Additional Cryptographic Algorithms For Use With TCP-AO
draft-ietf-tcpm-tcp-ao-algs-04
| Document | Type | Active Internet-Draft (tcpm WG) | |
|---|---|---|---|
| Authors | Ron Bonica , Tony Li | ||
| Last updated | 2026-06-02 | ||
| Replaces | draft-bonica-tcpm-tcp-ao-algs | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | WG Document | |
| Document shepherd | (None) | ||
| IESG | IESG state | I-D Exists | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-ietf-tcpm-tcp-ao-algs-04
TCPM Working Group R. Bonica
Internet-Draft T. Li
Intended status: Standards Track HPE
Expires: 4 December 2026 2 June 2026
Additional Cryptographic Algorithms For Use With TCP-AO
draft-ietf-tcpm-tcp-ao-algs-04
Abstract
RFC5926 creates a list of cryptographic algorithms that can be used
with TCP-AO. This document expands that list, adding two Message
Authentication Code (MAC) algorithms, HMAC-SHA256-128 and
KMAC256-128. For each MAC algorithm, a corresponding Key Derivation
Function (KDF) is also added.
The MAC algorithms described by this document produce 128-bit (i.e.,
16-byte) MACs. When 16-byte MACs are encoded in TCP-AO, the TCP-AO
consumes 20 bytes. This does not challenge TCP's 40-byte option size
limitation.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 4 December 2026.
Copyright Notice
Copyright (c) 2026 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
Bonica & Li Expires 4 December 2026 [Page 1]
Internet-Draft tcp-ao-algs June 2026
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3
3. Algorithm Classes . . . . . . . . . . . . . . . . . . . . . . 3
3.1. Key Derivation Functions (KDFs) . . . . . . . . . . . . . 3
3.1.1. HKDF-SHA256 . . . . . . . . . . . . . . . . . . . . . 4
3.1.2. KMAC256-KDF . . . . . . . . . . . . . . . . . . . . . 5
3.2. MAC Algorithms . . . . . . . . . . . . . . . . . . . . . 5
3.2.1. The Use of HMAC-SHA256-128 . . . . . . . . . . . . . 6
3.2.2. The Use of KMAC256-128 . . . . . . . . . . . . . . . 6
4. Security Considerations . . . . . . . . . . . . . . . . . . . 7
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7
7. Normative References . . . . . . . . . . . . . . . . . . . . 8
Appendix A. Test Vectors . . . . . . . . . . . . . . . . . . . . 9
A.1. Input Test Vectors . . . . . . . . . . . . . . . . . . . 9
A.2. IPv4 HMAC-SHA256-128 Output Test Vectors . . . . . . . . 9
A.2.1. HMAC-SHA256-128 (Default - Covers TCP Options) . . . 9
A.2.2. HMAC-SHA256-128 (Omits TCP Options) . . . . . . . . . 11
A.3. IPv4 KMAC256-128 Output Test Vectors . . . . . . . . . . 14
A.3.1. KMAC256-128 (Default - Covers TCP Options) . . . . . 14
A.3.2. KMAC256-128 (Omits TCP Options) . . . . . . . . . . . 16
A.4. IPv6 HMAC-SHA256-128 Output Test Vectors . . . . . . . . 18
A.4.1. HMAC-SHA256-128 (Default - Covers TCP Options) . . . 18
A.4.2. HMAC-SHA256-128 (Omits TCP Options) . . . . . . . . . 20
A.5. IPv6 KMAC256-128 Output Test Vectors . . . . . . . . . . 22
A.5.1. KMAC256-128 (Default - Covers TCP Options) . . . . . 22
A.5.2. KMAC256-128 (Omits TCP Options) . . . . . . . . . . . 24
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 26
1. Introduction
[RFC5926] creates a list of cryptographic algorithms that can be used
with TCP-AO [RFC5925]. This document expands that list, adding two
Message Authentication Code (MAC) algorithms, HMAC-SHA256-128 and
KMAC256-128. For each MAC algorithm, a corresponding Key Derivation
Function (KDF) is also added.
The MAC algorithms described by this document produce 128-bit (i.e.,
16-byte) MACs. When 16-byte MACs are encoded in TCP-AO, the TCP-AO
consumes 20 bytes. This does not challenge TCP's [RFC9293] 40-byte
option size limitation.
Bonica & Li Expires 4 December 2026 [Page 2]
Internet-Draft tcp-ao-algs June 2026
2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
3. Algorithm Classes
[RFC5925] requires the following cryptographic algorithm classes:
* Key Derivation Functions (KDFs)
* MAC Algorithms
Section 3.1 of this document addresses KDFs while Section 3.2
addresses MAC algorithms.
3.1. Key Derivation Functions (KDFs)
A KDF converts Input Keying Material (IKM) into cryptographically
secure Output Keying Material (OKM). In the case of TCP-AO, a KDF
converts an administratively assigned Master_Key into a Traffic_Key.
KDFs have the following interface:
* Traffic_Key = KDF_alg(Master_Key, Context, Output_Length)
where:
* KDF_alg is the KDF algorithm being used.
* Master_Key is a variable length pre-shared key (PSK).
* Context is binary string containing information related to the TCP
connection, as defined in [RFC5925], Section 5.2.
* Output_Length is the desired length of the Traffic_Key. In this
document, the Output_Length is always equal to 256 bits.
This document defines two KDFs:
* HKDF-SHA256
* KMAC256-KDF
Bonica & Li Expires 4 December 2026 [Page 3]
Internet-Draft tcp-ao-algs June 2026
Section 3.1.1 of this document describes HKDF-SHA256 while
Section 3.1.2 describes KMAC256-KDF.
3.1.1. HKDF-SHA256
HKDF-SHA256 is as described in [RFC5869]. HKDF-SHA256 executes in
the following stages:
* Extract
* Expand
The interface to the Extract stage is:
* PRK = HKDF-Extract(salt, IKM)
where:
* PRK is a Pseudo-random key, to be used in the Expand stage.
* salt is an all-zero byte string whose length equals 32 bytes.
* IKM is the Master_Key argument provided to the KDF interface.
According to [RFC5869], the goal of the extract stage is to
concentrate the possibly dispersed entropy of the input keying
material into a short, but cryptographically strong pseudorandom key.
Implementations MUST execute the extract stage.
The interface to the Expand stage is:
* OKM = HKDF-Expand(PRK, info, L)
where:
* OKM is the Traffic_Key.
* PRK is the value produced by the Extract stage.
* info is the Context argument provided to the KDF interface.
* L is equal to 32 bytes.
The expand stage expands the pseudorandom key to the desired length.
The output key length depend on the specific cryptographic algorithms
for which the keys are needed. Implementations MUST execute the
expand stage.
Bonica & Li Expires 4 December 2026 [Page 4]
Internet-Draft tcp-ao-algs June 2026
3.1.2. KMAC256-KDF
KMAC256-KDF is as described in [DOI.10.6028_NIST.SP.800-185] and
[DOI.10.6028_NIST.SP.800-56Cr2]. So, the interface to KMAC256-KDF as
described in [DOI.10.6028_NIST.SP.800-56Cr2]:
* OKM = KMAC256(Z, salt, x, H_outputBits, S)
where:
* Z is is the Master_Key argument provided to the KDF interface.
* salt is an all-zero byte string whose length equals 132 bytes.
* x is the Context argument provided to the KDF interface.
* H_outputBits is equal to 256 bits.
* S is the byte string 01001011 || 01000100 || 01000110, which
represents the sequence of characters "K", "D," and "F" in 8-bit
ASCII.
3.2. MAC Algorithms
Each MAC algorithm defined for TCP-AO has the following fixed
elements as part of its definition:
* KDF_Alg is the name of the KDF algorithm used to generate the
Traffic_Key.
* Key_Length is the length of the Traffic_Key used in this MAC,
measured in bits. In this document, the Key_Length is always 256
bits.
* MAC_Length is the desired length of the MAC to be produced by the
algorithm. In this document, the MAC_Length is always 128 bits.
MACs computed for TCP-AO have the following interface:
* MAC = MAC_alg(Traffic_Key, Message)
where:
* MAC is the value to be encoded in TCP-AO.
* MAC_alg is MAC Algorithm used.
* Traffic_Key is the result of KDF.
Bonica & Li Expires 4 December 2026 [Page 5]
Internet-Draft tcp-ao-algs June 2026
* Message is the message to be authenticated, as specified in
[RFC5925], Section 5.1.
3.2.1. The Use of HMAC-SHA256-128
The three fixed elements for HMAC-SHA256-128 are:
* KDF_Alg: HKDF-SHA256.
* Key_Length: 256 bits.
* MAC_Length: 128 bits.
For:
* MAC = MAC_alg (Traffic_Key, Message)
HMAC-SHA256-128 for TCP-AO has the following values:
* MAC is the value to be encoded in TCP-AO.
* MAC_alg is HMAC-SHA256.
* Traffic_Key is the result of the KDF.
* Message is the message to be authenticated, as specified in
[RFC5925], Section 5.1.
3.2.2. The Use of KMAC256-128
The three fixed elements for KMAC256-128 are:
* KDF_Alg: KMAC256-KDF
* Key_Length: 256 bits.
* MAC_Length: 128 bits.
For:
* MAC = MAC_alg (Traffic_Key, Message)
KMAC256-128 for TCP-AO has the following values:
* MAC is the value to be encoded in TCP-AO.
* MAC_alg is KMAC256.
Bonica & Li Expires 4 December 2026 [Page 6]
Internet-Draft tcp-ao-algs June 2026
* Traffic_Key is the result of the KDF.
* Message is the message to be authenticated, as specified in
[RFC5925], Section 5.1.
4. Security Considerations
This document inherits all of the security considerations of
[RFC5869], [RFC5925], [RFC8702], and [RFC9688].
The security of cryptography-based systems depends on both the
strength of the cryptographic algorithms chosen and the strength of
the keys used with those algorithms. The security also depends on
the engineering of the protocol used by the system to ensure that
there are no non-cryptographic ways to bypass the security of the
overall system.
Master_Keys SHOULD have at least 256 bits of entropy. This document
RECOMMENDS that operators use Master_Keys generated by a
cryptographic random number generator, or similar. However, it is
understood that they may not do so.
TCP-AO Master Key Tuples MUST be rotated at a rate commensurate with
the strength of the cryptographic algorithms.
5. IANA Considerations
IANA is requested to add the following entries to the "Cryptographic
Algorithms for TCP-AO Registration"
(https://www.iana.org/assignments/tcp-parameters/tcp-
parameters.xhtml#tcp-parameters-3).
+=================+===============+
| Algorithm | Reference |
+=================+===============+
| HMAC-SHA256-128 | This Document |
+-----------------+---------------+
| KMAC256-128 | This Document |
+-----------------+---------------+
Table 1: IANA Actions
6. Acknowledgements
Thanks to Eric Biggers, Lars Eggert, Gorry Fairhurst, C.M. Heard,
Russ Housley, John Mattsson, Yoshifumi Nishida, Joe Touch, Michael
Tuxen, and Magnus Westerlund for their review and comments.
Bonica & Li Expires 4 December 2026 [Page 7]
Internet-Draft tcp-ao-algs June 2026
7. Normative References
[DOI.10.6028_NIST.SP.800-185]
Kelsey, J., Change, S., and R. Perlner, "SHA-3 derived
functions: cSHAKE, KMAC, TupleHash and ParallelHash",
National Institute of Standards and Technology,
DOI 10.6028/nist.sp.800-185, December 2016,
<https://doi.org/10.6028/nist.sp.800-185>.
[DOI.10.6028_NIST.SP.800-56Cr2]
Barker, E., Chen, L., and R. Davis, "Recommendation for
Key-Derivation Methods in Key-Establishment Schemes",
National Institute of Standards and Technology,
DOI 10.6028/nist.sp.800-56cr2, August 2020,
<https://doi.org/10.6028/nist.sp.800-56cr2>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/rfc/rfc2119>.
[RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
Key Derivation Function (HKDF)", RFC 5869,
DOI 10.17487/RFC5869, May 2010,
<https://www.rfc-editor.org/rfc/rfc5869>.
[RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP
Authentication Option", RFC 5925, DOI 10.17487/RFC5925,
June 2010, <https://www.rfc-editor.org/rfc/rfc5925>.
[RFC5926] Lebovitz, G. and E. Rescorla, "Cryptographic Algorithms
for the TCP Authentication Option (TCP-AO)", RFC 5926,
DOI 10.17487/RFC5926, June 2010,
<https://www.rfc-editor.org/rfc/rfc5926>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.
[RFC8702] Kampanakis, P. and Q. Dang, "Use of the SHAKE One-Way Hash
Functions in the Cryptographic Message Syntax (CMS)",
RFC 8702, DOI 10.17487/RFC8702, January 2020,
<https://www.rfc-editor.org/rfc/rfc8702>.
[RFC9235] Touch, J. and J. Kuusisaari, "TCP Authentication Option
(TCP-AO) Test Vectors", RFC 9235, DOI 10.17487/RFC9235,
May 2022, <https://www.rfc-editor.org/rfc/rfc9235>.
Bonica & Li Expires 4 December 2026 [Page 8]
Internet-Draft tcp-ao-algs June 2026
[RFC9293] Eddy, W., Ed., "Transmission Control Protocol (TCP)",
STD 7, RFC 9293, DOI 10.17487/RFC9293, August 2022,
<https://www.rfc-editor.org/rfc/rfc9293>.
[RFC9688] Housley, R., "Use of the SHA3 One-Way Hash Functions in
the Cryptographic Message Syntax (CMS)", RFC 9688,
DOI 10.17487/RFC9688, November 2024,
<https://www.rfc-editor.org/rfc/rfc9688>.
Appendix A. Test Vectors
This appendix provides test vectors to validate the correct
implementation of TCP-AO and the cryptographic algorithms defined in
this document. It includes the specification of all endpoint
parameters to generate the variety of TCP segments covered by
different keys and MAC coverage, i.e., both the default case and the
variant where TCP options are ignored for middlebox traversal.
A.1. Input Test Vectors
Input test vectors are as described in Section 3 of [RFC9235].
A.2. IPv4 HMAC-SHA256-128 Output Test Vectors
In the following sections, all values are indicated as 2-digit
hexadecimal values with spacing per line representing the contents of
16 consecutive bytes, as is typical for data dumps. The IP/TCP data
indicates the entire IP packet, including the TCP segment and its
options (whether covered by TCP-AO or not, as indicated), including
TCP-AO.
A.2.1. HMAC-SHA256-128 (Default - Covers TCP Options)
A.2.1.1. Send (Client) SYN (Covers Options)
Bonica & Li Expires 4 December 2026 [Page 9]
Internet-Draft tcp-ao-algs June 2026
Client ISN = 0xfbfbab5a
Send_SYN_traffic_key:
TBD
IPv4/TCP:
45 e0 00 4c dd 0f 40 00 ff 06 bf 6b 0a 0b 0c 0d
ac 1b 1c 1d e9 d7 00 b3 fb fb ab 5a 00 00 00 00
e0 02 ff ff ca c4 00 00 02 04 05 b4 01 03 03 08
04 02 08 0a 00 15 5a b7 00 00 00 00 1d 10 3d 54
2e e4 37 c6 f8 ed e6 d7 c4 d6 02 e7
MAC:
TBD
A.2.1.2. Receive (Server) SYN-ACK (Covers Options)
Server ISN = 0x11c14261
Receive_SYN_traffic_key:
TBD
IPv4/TCP:
45 e0 00 4c 65 06 40 00 ff 06 37 75 ac 1b 1c 1d
0a 0b 0c 0d 00 b3 e9 d7 11 c1 42 61 fb fb ab 5b
e0 12 ff ff 37 76 00 00 02 04 05 b4 01 03 03 08
04 02 08 0a 84 a5 0b eb 00 15 5a b7 1d 10 54 3d
ee ab 0f e2 4c 30 10 81 51 16 b3 be
MAC:
TBD
A.2.1.3. Send (Client) Non-SYN (Covers Options)
Bonica & Li Expires 4 December 2026 [Page 10]
Internet-Draft tcp-ao-algs June 2026
Send_other_traffic_key:
TBD
IPv4/TCP:
45 e0 00 87 36 a1 40 00 ff 06 65 9f 0a 0b 0c 0d
ac 1b 1c 1d e9 d7 00 b3 fb fb ab 5b 11 c1 42 62
c0 18 01 04 a1 62 00 00 01 01 08 0a 00 15 5a c1
84 a5 0b eb 1d 10 3d 54 70 64 cf 99 8c c6 c3 15
c2 c2 e2 bf ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff 00 43 01 04 da bf 00 b4 0a 0b 0c 0d
26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02
00 02 02 42 00 02 06 41 04 00 00 da bf 02 08 40
06 00 64 00 01 01 00
MAC:
TBD
A.2.1.4. Receive (Server) Non-SYN (Covers Options)
Receive_other_traffic_key:
TBD
IPv4/TCP:
45 e0 00 87 1f a9 40 00 ff 06 7c 97 ac 1b 1c 1d
0a 0b 0c 0d 00 b3 e9 d7 11 c1 42 62 fb fb ab 9e
c0 18 01 00 40 0c 00 00 01 01 08 0a 84 a5 0b f5
00 15 5a c1 1d 10 54 3d a6 3f 0e cb bb 2e 63 5c
95 4d ea c7 ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff 00 43 01 04 da c0 00 b4 ac 1b 1c 1d
26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02
00 02 02 42 00 02 06 41 04 00 00 da c0 02 08 40
06 00 64 00 01 01 00
MAC:
TBD
A.2.2. HMAC-SHA256-128 (Omits TCP Options)
A.2.2.1. Send (Client) SYN (Omits Options)
Bonica & Li Expires 4 December 2026 [Page 11]
Internet-Draft tcp-ao-algs June 2026
Client ISN = 0xcb0efbee
Send_SYN_traffic_key:
TBD
IPv4/TCP:
45 e0 00 4c 53 99 40 00 ff 06 48 e2 0a 0b 0c 0d
ac 1b 1c 1d ff 12 00 b3 cb 0e fb ee 00 00 00 00
e0 02 ff ff 54 1f 00 00 02 04 05 b4 01 03 03 08
04 02 08 0a 00 02 4c ce 00 00 00 00 1d 10 3d 54
80 af 3c fe b8 53 68 93 7b 8f 9e c2
MAC:
TBD
A.2.2.2. Receive (Server) SYN-ACK (Omits Options)
Server ISN = 0xacd5b5e1
Receive_SYN_traffic_key:
TBD
IPv4/TCP:
45 e0 00 4c 32 84 40 00 ff 06 69 f7 ac 1b 1c 1d
0a 0b 0c 0d 00 b3 ff 12 ac d5 b5 e1 cb 0e fb ef
e0 12 ff ff 38 8e 00 00 02 04 05 b4 01 03 03 08
04 02 08 0a 57 67 72 f3 00 02 4c ce 1d 10 54 3d
09 30 6f 9a ce a6 3a 8c 68 cb 9a 70
MAC:
TBD
A.2.2.3. Send (Client) Non-SYN (Omits Options)
Bonica & Li Expires 4 December 2026 [Page 12]
Internet-Draft tcp-ao-algs June 2026
Send_other_traffic_key:
TBD
IPv4/TCP:
45 e0 00 87 a8 f5 40 00 ff 06 f3 4a 0a 0b 0c 0d
ac 1b 1c 1d ff 12 00 b3 cb 0e fb ef ac d5 b5 e2
c0 18 01 04 6c 45 00 00 01 01 08 0a 00 02 4c ce
57 67 72 f3 1d 10 3d 54 71 06 08 cc 69 6c 03 a2
71 c9 3a a5 ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff 00 43 01 04 da bf 00 b4 0a 0b 0c 0d
26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02
00 02 02 42 00 02 06 41 04 00 00 da bf 02 08 40
06 00 64 00 01 01 00
MAC:
TBD
A.2.2.4. Receive (Server) Non-SYN (Omits Options)
Receive_other_traffic_key:
TBD
IPv4/TCP:
45 e0 00 87 54 37 40 00 ff 06 48 09 ac 1b 1c 1d
0a 0b 0c 0d 00 b3 ff 12 ac d5 b5 e2 cb 0e fc 32
c0 18 01 00 46 b6 00 00 01 01 08 0a 57 67 72 f3
00 02 4c ce 1d 10 54 3d 97 76 6e 48 ac 26 2d e9
ae 61 b4 f9 ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff 00 43 01 04 da c0 00 b4 ac 1b 1c 1d
26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02
00 02 02 42 00 02 06 41 04 00 00 da c0 02 08 40
06 00 64 00 01 01 00
MAC:
TBD
Bonica & Li Expires 4 December 2026 [Page 13]
Internet-Draft tcp-ao-algs June 2026
A.3. IPv4 KMAC256-128 Output Test Vectors
In the following sections, all values are indicated as 2-digit
hexadecimal values with spacing per line representing the contents of
16 consecutive bytes, as is typical for data dumps. The IP/TCP data
indicates the entire IP packet, including the TCP segment and its
options (whether covered by TCP-AO or not, as indicated), including
TCP-AO.
A.3.1. KMAC256-128 (Default - Covers TCP Options)
A.3.1.1. Send (Client) SYN (Covers Options)
Client ISN = 0x787a1ddf
Send_SYN_traffic_key:
TBD
IP/TCP:
45 e0 00 4c 7b 9f 40 00 ff 06 20 dc 0a 0b 0c 0d
ac 1b 1c 1d c4 fa 00 b3 78 7a 1d df 00 00 00 00
e0 02 ff ff 5a 0f 00 00 02 04 05 b4 01 03 03 08
04 02 08 0a 00 01 7e d0 00 00 00 00 1d 10 3d 54
e4 77 e9 9c 80 40 76 54 98 e5 50 91
MAC:
TBD
A.3.1.2. Receive (Server) SYN-ACK (Covers Options)
Bonica & Li Expires 4 December 2026 [Page 14]
Internet-Draft tcp-ao-algs June 2026
Server ISN = 0xfadd6de9
Receive_SYN_traffic_key:
TBD
IPv4/TCP:
45 e0 00 4c 4b ad 40 00 ff 06 50 ce ac 1b 1c 1d
0a 0b 0c 0d 00 b3 c4 fa fa dd 6d e9 78 7a 1d e0
e0 12 ff ff f3 f2 00 00 02 04 05 b4 01 03 03 08
04 02 08 0a 93 f4 e9 e8 00 01 7e d0 1d 10 54 3d
d6 ad a7 bc 4c dd 53 6d 17 69 db 5f
MAC:
TBD
A.3.1.3. Send (Client) Non-SYN (Covers Options)
Send_other_traffic_key:
TBD
IPv4/TCP:
45 e0 00 87 fb 4f 40 00 ff 06 a0 f0 0a 0b 0c 0d
ac 1b 1c 1d c4 fa 00 b3 78 7a 1d e0 fa dd 6d ea
c0 18 01 04 95 05 00 00 01 01 08 0a 00 01 7e d0
93 f4 e9 e8 1d 10 3d 54 77 41 27 42 fa 4d c4 33
ef f0 97 3e ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff 00 43 01 04 da bf 00 b4 0a 0b 0c 0d
26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02
00 02 02 42 00 02 06 41 04 00 00 da bf 02 08 40
06 00 64 00 01 01 00
MAC:
TBD
A.3.1.4. Receive (Server) Non-SYN (Covers Options)
Bonica & Li Expires 4 December 2026 [Page 15]
Internet-Draft tcp-ao-algs June 2026
Receive_other_traffic_key:
TBD
IPv4/TCP:
45 e0 00 87 b9 14 40 00 ff 06 e3 2b ac 1b 1c 1d
0a 0b 0c 0d 00 b3 c4 fa fa dd 6d ea 78 7a 1e 23
c0 18 01 00 e7 db 00 00 01 01 08 0a 93 f4 e9 e8
00 01 7e d0 1d 10 54 3d f6 d9 65 a7 83 82 a7 48
45 f7 2d ac ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff 00 43 01 04 da c0 00 b4 ac 1b 1c 1d
26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02
00 02 02 42 00 02 06 41 04 00 00 da c0 02 08 40
06 00 64 00 01 01 00
MAC:
TBD
A.3.2. KMAC256-128 (Omits TCP Options)
A.3.2.1. Send (Client) SYN (Omits Options)
Client ISN = 0x389bed71
Send_SYN_traffic_key:
TBD
IPv4/TCP:
45 e0 00 4c f2 2e 40 00 ff 06 aa 4c 0a 0b 0c 0d
ac 1b 1c 1d da 1c 00 b3 38 9b ed 71 00 00 00 00
e0 02 ff ff 70 bf 00 00 02 04 05 b4 01 03 03 08
04 02 08 0a 00 01 85 e1 00 00 00 00 1d 10 3d 54
c4 4e 60 cb 31 f7 c0 b1 de 3d 27 49
MAC:
TBD
A.3.2.2. Receive (Server) SYN-ACK (Omits Options)
Bonica & Li Expires 4 December 2026 [Page 16]
Internet-Draft tcp-ao-algs June 2026
Server ISN = 0xd3844a6f
Receive_SYN_traffic_key:
TBD
IPv4/TCP:
45 e0 00 4c 6c c0 40 00 ff 06 2f bb ac 1b 1c 1d
0a 0b 0c 0d 00 b3 da 1c d3 84 4a 6f 38 9b ed 72
e0 12 ff ff e4 45 00 00 02 04 05 b4 01 03 03 08
04 02 08 0a ce 45 98 38 00 01 85 e1 1d 10 54 3d
3a 6a bb 20 7e 49 b1 be 71 36 db 90
MAC:
TBD
A.3.2.3. Send (Client) Non-SYN (Omits Options)
Send_other_traffic_key:
TBD
IPv4/TCP:
45 e0 00 87 ee 91 40 00 ff 06 ad ae 0a 0b 0c 0d
ac 1b 1c 1d da 1c 00 b3 38 9b ed 72 d3 84 4a 70
c0 18 01 04 88 51 00 00 01 01 08 0a 00 01 85 e1
ce 45 98 38 1d 10 3d 54 75 85 e9 e9 d5 c3 ec 85
7b 96 f8 37 ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff 00 43 01 04 da bf 00 b4 0a 0b 0c 0d
26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02
00 02 02 42 00 02 06 41 04 00 00 da bf 02 08 40
06 00 64 00 01 01 00
MAC:
TBD
A.3.2.4. Receive (Server) Non-SYN (Omits Options)
Bonica & Li Expires 4 December 2026 [Page 17]
Internet-Draft tcp-ao-algs June 2026
Receive_other_traffic_key:
TBD
IPv4/TCP:
45 e0 00 87 6a 21 40 00 ff 06 32 1f ac 1b 1c 1d
0a 0b 0c 0d 00 b3 da 1c d3 84 4a 70 38 9b ed 72
c0 18 01 00 04 49 00 00 01 01 08 0a ce 45 98 38
00 01 85 e1 1d 10 54 3d 5c 04 0f d9 23 33 04 76
5c 09 82 f4 ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff 00 43 01 04 da c0 00 b4 ac 1b 1c 1d
26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02
00 02 02 42 00 02 06 41 04 00 00 da c0 02 08 40
06 00 64 00 01 01 00
MAC:
TBD
A.4. IPv6 HMAC-SHA256-128 Output Test Vectors
A.4.1. HMAC-SHA256-128 (Default - Covers TCP Options)
A.4.1.1. Send (Client) SYN (Covers Options)
Client ISN = 0x176a833f
Send_SYN_traffic_key:
TBD
IPv6/TCP:
6e 08 91 dc 00 38 06 40 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 02 f7 e4 00 b3 17 6a 83 3f
00 00 00 00 e0 02 ff ff 47 21 00 00 02 04 05 a0
01 03 03 08 04 02 08 0a 00 41 d0 87 00 00 00 00
1d 10 3d 54 90 33 ec 3d 73 34 b6 4c 5e dd 03 9f
MAC:
TBD
A.4.1.2. Receive (Server) SYN-ACK (Covers Options)
Bonica & Li Expires 4 December 2026 [Page 18]
Internet-Draft tcp-ao-algs June 2026
Server ISN = 0x3f51994b
Receive_SYN_traffic_key:
TBD
IPv6/TCP:
6e 01 00 9e 00 38 06 40 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 01 00 b3 f7 e4 3f 51 99 4b
17 6a 83 40 e0 12 ff ff bf ec 00 00 02 04 05 a0
01 03 03 08 04 02 08 0a bd 33 12 9b 00 41 d0 87
1d 10 54 3d f1 cb a3 46 c3 52 61 63 f7 1f 1f 55
MAC:
TBD
A.4.1.3. Send (Client) Non-SYN (Covers Options)
Send_other_traffic_key:
TBD
IPv6/TCP:
6e 08 91 dc 00 73 06 40 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 02 f7 e4 00 b3 17 6a 83 40
3f 51 99 4c c0 18 01 00 32 9c 00 00 01 01 08 0a
00 41 d0 91 bd 33 12 9b 1d 10 3d 54 bf 08 05 fe
b4 ac 7b 16 3d 6f cd f2 ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4
01 01 01 79 26 02 06 01 04 00 01 00 01 02 02 80
00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd
e8 02 08 40 06 00 64 00 01 01 00
MAC:
TBD
A.4.1.4. Receive (Server) Non-SYN (Covers Options)
Bonica & Li Expires 4 December 2026 [Page 19]
Internet-Draft tcp-ao-algs June 2026
Receive_other_traffic_key:
TBD
IPv6/TCP:
6e 01 00 9e 00 73 06 40 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 01 00 b3 f7 e4 3f 51 99 4c
17 6a 83 83 c0 18 01 00 ee 6e 00 00 01 01 08 0a
bd 33 12 a5 00 41 d0 91 1d 10 54 3d 6c 48 12 5c
11 33 5b ab 9a 07 a7 97 ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4
01 01 01 7a 26 02 06 01 04 00 01 00 01 02 02 80
00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd
e8 02 08 40 06 00 64 00 01 01 00
MAC:
TBD
A.4.2. HMAC-SHA256-128 (Omits TCP Options)
A.4.2.1. Send (Client) SYN (Omits Options)
Client ISN = 0x020c1e69
Send_SYN_traffic_key:
TBD
IPv6/TCP:
6e 07 8f cd 00 38 06 40 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 02 c6 cd 00 b3 02 0c 1e 69
00 00 00 00 e0 02 ff ff a4 1a 00 00 02 04 05 a0
01 03 03 08 04 02 08 0a 00 9d b9 5b 00 00 00 00
1d 10 3d 54 88 56 98 b0 53 0e d4 d5 a1 5f 83 46
MAC:
TBD
A.4.2.2. Receive (Server) SYN-ACK (Omits Options)
Bonica & Li Expires 4 December 2026 [Page 20]
Internet-Draft tcp-ao-algs June 2026
Server ISN = 0xeba3734d
Receive_SYN_traffic_key:
TBD
IPv6/TCP:
6e 0a 7e 1f 00 38 06 40 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 01 00 b3 c6 cd eb a3 73 4d
02 0c 1e 6a e0 12 ff ff 77 4d 00 00 02 04 05 a0
01 03 03 08 04 02 08 0a 5e c9 9b 70 00 9d b9 5b
1d 10 54 3d 3c 54 6b ad 97 43 f1 2d f8 b8 01 0d
MAC:
TBD
A.4.2.3. Send (Client) Non-SYN (Omits Options)
Send_other_traffic_key:
TBD
IPv6/TCP:
6e 07 8f cd 00 73 06 40 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 02 c6 cd 00 b3 02 0c 1e 6a
eb a3 73 4e c0 18 01 00 83 e6 00 00 01 01 08 0a
00 9d b9 65 5e c9 9b 70 1d 10 3d 54 48 bd 09 3b
19 24 e0 01 19 2f 5b f0 ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4
01 01 01 79 26 02 06 01 04 00 01 00 01 02 02 80
00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd
e8 02 08 40 06 00 64 00 01 01 00
MAC:
TBD
A.4.2.4. Receive (Server) Non-SYN (Omits Options)
Bonica & Li Expires 4 December 2026 [Page 21]
Internet-Draft tcp-ao-algs June 2026
Receive_other_traffic_key:
TBD
IPv6/TCP:
6e 0a 7e 1f 00 73 06 40 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 01 00 b3 c6 cd eb a3 73 4e
02 0c 1e ad c0 18 01 00 71 6a 00 00 01 01 08 0a
5e c9 9b 7a 00 9d b9 65 1d 10 54 3d 55 9a 81 94
45 b4 fd e9 8d 9e 13 17 ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4
01 01 01 7a 26 02 06 01 04 00 01 00 01 02 02 80
00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd
e8 02 08 40 06 00 64 00 01 01 00
MAC:
TBD
A.5. IPv6 KMAC256-128 Output Test Vectors
A.5.1. KMAC256-128 (Default - Covers TCP Options)
A.5.1.1. Send (Client) SYN (Covers Options)
Client ISN = 0x193cccec
Send_SYN_traffic_key:
TBD
IP/TCP:
6e 04 a7 06 00 38 06 40 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 02 f8 5a 00 b3 19 3c cc ec
00 00 00 00 e0 02 ff ff de 5d 00 00 02 04 05 a0
01 03 03 08 04 02 08 0a 13 e4 ab 99 00 00 00 00
1d 10 3d 54 59 b5 88 10 74 81 ac 6d c3 92 70 40
MAC:
TBD
A.5.1.2. Receive (Server) SYN-ACK (Covers Options)
Bonica & Li Expires 4 December 2026 [Page 22]
Internet-Draft tcp-ao-algs June 2026
Server ISN = 0xa6744ecb
Receive_SYN_traffic_key:
TBD
IPv6/TCP:
6e 06 15 20 00 38 06 40 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 01 00 b3 f8 5a a6 74 4e cb
19 3c cc ed e0 12 ff ff ea bb 00 00 02 04 05 a0
01 03 03 08 04 02 08 0a 71 da ab c8 13 e4 ab 99
1d 10 54 3d dc 28 43 a8 4e 78 a6 bc fd c5 ed 80
MAC:
TBD
A.5.1.3. Send (Client) Non-SYN (Covers Options)
Send_other_traffic_key:
TBD
IPv6/TCP:
6e 04 a7 06 00 73 06 40 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 02 f8 5a 00 b3 19 3c cc ed
a6 74 4e cc c0 18 01 00 32 80 00 00 01 01 08 0a
13 e4 ab a3 71 da ab c8 1d 10 3d 54 7b 6a 45 5c
0d 4f 5f 01 83 5b aa b3 ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4
01 01 01 79 26 02 06 01 04 00 01 00 01 02 02 80
00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd
e8 02 08 40 06 00 64 00 01 01 00
MAC:
TBD
A.5.1.4. Receive (Server) Non-SYN (Covers Options)
Bonica & Li Expires 4 December 2026 [Page 23]
Internet-Draft tcp-ao-algs June 2026
Receive_other_traffic_key:
TBD
IPv6/TCP:
6e 06 15 20 00 73 06 40 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 01 00 b3 f8 5a a6 74 4e cc
19 3c cd 30 c0 18 01 00 52 f4 00 00 01 01 08 0a
71 da ab d3 13 e4 ab a3 1d 10 54 3d c1 06 9b 7d
fd 3d 69 3a 6d f3 f2 89 ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4
01 01 01 7a 26 02 06 01 04 00 01 00 01 02 02 80
00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd
e8 02 08 40 06 00 64 00 01 01 00
MAC:
TBD
A.5.2. KMAC256-128 (Omits TCP Options)
A.5.2.1. Send (Client) SYN (Omits Options)
Client ISN = 0xb01da74a
Send_SYN_traffic_key:
TBD
IPv6/TCP:
6e 09 3d 76 00 38 06 40 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 02 f2 88 00 b3 b0 1d a7 4a
00 00 00 00 e0 02 ff ff 75 ff 00 00 02 04 05 a0
01 03 03 08 04 02 08 0a 14 27 5b 3b 00 00 00 00
1d 10 3d 54 3d 45 b4 34 2d e8 bb 15 30 84 78 98
MAC:
TBD
A.5.2.2. Receive (Server) SYN-ACK (Omits Options)
Bonica & Li Expires 4 December 2026 [Page 24]
Internet-Draft tcp-ao-algs June 2026
Server ISN = 0xa6246145
Receive_SYN_traffic_key:
TBD
IPv6/TCP:
6e 0c 60 0a 00 38 06 40 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 01 00 b3 f2 88 a6 24 61 45
b0 1d a7 4b e0 12 ff ff a7 0c 00 00 02 04 05 a0
01 03 03 08 04 02 08 0a 17 82 24 5b 14 27 5b 3b
1d 10 54 3d 1d 01 f6 c8 7c 6f 93 ac ff a9 d4 b5
MAC:
TBD
A.5.2.3. Send (Client) Non-SYN (Omits Options)
Send_other_traffic_key:
TBD
IPv6/TCP:
6e 09 3d 76 00 73 06 40 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 02 f2 88 00 b3 b0 1d a7 4b
a6 24 61 46 c0 18 01 00 c3 6d 00 00 01 01 08 0a
14 27 5b 4f 17 82 24 5b 1d 10 3d 54 29 0c f4 14
cc b4 7a 33 32 76 e7 f8 ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4
01 01 01 79 26 02 06 01 04 00 01 00 01 02 02 80
00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd
e8 02 08 40 06 00 64 00 01 01 00
MAC:
TBD
A.5.2.4. Receive (Server) Non-SYN (Omits Options)
Bonica & Li Expires 4 December 2026 [Page 25]
Internet-Draft tcp-ao-algs June 2026
Receive_other_traffic_key:
TBD
IPv6/TCP:
6e 0c 60 0a 00 73 06 40 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00
00 00 00 00 00 00 00 01 00 b3 f2 88 a6 24 61 46
b0 1d a7 8e c0 18 01 00 34 51 00 00 01 01 08 0a
17 82 24 65 14 27 5b 4f 1d 10 54 3d 99 51 5f fc
d5 40 34 99 f6 19 fd 1b ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4
01 01 01 7a 26 02 06 01 04 00 01 00 01 02 02 80
00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd
e8 02 08 40 06 00 64 00 01 01 00
MAC:
TBD
Authors' Addresses
Ron Bonica
HPE
United States of America
Email: ronald.bonica@hpe.com
Tony Li
HPE
United States of America
Email: tony.li@tony.li
Bonica & Li Expires 4 December 2026 [Page 26]