[Search] [pdf|bibtex] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01                                                         
Network Working Group                                          D. McGrew
Internet-Draft                                       Cisco Systems, Inc.
Intended status: Standards Track                           March 9, 2009
Expires: September 10, 2009


 Test Cases for the use of Galois/Counter Mode (GCM) and Galois Message
                Authentication Code (GMAC) in IPsec ESP
                      draft-mcgrew-gcm-test-01.txt

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on September 10, 2009.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.








McGrew                 Expires September 10, 2009               [Page 1]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


Abstract

   This note provides test cases for the use of AES GCM and GMAC in ESP,
   as defined in RFC4106 and RFC4543, and clarifies some points in the
   latter specification.


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1.  Conventions Used In This Document  . . . . . . . . . . . .  3
   2.  AES-GCM in ESP . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  AES-GMAC in ESP  . . . . . . . . . . . . . . . . . . . . . . .  5
   4.  Test Cases . . . . . . . . . . . . . . . . . . . . . . . . . .  6
   5.  Security Considerations  . . . . . . . . . . . . . . . . . . . 22
   6.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 23
   7.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 24
   8.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 25
     8.1.  Normative References . . . . . . . . . . . . . . . . . . . 25
     8.2.  Informative References . . . . . . . . . . . . . . . . . . 25
   Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 26






























McGrew                 Expires September 10, 2009               [Page 2]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


1.  Introduction

   This document reviews the use of the Galois/Counter Mode (GCM) and
   Galois Message Authentication Code (GMAC) modes of operation for the
   Advanced Encryption Standard as they are used in the Encapsulating
   Security Payload (ESP) [RFC4303].

1.1.  Conventions Used In This Document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].







































McGrew                 Expires September 10, 2009               [Page 3]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


2.  AES-GCM in ESP

   We briefly review the AES-GCM-ESP and AES-GMAC-ESP definitions and
   establish the notation used in the test cases.  The GCM encryption
   operation takes as input a key, a nonce, a plaintext, and an
   additional authenticated data (AAD) value.  It outputs a ciphertext
   and an authentication tag, or "tag" for short.  Here we follow
   [RFC4106] and refer to the GCM initialization vector (IV) as a nonce
   in order to differentiate it from the IV that is carried in the ESP
   packet.  The eight-byte ESP IV forms part of the 12-byte GCM nonce.

   In [RFC4106], "The Use of Galois/Counter Mode (GCM) in IPsec ESP",
   the GCM inputs and ESP fields are as follows:

          nonce = Salt || IV
            aad = SPI || SequenceNumber
      plaintext = RestOfPayloadData || TFCpadding || Padding ||
                  PadLength || NextHeader
    PayloadData = IV || ciphertext
            ICV = tag

    Figure 1: The format of the GCM inputs and ESP fields for AES-GCM-
              ESP, where the symbol || denotes concatenation.

   Here the fields RestOfPayloadData, TFCpadding, Padding, PadLength,
   NextHeader, SPI, SequenceNumber, and ICV are as defined in [RFC4303]
   and the fields Salt and IV are as defined in [RFC4106].  The field
   RestOfPayloadData contains the plaintext data that is described by
   the NextHeader field, and no other data.  (Recall that the
   PayloadData field contains both the IV and the RestOfPayloadData; see
   [RFC4303] for an illustration.)

   [RFC4106] defines the tag as the ICV, instead of defining it as the
   final part of the Payload Data.  However, the two definitions are
   functionally equivalent.
















McGrew                 Expires September 10, 2009               [Page 4]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


3.  AES-GMAC in ESP

   In RFC 4543, "The Use of Galois Message Authentication Code (GMAC) in
   IPsec ESP and AH", the GMAC inputs and ESP fields are as follows:

      nonce     = Salt ||  IV
      aad       = SPI || SequenceNumber || IV ||
                  RestOfPayloadData || TFCpadding || Padding ||
                  PadLength || NextHeader
      plaintext = {}
        Payload = IV || PayloadData || TFCpadding || Padding ||
                  PadLength || NextHeader
            ICV = tag

             Figure 2: The format of the GMAC inputs for ESP.

   Here the symbol {} refers to the zero-length octet string.

   The "Payload Data" is called the "Authenticated Payload" in one part
   of RFC 4543.  It consists of the eight-octet IV, followed by the data
   encapsulated by ESP, that is, the data referred to by the Next Header
   field.

   RFC 4543, Section 7 (Security Considerations), second sentence,
   should read "In AES-GCM-ESP, the IV is not included in either the
   plaintext or the additional authenticated data."  It currently
   contains a typographical error, and reads "In
   ENCR_NULL_AUTH_AES_GMAC, the IV is not included in either the
   plaintext or the additional authenticated data."






















McGrew                 Expires September 10, 2009               [Page 5]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


4.  Test Cases

   Here are the test cases.

   algorithm -  The algorithm used in the test case.

   key  -  The secret key used by AES-GCM or AES-GMAC.

   spi  -  The ESP SPI field.

   seq  -  The ESP Sequence Number field, if the length is four octets,
      or the ESP Extended Sequence Number, if the length is eight
      octets.

   nonce -  The AES-GCM or AES-GMAC nonce; it is an input to the
      algorithm.

   plaintext -  The AES-GCM plaintext, which is an input to that
      algorithm.

   aad  -  The AES-GCM or AES-GMAC additional authenticated data; it is
      an input to that algorithm.

   ctext+tag -  The AES-GCM ciphertext and authentication tag, or the
      AES-GMAC authentication tag; this is an output from the algorithm.

   packet -  The complete ESP packet.
























McGrew                 Expires September 10, 2009               [Page 6]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


     algorithm = AES-GCM-ESP
           key = 4c80cdefbb5d10da906ac73c3613a634
                 (16 octets)
           spi = 00004321
           seq = 8765432100000000
                 (8 octets)
         nonce = 2e443b684956ed7e3b244cfe
     plaintext = 45000048699a000080114db7c0a80102
                 c0a801010a9bf15638d3010000010000
                 00000000045f736970045f7564700373
                 69700963796265726369747902646b00
                 0021000101020201
                 (72 octets)
           aad = 000043218765432100000000
                 (12 octets)
     ctext+tag = fecf537e729d5b07dc30df528dd22b76
                 8d1b98736696a6fd348509fa13ceac34
                 cfa2436f14a3f3cf65925bf1f4a13c5d
                 15b21e1884f5ff6247aeabb786b93bce
                 61bc17d768fd9732459018148f6cbe72
                 2fd04796562dfdb4
                 (88 octets)
        packet = 00004321000000004956ed7e3b244cfe
                 fecf537e729d5b07dc30df528dd22b76
                 8d1b98736696a6fd348509fa13ceac34
                 cfa2436f14a3f3cf65925bf1f4a13c5d
                 15b21e1884f5ff6247aeabb786b93bce
                 61bc17d768fd9732459018148f6cbe72
                 2fd04796562dfdb4
                 (104 octets)





















McGrew                 Expires September 10, 2009               [Page 7]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


     algorithm = AES-GCM-ESP
           key = feffe9928665731c6d6a8f9467308308
                 (16 octets)
           spi = 0000a5f8
           seq = 0000000a
                 (4 octets)
         nonce = cafebabefacedbaddecaf888
     plaintext = 4500003e698f000080114dccc0a80102
                 c0a801010a980035002a2343b2d00100
                 00010000000000000373697009637962
                 65726369747902646b00000100010001
                 (64 octets)
           aad = 0000a5f80000000a
                 (8 octets)
     ctext+tag = deb22cd9b07c72c16e3a65beeb8df304
                 a5a5897d33ae530f1ba76d5d114d2a5c
                 3de81827c10e9a4f51330d0eec416642
                 cfbb85a5b47e48a4ec3b9ba95d918bd1
                 83b70d3aa8bc6ee4c309e9d85a41ad4a
                 (80 octets)
        packet = 0000a5f80000000afacedbaddecaf888
                 deb22cd9b07c72c16e3a65beeb8df304
                 a5a5897d33ae530f1ba76d5d114d2a5c
                 3de81827c10e9a4f51330d0eec416642
                 cfbb85a5b47e48a4ec3b9ba95d918bd1
                 83b70d3aa8bc6ee4c309e9d85a41ad4a
                 (96 octets)
























McGrew                 Expires September 10, 2009               [Page 8]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


     algorithm = AES-GCM-ESP
           key = abbccddef00112233445566778899aab
                 abbccddef00112233445566778899aab
                 (32 octets)
           spi = 4a2cbfe3
           seq = 00000002
                 (4 octets)
         nonce = 112233440102030405060708
     plaintext = 4500003069a6400080062690c0a80102
                 9389155e0a9e008b2dc57ee000000000
                 7002400020bf0000020405b401010402
                 01020201
                 (52 octets)
           aad = 4a2cbfe300000002
                 (8 octets)
     ctext+tag = ff425c9b724599df7a3bcd510194e00d
                 6a78107f1b0b1cbf06efae9d65a5d763
                 748a637985771d347f0545659f14e99d
                 ef842d8eb335f4eecfdbf831824b4c49
                 15956c96
                 (68 octets)
        packet = 4a2cbfe3000000020102030405060708
                 ff425c9b724599df7a3bcd510194e00d
                 6a78107f1b0b1cbf06efae9d65a5d763
                 748a637985771d347f0545659f14e99d
                 ef842d8eb335f4eecfdbf831824b4c49
                 15956c96
                 (84 octets)























McGrew                 Expires September 10, 2009               [Page 9]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


     algorithm = AES-GCM-ESP
           key = 00000000000000000000000000000000
                 (16 octets)
           spi = 00000000
           seq = 00000001
                 (4 octets)
         nonce = 000000000000000000000000
     plaintext = 4500003c99c500008001cb7a40679318
                 010101010800075c0200440061626364
                 65666768696a6b6c6d6e6f7071727374
                 75767761626364656667686901020201
                 (64 octets)
           aad = 0000000000000001
                 (8 octets)
     ctext+tag = 4688daf2f973a392732909c331d56d60
                 f694abaa414b5e7ff5fdcdfff5e9a284
                 456476492719ffb64de7d9dca1e1d894
                 bc3bd57873ed4d181d19d4d5c8c18af3
                 f821d496eeb096e98ad2b69e4799c71d
                 (80 octets)
        packet = 00000000000000010000000000000000
                 4688daf2f973a392732909c331d56d60
                 f694abaa414b5e7ff5fdcdfff5e9a284
                 456476492719ffb64de7d9dca1e1d894
                 bc3bd57873ed4d181d19d4d5c8c18af3
                 f821d496eeb096e98ad2b69e4799c71d
                 (96 octets)
























McGrew                 Expires September 10, 2009              [Page 10]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


     algorithm = AES-GCM-ESP
           key = 3de09874b388e6491988d0c3607eae1f
                 (16 octets)
           spi = 42f67e3f
           seq = 1010101010101010
                 (8 octets)
         nonce = 57690e434e280000a2fca1a3
     plaintext = 4500003c99c300008001cb7c40679318
                 010101010800085c0200430061626364
                 65666768696a6b6c6d6e6f7071727374
                 75767761626364656667686901020201
                 (64 octets)
           aad = 42f67e3f1010101010101010
                 (12 octets)
     ctext+tag = fba2caa4853cf9f0f22cb10d86dd83b0
                 fec75691cf1a04b00d1138ec9c357917
                 65acbd8701ad79845bf9fe3fba487bc9
                 1755e6662b4c8d0d1f5e22739530320a
                 e0d731cc978ecafaeae88f00e80d6e48
                 (80 octets)
        packet = 42f67e3f101010104e280000a2fca1a3
                 fba2caa4853cf9f0f22cb10d86dd83b0
                 fec75691cf1a04b00d1138ec9c357917
                 65acbd8701ad79845bf9fe3fba487bc9
                 1755e6662b4c8d0d1f5e22739530320a
                 e0d731cc978ecafaeae88f00e80d6e48
                 (96 octets)
























McGrew                 Expires September 10, 2009              [Page 11]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


     algorithm = AES-GCM-ESP
           key = 3de09874b388e6491988d0c3607eae1f
                 (16 octets)
           spi = 42f67e3f
           seq = 1010101010101010
                 (8 octets)
         nonce = 57690e434e280000a2fca1a3
     plaintext = 4500001c42a200008001441f406793b6
                 e00000020a00f5ff01020201
                 (28 octets)
           aad = 42f67e3f1010101010101010
                 (12 octets)
     ctext+tag = fba2ca845e5df9f0f22c3e6e86dd831e
                 1fc65792cd1af9130e1379ed369f071f
                 35e034be95f112e4e7d05d35
                 (44 octets)
        packet = 42f67e3f101010104e280000a2fca1a3
                 fba2ca845e5df9f0f22c3e6e86dd831e
                 1fc65792cd1af9130e1379ed369f071f
                 35e034be95f112e4e7d05d35
                 (60 octets)


     algorithm = AES-GCM-ESP
           key = feffe9928665731c6d6a8f9467308308
                 feffe9928665731c
                 (24 octets)
           spi = 0000a5f8
           seq = 0000000a
                 (4 octets)
         nonce = cafebabefacedbaddecaf888
     plaintext = 45000028a4ad4000400678800a01038f
                 0a010612802306b8cb712602dd6bb03e
                 501016d075680001
                 (40 octets)
           aad = 0000a5f80000000a
                 (8 octets)
     ctext+tag = a5b1f8066029aea40e598b8122de0242
                 0938b3ab33f828e687b8858b5bfbdbd0
                 315b27452144cc7795457b9652037f53
                 18027b5b4cd7a636
                 (56 octets)
        packet = 0000a5f80000000afacedbaddecaf888
                 a5b1f8066029aea40e598b8122de0242
                 0938b3ab33f828e687b8858b5bfbdbd0
                 315b27452144cc7795457b9652037f53
                 18027b5b4cd7a636
                 (72 octets)



McGrew                 Expires September 10, 2009              [Page 12]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


     algorithm = AES-GCM-ESP
           key = abbccddef00112233445566778899aab
                 (16 octets)
           spi = 00000100
           seq = 0000000000000001
                 (8 octets)
         nonce = decaf888cafedebaceface74
     plaintext = 4500004933ba00007f119106c3fb1d10
                 c2b1d326c02831ce0035dd7b800302d5
                 00004e20001e8c18d75b81dc91baa047
                 6b91b924b280389d92c963bac046ec95
                 9b6266c04722b14923010101
                 (76 octets)
           aad = 000001000000000000000001
                 (12 octets)
     ctext+tag = 18a6fd42f72cbf4ab2a2ea901f73d814
                 e3e7f243d95412e1c349c1d2fbec168f
                 9190feebaf2cb01984e65863965d7472
                 b79da345e0e780191f0d2f0e0f496c22
                 6f2127b27db35724e7845d68651f57e6
                 5f354f75ff17015769623436
                 (92 octets)
        packet = 0000010000000001cafedebaceface74
                 18a6fd42f72cbf4ab2a2ea901f73d814
                 e3e7f243d95412e1c349c1d2fbec168f
                 9190feebaf2cb01984e65863965d7472
                 b79da345e0e780191f0d2f0e0f496c22
                 6f2127b27db35724e7845d68651f57e6
                 5f354f75ff17015769623436
                 (108 octets)





















McGrew                 Expires September 10, 2009              [Page 13]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


     algorithm = AES-GCM-ESP
           key = abbccddef00112233445566778899aab
                 abbccddef00112233445566778899aab
                 (32 octets)
           spi = 17405e67
           seq = 156f3126dd0db99b
                 (8 octets)
         nonce = 73616c74616e640169766563
     plaintext = 45080028732c00004006e9f90a010612
                 0a01038f06b88023dd6bafbecb712602
                 50101f646d540001
                 (40 octets)
           aad = 17405e67156f3126dd0db99b
                 (12 octets)
     ctext+tag = f2d69ecdbd5a0d5b8d5ef38bad4da58d
                 1f278fde98ef67549d524a3018d9a57f
                 f4d3a31ce673119e451626c2415771e3
                 b7eebca614c89b35
                 (56 octets)
        packet = 17405e67dd0db99b616e640169766563
                 f2d69ecdbd5a0d5b8d5ef38bad4da58d
                 1f278fde98ef67549d524a3018d9a57f
                 f4d3a31ce673119e451626c2415771e3
                 b7eebca614c89b35
                 (72 octets)


























McGrew                 Expires September 10, 2009              [Page 14]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


     algorithm = AES-GCM-ESP
           key = 3de09874b388e6491988d0c3607eae1f
                 (16 octets)
           spi = 42f67e3f
           seq = 1010101010101010
                 (8 octets)
         nonce = 57690e434e280000a2fca1a3
     plaintext = 45000049333e00007f119182c3fb1d10
                 c2b1d326c02831ce0035cb458003025b
                 000001e0001e8c18d65759d52284a035
                 2c71475c8880391c764d6e5ee0496b32
                 5ae270c03899493915010101
                 (76 octets)
           aad = 42f67e3f1010101010101010
                 (12 octets)
     ctext+tag = fba2cad12fc1f9f00d3cebf305410db8
                 3d7784b607323d220f24b0a97d541828
                 00cadb0f68d99ef0e0c0c89ae9bea888
                 4e52d65bc1afd0740f742444747b5b39
                 ab533163aad4550ee5160975cdb608c5
                 769189609763b8e18caa81e2
                 (92 octets)
        packet = 42f67e3f101010104e280000a2fca1a3
                 fba2cad12fc1f9f00d3cebf305410db8
                 3d7784b607323d220f24b0a97d541828
                 00cadb0f68d99ef0e0c0c89ae9bea888
                 4e52d65bc1afd0740f742444747b5b39
                 ab533163aad4550ee5160975cdb608c5
                 769189609763b8e18caa81e2
                 (108 octets)





















McGrew                 Expires September 10, 2009              [Page 15]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


     algorithm = AES-GCM-ESP
           key = abbccddef00112233445566778899aab
                 abbccddef00112233445566778899aab
                 (32 octets)
           spi = 17405e67
           seq = 156f3126dd0db99b
                 (8 octets)
         nonce = 73616c74616e640169766563
     plaintext = 636973636f0172756c65730174686501
                 6e6574776501646566696e6501746865
                 746563686e6f6c6f6769657301746861
                 7477696c6c01646566696e65746f6d6f
                 72726f7701020201
                 (72 octets)
           aad = 17405e67156f3126dd0db99b
                 (12 octets)
     ctext+tag = d4b7ed86a1777f2ea13d6973d324c69e
                 7b43f826fb56831226508bebd2dceb18
                 d0a6df10e5487df074113e14c641024e
                 3e6773d91a62ee429b043a10e3efe6b0
                 12a49363412364f8c0cac587f249e56b
                 11e24f30e44ccc76
                 (88 octets)
        packet = 17405e67dd0db99b616e640169766563
                 d4b7ed86a1777f2ea13d6973d324c69e
                 7b43f826fb56831226508bebd2dceb18
                 d0a6df10e5487df074113e14c641024e
                 3e6773d91a62ee429b043a10e3efe6b0
                 12a49363412364f8c0cac587f249e56b
                 11e24f30e44ccc76
                 (104 octets)




















McGrew                 Expires September 10, 2009              [Page 16]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


     algorithm = AES-GCM-ESP
           key = 7d773d00c144c525ac619d18c84a3f47
                 (16 octets)
           spi = 335467ae
           seq = ffffffff
                 (4 octets)
         nonce = d966426743457e9182443bc6
     plaintext = 01020201
                 (4 octets)
           aad = 335467aeffffffff
                 (8 octets)
     ctext+tag = 437f866bcb3f699fe9b0822bac961c45
                 04bef270
                 (20 octets)
        packet = 335467aeffffffff43457e9182443bc6
                 437f866bcb3f699fe9b0822bac961c45
                 04bef270
                 (36 octets)


     algorithm = AES-GCM-ESP
           key = abbccddef00112233445566778899aab
                 (16 octets)
           spi = 00000100
           seq = 0000000000000001
                 (8 octets)
         nonce = decaf888cafedebaceface74
     plaintext = 746f016265016f72016e6f7401746f01
                 62650001
                 (20 octets)
           aad = 000001000000000000000001
                 (12 octets)
     ctext+tag = 29c9fc69a197d038ccdd14e2ddfcaa05
                 43332164412503524303ed3c6c5f2838
                 43af8c3e
                 (36 octets)
        packet = 0000010000000001cafedebaceface74
                 29c9fc69a197d038ccdd14e2ddfcaa05
                 43332164412503524303ed3c6c5f2838
                 43af8c3e
                 (52 octets)










McGrew                 Expires September 10, 2009              [Page 17]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


     algorithm = AES-GCM-ESP
           key = 6c6567616c697a656d6172696a75616e
                 61616e64646f69746265666f72656961
                 (32 octets)
           spi = 796b6963
           seq = ffffffffffffffff
                 (8 octets)
         nonce = 7475726e333021696765746d
     plaintext = 45000030da3a00008001df3bc0a80005
                 c0a800010800c6cd0200070061626364
                 65666768696a6b6c6d6e6f7071727374
                 01020201
                 (52 octets)
           aad = 796b6963ffffffffffffffff
                 (12 octets)
     ctext+tag = f97ab2aa356d8edce17644ac8c78e25d
                 d24dedbb29ebf1b64a274b39b49c3a86
                 4cd3d78ca4ae68a32b42458fb57dbe82
                 1dcc63b9d0937ba2945f669368661a32
                 9fb4c053
                 (68 octets)
        packet = 796b6963ffffffff333021696765746d
                 f97ab2aa356d8edce17644ac8c78e25d
                 d24dedbb29ebf1b64a274b39b49c3a86
                 4cd3d78ca4ae68a32b42458fb57dbe82
                 1dcc63b9d0937ba2945f669368661a32
                 9fb4c053
                 (84 octets)























McGrew                 Expires September 10, 2009              [Page 18]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


     algorithm = AES-GMAC-ESP
           key = 4c80cdefbb5d10da906ac73c3613a634
                 (16 octets)
           spi = 00004321
           seq = 00000007
                 (4 octets)
         nonce = 22433c640000000000000000
     plaintext = (0 octets)
           aad = 00004321000000070000000000000000
                 45000030da3a00008001df3bc0a80005
                 c0a800010800c6cd0200070061626364
                 65666768696a6b6c6d6e6f7071727374
                 01020201
                 (68 octets)
     ctext+tag = (16 octets)
        packet = 00004321000000070000000000000000
                 45000030da3a00008001df3bc0a80005
                 c0a800010800c6cd0200070061626364
                 65666768696a6b6c6d6e6f7071727374
                 01020201f2a9a836e155106aa8dcd618
                 e4099aaa
                 (84 octets)





























McGrew                 Expires September 10, 2009              [Page 19]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


     algorithm = AES-GCM-ESP
           key = 3de09874b388e6491988d0c3607eae1f
                 (16 octets)
           spi = 3f7ef642
           seq = 1010101010101010
                 (8 octets)
         nonce = 57690e434e280000a2fca1a3
     plaintext = 45000030da3a00008001df3bc0a80005
                 c0a800010800c6cd0200070061626364
                 65666768696a6b6c6d6e6f7071727374
                 01020201
                 (52 octets)
           aad = 3f7ef6421010101010101010
                 (12 octets)
     ctext+tag = fba2caa8c6c5f9f0f22ca54a061210ad
                 3f6e5791cf1aca210d117cec9c357917
                 65acbd8701ad79845bf9fe3fba487bc9
                 6321930684eecadb56912546e7a95c97
                 40d7cb05
                 (68 octets)
        packet = 3f7ef642101010104e280000a2fca1a3
                 fba2caa8c6c5f9f0f22ca54a061210ad
                 3f6e5791cf1aca210d117cec9c357917
                 65acbd8701ad79845bf9fe3fba487bc9
                 6321930684eecadb56912546e7a95c97
                 40d7cb05
                 (84 octets)
























McGrew                 Expires September 10, 2009              [Page 20]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


     algorithm = AES-GCM-ESP
           key = 4c80cdefbb5d10da906ac73c3613a634
                 (16 octets)
           spi = 00004321
           seq = 8765432100000007
                 (8 octets)
         nonce = 22433c644855ec7d3a234bfd
     plaintext = 0800c6cd020007006162636465666768
                 696a6b6c6d6e6f707172737401020201
                 (32 octets)
           aad = 000043218765432100000007
                 (12 octets)
     ctext+tag = 74752e8aeb5d873cd7c0f4acc36c4bff
                 84b7d7b98f0ca8b6acda6894bc619069
                 ef9cbc28fe1b56a7c4e0d58c86cd2bc0
                 (48 octets)
        packet = 00004321000000074855ec7d3a234bfd
                 74752e8aeb5d873cd7c0f4acc36c4bff
                 84b7d7b98f0ca8b6acda6894bc619069
                 ef9cbc28fe1b56a7c4e0d58c86cd2bc0
                 (64 octets)






























McGrew                 Expires September 10, 2009              [Page 21]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


5.  Security Considerations

   An improperly implemented crypto algorithm may be insecure.
















































McGrew                 Expires September 10, 2009              [Page 22]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


6.  IANA Considerations

   This document has no actions for IANA.
















































McGrew                 Expires September 10, 2009              [Page 23]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


7.  Acknowledgements

   Thanks to Arpan Srivastava and Aravindhan P. for generating and
   validating test cases.















































McGrew                 Expires September 10, 2009              [Page 24]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


8.  References

8.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

8.2.  Informative References

   [RFC4106]  Viega, J. and D. McGrew, "The Use of Galois/Counter Mode
              (GCM) in IPsec Encapsulating Security Payload (ESP)",
              RFC 4106, June 2005.

   [RFC4303]  Kent, S., "IP Encapsulating Security Payload (ESP)",
              RFC 4303, December 2005.




































McGrew                 Expires September 10, 2009              [Page 25]


Internet-Draft           GCM/GMAC ESP Test Cases              March 2009


Author's Address

   David A. McGrew
   Cisco Systems, Inc.
   510 McCarthy Blvd.
   Milpitas, CA  95035
   US

   Phone: (408) 525 8651
   Email: mcgrew@cisco.com
   URI:   http://www.mindspring.com/~dmcgrew/dam.htm








































McGrew                 Expires September 10, 2009              [Page 26]