1 60 B6 A3 1C 1C 00 18
CBC IV out:35 A9 48 70 F9 B0 C7 85 FB 32 1A D1 3C 8C A4 9A
After xor: 35 A1 98 B5 B7 7B 43 E7 86 F6 1A D1 3C 8C A4 9A [hdr]
After CAM: 0A 3C E3 0F AC 09 DC 5C 00 10 5C 69 AC 19 F7 19
After xor: C2 FC 6B 01 C0 6A B2 7C 09 2D 8A 30 EE 0E 25 F8 [msg]
After CAM: 61 CD 80 D0 72 E6 84 E1 BF E1 4A 00 27 2A 4D 96
After xor: E9 BA 5B F6 3C 97 21 2D BF E1 4A 00 27 2A 4D 96 [msg]
After CAM: E5 F9 F2 AB 47 FD 7B 8D 6F 72 F4 72 74 D7 69 BB
MIC tag : E5 F9 F2 AB 47 FD 7B 8D 6F 72
CTR Start: 01 00 2C 6B 75 95 EE 62 B1 60 B6 A3 1C 1C 00 01
CTR[0001]: 9C 0E 31 66 B2 81 58 31 5E 63 16 5A 9D BD CE 35
CTR[0002]: 00 3E 66 D3 E0 5F 7E A7 EF C8 9A 5F DD 39 E3 54
CTR[MIC ]: 9A 5E 87 1A 17 10 38 0E AA DB
Total packet length = 42. [Encrypted]
D0 C5 4E CB 84 62 7D C4 54 CE B9 68 DE E2 36 11
57 5E C0 03 DF AA 1C D4 88 49 BD F5 AE 2E DB 6B
7F A7 75 B1 50 ED 43 83 C5 A9
Kato, et al. Informational [Page 17]
RFC 5528 Camellia-CTR and Camellia-CCM algorithms April 2009
=============== Packet Vector #21 ==================
CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD
Nonce = 00 C5 3C D4 C2 AA 24 B1 60 B6 A3 1C 1C
Total packet length = 33. [Input (8 cleartext header octets)]
E2 85 E0 E4 80 8C DA 3D F7 5D AA 07 10 C4 E6 42
97 79 4D C2 B7 D2 A2 07 57 B1 AA 4E 44 80 02 FF
AB
CBC IV in: 61 00 C5 3C D4 C2 AA 24 B1 60 B6 A3 1C 1C 00 19
CBC IV out:2A 3C 23 B2 43 F5 1C 35 F7 79 5A CB 3B 20 21 2F
After xor: 2A 34 C1 37 A3 11 9C B9 2D 44 5A CB 3B 20 21 2F [hdr]
After CAM: A1 7E AD 4C EE AB 51 21 1D 2A 32 F2 D4 45 A6 D6
After xor: 56 23 07 4B FE 6F B7 63 8A 53 7F 30 63 97 04 D1 [msg]
After CAM: A9 A1 32 55 8F C6 9B 98 A9 CC 23 96 FE CA 84 EB
After xor: FE 10 98 1B CB 46 99 67 02 CC 23 96 FE CA 84 EB [msg]
After CAM: 6A 5E 04 42 D1 A5 7E 17 9A 6C 8B 56 F7 19 80 C5
MIC tag : 6A 5E 04 42 D1 A5 7E 17 9A 6C
CTR Start: 01 00 C5 3C D4 C2 AA 24 B1 60 B6 A3 1C 1C 00 01
CTR[0001]: 46 1D EF 41 AF A2 94 52 5D 51 AE CB 04 49 74 CD
CTR[0002]: 29 2E 62 66 1B 66 9A 2B 97 72 6B 77 32 A8 DC 35
CTR[MIC ]: B8 54 06 A2 6C 6F 93 37 8A BF
Total packet length = 43. [Encrypted]
E2 85 E0 E4 80 8C DA 3D B1 40 45 46 BF 66 72 10
CA 28 E3 09 B3 9B D6 CA 7E 9F C8 28 5F E6 98 D4
3C D2 0A 02 E0 BD CA ED 20 10 D3
=============== Packet Vector #22 ==================
CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD
Nonce = 00 BE E9 26 7F BA DC B1 60 B6 A3 1C 1C
Total packet length = 31. [Input (12 cleartext header octets)]
6C AE F9 94 11 41 57 0D 7C 81 34 05 C2 38 82 2F
AC 5F 98 FF 92 94 05 B0 AD 12 7A 4E 41 85 4E
CBC IV in: 61 00 BE E9 26 7F BA DC B1 60 B6 A3 1C 1C 00 13
CBC IV out:20 60 6A D1 E1 A0 84 52 2F A3 8B F4 88 1D D6 8B
After xor: 20 6C 06 7F 18 34 95 13 78 AE F7 75 BC 18 D6 8B [hdr]
After CAM: 71 FD FF E7 D9 C8 95 75 D3 EC 0B 7E 7B 8B BE E7
After xor: B3 C5 7D C8 75 97 0D 8A 41 78 0E CE D6 99 C4 A9 [msg]
After CAM: CA AD 93 9C 59 BA 40 AA 1A 0B 88 1B EE 3D 3C 65
After xor: 8B 28 DD 9C 59 BA 40 AA 1A 0B 88 1B EE 3D 3C 65 [msg]
After CAM: DC 48 8F AA 9C 75 E7 03 17 56 C2 C7 48 48 8D 1B
MIC tag : DC 48 8F AA 9C 75 E7 03 17 56
CTR Start: 01 00 BE E9 26 7F BA DC B1 60 B6 A3 1C 1C 00 01
CTR[0001]: 56 F0 17 B3 BD 09 02 D6 EA A5 A2 91 AD 4A 2D E5
CTR[0002]: 20 3D 34 21 EF 5B F8 FC 7B 21 5C 76 7B A5 21 A6
CTR[MIC ]: F1 A2 86 9C 2A 9E B8 61 48 0B
Total packet length = 41. [Encrypted]
6C AE F9 94 11 41 57 0D 7C 81 34 05 94 C8 95 9C
11 56 9A 29 78 31 A7 21 00 58 57 AB 61 B8 7A 2D
EA 09 36 B6 EB 5F 62 5F 5D
Kato, et al. Informational [Page 18]
RFC 5528 Camellia-CTR and Camellia-CCM algorithms April 2009
=============== Packet Vector #23 ==================
CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD
Nonce = 00 DF A8 B1 24 50 07 B1 60 B6 A3 1C 1C
Total packet length = 32. [Input (12 cleartext header octets)]
36 A5 2C F1 6B 19 A2 03 7A B7 01 1E 4D BF 3E 77
4A D2 45 E5 D5 89 1F 9D 1C 32 A0 AE 02 2C 85 D7
CBC IV in: 61 00 DF A8 B1 24 50 07 B1 60 B6 A3 1C 1C 00 14
CBC IV out:78 FD B6 AF 61 9E 1C 8D 82 41 17 A8 73 60 1B 70
After xor: 78 F1 80 0A 4D 6F 77 94 20 42 6D 1F 72 7E 1B 70 [hdr]
After CAM: 62 2E 28 65 92 43 DB 82 88 79 09 1E A7 24 54 67
After xor: 2F 91 16 12 D8 91 9E 67 5D F0 16 83 BB 16 F4 C9 [msg]
After CAM: 95 0E 52 08 FF 16 70 8C 1E D9 BB 06 3E 1E 41 CF
After xor: 97 22 D7 DF FF 16 70 8C 1E D9 BB 06 3E 1E 41 CF [msg]
After CAM: BA CD 51 FC 77 F4 02 8D 47 D5 7D 54 7D 46 33 4B
MIC tag : BA CD 51 FC 77 F4 02 8D 47 D5
CTR Start: 01 00 DF A8 B1 24 50 07 B1 60 B6 A3 1C 1C 00 01
CTR[0001]: 15 D6 DD DD 98 96 39 91 35 75 1A 64 B8 D8 D4 F9
CTR[0002]: 7D 61 6D 1D EB 92 00 2B 6F FA AB 53 BC AF 69 89
CTR[MIC ]: 33 E9 27 BE E1 59 06 9C DB 32
Total packet length = 42. [Encrypted]
36 A5 2C F1 6B 19 A2 03 7A B7 01 1E 58 69 E3 AA
D2 44 7C 74 E0 FC 05 F9 A4 EA 74 57 7F 4D E8 CA
89 24 76 42 96 AD 04 11 9C E7
=============== Packet Vector #24 ==================
CAM Key: D7 5C 27 78 07 8C A9 3D 97 1F 96 FD E7 20 F4 CD
Nonce = 00 3B 8F D8 D3 A9 37 B1 60 B6 A3 1C 1C
Total packet length = 33. [Input (12 cleartext header octets)]
A4 D4 99 F7 84 19 72 8C 19 17 8B 0C 9D C9 ED AE
2F F5 DF 86 36 E8 C6 DE 0E ED 55 F7 86 7E 33 33
7D
CBC IV in: 61 00 3B 8F D8 D3 A9 37 B1 60 B6 A3 1C 1C 00 15
CBC IV out:84 E6 CF DD 6A 37 68 5D E6 71 AD 54 B3 BE FE B9
After xor: 84 EA 6B 09 F3 C0 EC 44 94 FD B4 43 38 B2 FE B9 [hdr]
After CAM: C5 0F A0 62 20 18 F1 21 0E BC 3D 2E 47 B7 B8 C3
After xor: 58 C6 4D CC 0F ED 2E A7 38 54 FB F0 49 5A ED 34 [msg]
After CAM: C4 6F 6D C3 17 3C 2A 7A 81 FC 2D DA 7F B7 C6 60
After xor: 42 11 5E F0 6A 3C 2A 7A 81 FC 2D DA 7F B7 C6 60 [msg]
After CAM: DF AB 2E 76 B0 67 50 B3 7C DD 9A AC F3 79 17 71
MIC tag : DF AB 2E 76 B0 67 50 B3 7C DD
CTR Start: 01 00 3B 8F D8 D3 A9 37 B1 60 B6 A3 1C 1C 00 01
CTR[0001]: D6 D0 6C F8 16 CE D0 F1 A0 E0 AC 71 BA B9 AD 34
CTR[0002]: 76 4A FF 9A 1B F8 55 1F 68 54 39 0A EE 37 24 28
CTR[MIC ]: 4B F4 31 B8 17 86 4B 5D 16 F2
Total packet length = 43. [Encrypted]
A4 D4 99 F7 84 19 72 8C 19 17 8B 0C 4B 19 81 56
39 3B 0F 77 96 08 6A AF B4 54 F8 C3 F0 34 CC A9
66 94 5F 1F CE A7 E1 1B EE 6A 2F
Kato, et al. Informational [Page 19]
RFC 5528 Camellia-CTR and Camellia-CCM algorithms April 2009
5. Security Considerations
Camellia-CTR and Camellia-CCM employ CTR mode for confidentiality.
For the security of CTR mode, refer to the Security Considerations of
[16].
6. Acknowledgments
Thanks to Rui Hodai for comments and suggestions. Special thanks to
Alfred Hoenes for several very detailed reviews and suggestions.
7. References
7.1. Normative References
[1] Matsui, M., Nakajima, J., and S. Moriai, "A Description of the
Camellia Encryption Algorithm", RFC 3713, April 2004.
[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[3] Dworkin, M., "Recommendation for Block Cipher Modes of
Operation - Methods and Techniques", NIST Special
Publication 800-38A, December 2001, <http://csrc.nist.gov/
publications/nistpubs/800-38a/sp800-38a.pdf>.
[4] National Institute of Standards and Technology, "Recommendation
for Block Cipher Modes Operation : The CCM Mode for
Authentication and Confidentiality", May 2004, <http://
csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf>.
7.2. Informative References
[5] National Institute of Standards and Technology, "Advanced
Encryption Standard (AES)", FIPS PUB 197, November 2001,
<http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf>.
[6] Kato, A., Moriai, S., and M. Kanda, "The Camellia Cipher
Algorithm and Its Use With IPsec", RFC 4312, December 2005.
[7] Moriai, S., Kato, A., and M. Kanda, "Addition of Camellia
Cipher Suites to Transport Layer Security (TLS)", RFC 4132,
July 2005.
[8] Moriai, S. and A. Kato, "Use of the Camellia Encryption
Algorithm in Cryptographic Message Syntax (CMS)", RFC 3657,
January 2004.
Kato, et al. Informational [Page 20]
RFC 5528 Camellia-CTR and Camellia-CCM algorithms April 2009
[9] Eastlake, D., "Additional XML Security Uniform Resource
Identifiers (URIs)", RFC 4051, April 2005.
[10] International Organization for Standardization, "Information
technology - Security techniques - Encryption algorithms - Part
3: Block ciphers", ISO/IEC 18033-3, July 2005.
[11] "The NESSIE project (New European Schemes for Signatures,
Integrity and Encryption)",
<http://www.cosic.esat.kuleuven.be/nessie/>.
[12] Information-technology Promotion Agency (IPA), "Cryptography
Research and Evaluation Committees",
<http://www.ipa.go.jp/security/enc/CRYPTREC/index-e.html>.
[13] "Camellia open source software",
<http://info.isl.ntt.co.jp/crypt/eng/camellia/source.html>.
[14] "Camellia web site", <http://info.isl.ntt.co.jp/camellia/>.
[15] Whiting, D., Housley, R., and N. Ferguson, "Counter with CBC-
MAC (CCM)", RFC 3610, September 2003.
[16] Housley, R., "Using Advanced Encryption Standard (AES) Counter
Mode With IPsec Encapsulating Security Payload (ESP)",
RFC 3686, January 2004.
Kato, et al. Informational [Page 21]
RFC 5528 Camellia-CTR and Camellia-CCM algorithms April 2009
Authors' Addresses
Akihiro Kato
NTT Software Corporation
Phone: +81-45-212-7577
Fax: +81-45-212-9800
EMail: akato@po.ntts.co.jp
Masayuki Kanda
NTT
Phone: +81-422-59-3456
Fax: +81-422-59-4015
EMail: kanda.masayuki@lab.ntt.co.jp
Satoru Kanno
NTT Software Corporation
Phone: +81-45-212-7577
Fax: +81-45-212-9800
EMail: kanno-s@po.ntts.co.jp
Kato, et al. Informational [Page 22]