draft-ietf-avtcore-aria-srtp-03.txt   draft-ietf-avtcore-aria-srtp-04.txt 
AVTCore W. Kim AVTCore W. Kim
Internet-Draft J. Lee Internet-Draft J. Lee
Intended status: Standards Track D. Kim Intended status: Standards Track D. Kim
Expires: December 29, 2013 J. Park Expires: February 24, 2014 J. Park
D. Kwon D. Kwon
NSRI NSRI
June 27, 2013 August 23, 2013
The ARIA Algorithm and Its Use with the Secure Real-time Transport The ARIA Algorithm and Its Use with the Secure Real-time Transport
Protocol(SRTP) Protocol(SRTP)
draft-ietf-avtcore-aria-srtp-03 draft-ietf-avtcore-aria-srtp-04
Abstract Abstract
This document describes the use of the ARIA block cipher algorithm This document describes the use of the ARIA block cipher algorithm
within the Secure Real-time Transport Protocol (SRTP) for providing within the Secure Real-time Transport Protocol (SRTP) for providing
confidentiality for the Real-time Transport Protocol (RTP) traffic confidentiality for the Real-time Transport Protocol (RTP) traffic
and for the control traffic for RTP, the Real-time Transport Control and for the control traffic for RTP, the Real-time Transport Control
Protocol (RTCP). It details three modes of operation (CTR, CCM, GCM) Protocol (RTCP). It details three modes of operation (CTR, CCM, GCM)
and a SRTP Key Derivation Function for ARIA. and a SRTP Key Derivation Function for ARIA.
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 29, 2013. This Internet-Draft will expire on February 24, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 28 skipping to change at page 2, line 28
2.3. ARIA-CCM . . . . . . . . . . . . . . . . . . . . . . . . 9 2.3. ARIA-CCM . . . . . . . . . . . . . . . . . . . . . . . . 9
3. Key Derivation Functions . . . . . . . . . . . . . . . . . . 11 3. Key Derivation Functions . . . . . . . . . . . . . . . . . . 11
4. Security Considerations . . . . . . . . . . . . . . . . . . . 11 4. Security Considerations . . . . . . . . . . . . . . . . . . . 11
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
5.1. SDES . . . . . . . . . . . . . . . . . . . . . . . . . . 12 5.1. SDES . . . . . . . . . . . . . . . . . . . . . . . . . . 12
5.2. DTLS-SRTP . . . . . . . . . . . . . . . . . . . . . . . . 12 5.2. DTLS-SRTP . . . . . . . . . . . . . . . . . . . . . . . . 12
5.3. MIKEY . . . . . . . . . . . . . . . . . . . . . . . . . . 18 5.3. MIKEY . . . . . . . . . . . . . . . . . . . . . . . . . . 18
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 19
6.1. Normative References . . . . . . . . . . . . . . . . . . 19 6.1. Normative References . . . . . . . . . . . . . . . . . . 19
6.2. Informative References . . . . . . . . . . . . . . . . . 20 6.2. Informative References . . . . . . . . . . . . . . . . . 20
Appendix A. Test Vectors . . . . . . . . . . . . . . . . . . . . 20 Appendix A. Test Vectors . . . . . . . . . . . . . . . . . . . . 21
A.1. ARIA-CTR Test Vectors . . . . . . . . . . . . . . . . . . 21 A.1. ARIA-CTR Test Vectors . . . . . . . . . . . . . . . . . . 21
A.1.1. ARIA_128_CTR_HMAC_SHA1_80 . . . . . . . . . . . . . . 21 A.1.1. ARIA_128_CTR_HMAC_SHA1_80 . . . . . . . . . . . . . . 21
A.1.2. ARIA_192_CTR_HMAC_SHA1_80 . . . . . . . . . . . . . . 22 A.1.2. ARIA_192_CTR_HMAC_SHA1_80 . . . . . . . . . . . . . . 22
A.1.3. ARIA_256_CTR_HMAC_SHA1_80 . . . . . . . . . . . . . . 22 A.1.3. ARIA_256_CTR_HMAC_SHA1_80 . . . . . . . . . . . . . . 23
A.2. ARIA-GCM Test Vectors . . . . . . . . . . . . . . . . . . 23 A.2. ARIA-GCM Test Vectors . . . . . . . . . . . . . . . . . . 23
A.2.1. ARIA_128_GCM . . . . . . . . . . . . . . . . . . . . 23 A.2.1. ARIA_128_GCM . . . . . . . . . . . . . . . . . . . . 24
A.2.2. ARIA_256_GCM . . . . . . . . . . . . . . . . . . . . 24 A.2.2. ARIA_256_GCM . . . . . . . . . . . . . . . . . . . . 24
A.3. ARIA-CCM Test Vectors . . . . . . . . . . . . . . . . . . 24 A.3. ARIA-CCM Test Vectors . . . . . . . . . . . . . . . . . . 25
A.3.1. ARIA_128_CCM . . . . . . . . . . . . . . . . . . . . 25 A.3.1. ARIA_128_CCM . . . . . . . . . . . . . . . . . . . . 25
A.3.2. ARIA_256_CCM . . . . . . . . . . . . . . . . . . . . 25 A.3.2. ARIA_256_CCM . . . . . . . . . . . . . . . . . . . . 26
A.3.3. ARIA_128_CCM_8 . . . . . . . . . . . . . . . . . . . 26 A.3.3. ARIA_128_CCM_8 . . . . . . . . . . . . . . . . . . . 26
A.3.4. ARIA_256_CCM_8 . . . . . . . . . . . . . . . . . . . 26 A.3.4. ARIA_256_CCM_8 . . . . . . . . . . . . . . . . . . . 26
A.3.5. ARIA_128_CCM_12 . . . . . . . . . . . . . . . . . . . 26 A.3.5. ARIA_128_CCM_12 . . . . . . . . . . . . . . . . . . . 27
A.3.6. ARIA_256_CCM_12 . . . . . . . . . . . . . . . . . . . 27 A.3.6. ARIA_256_CCM_12 . . . . . . . . . . . . . . . . . . . 27
A.4. Key Derivation Test Vector . . . . . . . . . . . . . . . 27 A.4. Key Derivation Test Vector . . . . . . . . . . . . . . . 27
A.4.1. ARIA_128 . . . . . . . . . . . . . . . . . . . . . . 27 A.4.1. ARIA_128 . . . . . . . . . . . . . . . . . . . . . . 28
A.4.2. ARIA_192 . . . . . . . . . . . . . . . . . . . . . . 29 A.4.2. ARIA_192 . . . . . . . . . . . . . . . . . . . . . . 29
A.4.3. ARIA_256 . . . . . . . . . . . . . . . . . . . . . . 30 A.4.3. ARIA_256 . . . . . . . . . . . . . . . . . . . . . . 30
1. Introduction 1. Introduction
This document describes the use of the ARIA [RFC5794] block cipher This document describes the use of the ARIA [RFC5794] block cipher
algorithm in the Secure Real-time Transport Protocol (SRTP) [RFC3711] algorithm in the Secure Real-time Transport Protocol (SRTP) [RFC3711]
for providing confidentiality for the Real-time Transport Protocol for providing confidentiality for the Real-time Transport Protocol
(RTP) [RFC3550] traffic and for the control traffic for RTP, the (RTP) [RFC3550] traffic and for the control traffic for RTP, the
Real-time Transport Control Protocol (RTCP) [RFC3550]. Real-time Transport Control Protocol (RTCP) [RFC3550].
skipping to change at page 12, line 48 skipping to change at page 12, line 48
"AEAD_ARIA_256_CCM_12" / "AEAD_ARIA_256_CCM_12" /
srtp-crypto-suite-ext srtp-crypto-suite-ext
5.2. DTLS-SRTP 5.2. DTLS-SRTP
DTLS-SRTP [RFC5764] defines a DTLS-SRTP "SRTP Protection Profile". DTLS-SRTP [RFC5764] defines a DTLS-SRTP "SRTP Protection Profile".
In order to allow the use of the algorithms defined in this document In order to allow the use of the algorithms defined in this document
in DTLS-SRTP, IANA is requested to add the below crypto suite to the in DTLS-SRTP, IANA is requested to add the below crypto suite to the
"DTLS-SRTP Protection Profiles" created by [RFC5764], at time of "DTLS-SRTP Protection Profiles" created by [RFC5764], at time of
writing located on the following IANA page: http://www.iana.org/ writing located on the following IANA page: http://www.iana.org/
assignments/srtp-protection/srtp-protection.xml#srtp-protection-1 [2] assignments/srtp-protection/srtp-protection.xml#srtp-protection-1
[2].
SRTP_ARIA_128_CTR_HMAC_SHA1_80 = {TBD,TBD} SRTP_ARIA_128_CTR_HMAC_SHA1_80 = {TBD,TBD}
SRTP_ARIA_128_CTR_HMAC_SHA1_32 = {TBD,TBD} SRTP_ARIA_128_CTR_HMAC_SHA1_32 = {TBD,TBD}
SRTP_ARIA_192_CTR_HMAC_SHA1_80 = {TBD,TBD} SRTP_ARIA_192_CTR_HMAC_SHA1_80 = {TBD,TBD}
SRTP_ARIA_192_CTR_HMAC_SHA1_32 = {TBD,TBD} SRTP_ARIA_192_CTR_HMAC_SHA1_32 = {TBD,TBD}
SRTP_ARIA_256_CTR_HMAC_SHA1_80 = {TBD,TBD} SRTP_ARIA_256_CTR_HMAC_SHA1_80 = {TBD,TBD}
SRTP_ARIA_256_CTR_HMAC_SHA1_32 = {TBD,TBD} SRTP_ARIA_256_CTR_HMAC_SHA1_32 = {TBD,TBD}
SRTP_AEAD_ARIA_128_GCM = {TBD,TBD} SRTP_AEAD_ARIA_128_GCM = {TBD,TBD}
SRTP_AEAD_ARIA_256_GCM = {TBD,TBD} SRTP_AEAD_ARIA_256_GCM = {TBD,TBD}
SRTP_AEAD_ARIA_128_GCM_8 = {TBD,TBD} SRTP_AEAD_ARIA_128_GCM_8 = {TBD,TBD}
skipping to change at page 18, line 17 skipping to change at page 18, line 17
5.3. MIKEY 5.3. MIKEY
[RFC3830] and [RFC5748] define encryption algorithms and PRFs for the [RFC3830] and [RFC5748] define encryption algorithms and PRFs for the
SRTP policy in MIKEY. In order to allow the use of the algorithms SRTP policy in MIKEY. In order to allow the use of the algorithms
defined in this document in MIKEY, IANA is requested to add the below defined in this document in MIKEY, IANA is requested to add the below
crypto suites to the "MIKEY Security Protocol Parameters SRTP Type 0 crypto suites to the "MIKEY Security Protocol Parameters SRTP Type 0
(Encryption algorithm)" and to add the below PRF to the "MIKEY (Encryption algorithm)" and to add the below PRF to the "MIKEY
Security Protocol Parameters SRTP Type 5 (Pseudo Random Function)" Security Protocol Parameters SRTP Type 5 (Pseudo Random Function)"
created by [RFC3830], at time of writing located on the following created by [RFC3830], at time of writing located on the following
IANA page http://www.iana.org/assignments/mikey-payloads/mikey- IANA page http://www.iana.org/assignments/mikey-payloads/mikey-
payloads.xml#mikey-payloads-26 [3] payloads.xml#mikey-payloads-26 [3].
+---------------+-------+ +---------------+-------+
| SRTP Enc. alg | Value | | SRTP Enc. alg | Value |
+---------------+-------+ +---------------+-------+
| ARIA-CTR | TBD | | ARIA-CTR | TBD |
| ARIA-CCM | TBD | | ARIA-CCM | TBD |
| ARIA-GCM | TBD | | ARIA-GCM | TBD |
+---------------+-------+ +---------------+-------+
Default session encryption key length is 16 octets. Default session encryption key length is 16 octets.
+----------+-------+ +----------+-------+
| SRTP PRF | Value | | SRTP PRF | Value |
+----------+-------+ +----------+-------+
| ARIA-CTR | TBD | | ARIA-CTR | TBD |
+----------+-------+ +----------+-------+
MIKEY specifies the algorithm family separately from the key length MIKEY specifies the algorithm family separately from the key length
(which is specified by the Session Encryption key length) and the (which is specified by the Session Encryption key length) and the
authentication tag length (specified by AEAD authentication tag authentication tag length.
length [I-D.ietf-avtcore-srtp-aes-gcm]).
+--------------------------------------+
| Encryption | Encryption | Auth. |
| Algorithm | Key Length | Tag Length |
+======================================+
SRTP_ARIA_128_CTR_HMAC_80 | ARIA-CTR | 16 octets | 10 octets |
SRTP_ARIA_128_CTR_HMAC_32 | ARIA-CTR | 16 octets | 4 octets |
SRTP_ARIA_192_CTR_HMAC_80 | ARIA-CTR | 24 octets | 10 octets |
SRTP_ARIA_192_CTR_HMAC_32 | ARIA-CTR | 24 octets | 4 octets |
SRTP_ARIA_256_CTR_HMAC_80 | ARIA-CTR | 32 octets | 10 octets |
SRTP_ARIA_256_CTR_HMAC_32 | ARIA-CTR | 32 octets | 4 octets |
+======================================+
Figure 1: Mapping MIKEY parameters to ARIA-CTR with HMAC algorithm
+--------------------------------------+ +--------------------------------------+
| Encryption | Encryption | AEAD Auth. | | Encryption | Encryption | AEAD Auth. |
| Algorithm | Key Length | Tag Length | | Algorithm | Key Length | Tag Length |
+======================================+ +======================================+
SRTP_ARIA_128_CTR_HMAC_80 | ARIA-CTR | 16 octets | 80 bits | SRTP_AEAD_ARIA_128_GCM | ARIA-GCM | 16 octets | 16 octets |
SRTP_ARIA_128_CTR_HMAC_32 | ARIA-CTR | 16 octets | 32 bits | SRTP_AEAD_ARIA_128_CCM | ARIA-CCM | 16 octets | 16 octets |
SRTP_ARIA_192_CTR_HMAC_80 | ARIA-CTR | 24 octets | 80 bits | SRTP_AEAD_ARIA_128_GCM_12 | ARIA-GCM | 16 octets | 12 octets |
SRTP_ARIA_192_CTR_HMAC_32 | ARIA-CTR | 24 octets | 32 bits | SRTP_AEAD_ARIA_128_CCM_12 | ARIA-CCM | 16 octets | 12 octets |
SRTP_ARIA_256_CTR_HMAC_80 | ARIA-CTR | 32 octets | 80 bits | SRTP_AEAD_ARIA_128_GCM_8 | ARIA-GCM | 16 octets | 8 octets |
SRTP_ARIA_256_CTR_HMAC_32 | ARIA-CTR | 32 octets | 32 bits | SRTP_AEAD_ARIA_128_CCM_8 | ARIA-CCM | 16 octets | 8 octets |
SRTP_AEAD_ARIA_128_GCM | ARIA-GCM | 16 octets | 128 bits | SRTP_AEAD_ARIA_256_GCM | ARIA-GCM | 32 octets | 16 octets |
SRTP_AEAD_ARIA_128_CCM | ARIA-CCM | 16 octets | 128 bits | SRTP_AEAD_ARIA_256_CCM | ARIA-CCM | 32 octets | 16 octets |
SRTP_AEAD_ARIA_128_GCM_12 | ARIA-GCM | 16 octets | 96 bits | SRTP_AEAD_ARIA_256_GCM_12 | ARIA-GCM | 32 octets | 12 octets |
SRTP_AEAD_ARIA_128_CCM_12 | ARIA-CCM | 16 octets | 96 bits | SRTP_AEAD_ARIA_256_CCM_12 | ARIA-CCM | 32 octets | 12 octets |
SRTP_AEAD_ARIA_128_GCM_8 | ARIA-GCM | 16 octets | 64 bits | SRTP_AEAD_ARIA_256_GCM_8 | ARIA-GCM | 32 octets | 8 octets |
SRTP_AEAD_ARIA_128_CCM_8 | ARIA-CCM | 16 octets | 64 bits | SRTP_AEAD_ARIA_256_CCM_8 | ARIA-CCM | 32 octets | 8 octets |
SRTP_AEAD_ARIA_256_GCM | ARIA-GCM | 32 octets | 128 bits |
SRTP_AEAD_ARIA_256_CCM | ARIA-CCM | 32 octets | 128 bits |
SRTP_AEAD_ARIA_256_GCM_12 | ARIA-GCM | 32 octets | 96 bits |
SRTP_AEAD_ARIA_256_CCM_12 | ARIA-CCM | 32 octets | 96 bits |
SRTP_AEAD_ARIA_256_GCM_8 | ARIA-GCM | 32 octets | 64 bits |
SRTP_AEAD_ARIA_256_CCM_8 | ARIA-CCM | 32 octets | 64 bits |
+======================================+ +======================================+
Figure 1: Mapping MIKEY parameters to AEAD algorithm Figure 2: Mapping MIKEY parameters to AEAD algorithm
6. References 6. References
6.1. Normative References 6.1. Normative References
[GCM] Dworkin, M., "Recommendation for Block Cipher Modes of [GCM] Dworkin, M., "Recommendation for Block Cipher Modes of
Operation: Galois/Counter Mode (GCM) and GMAC", NIST SP Operation: Galois/Counter Mode (GCM) and GMAC", NIST SP
800-38D, November 2007. 800-38D, November 2007.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
skipping to change at page 20, line 30 skipping to change at page 20, line 36
encryption algorithm ARIA - Part 1: General (in Korean)", encryption algorithm ARIA - Part 1: General (in Korean)",
KS X 1213-1:2009, December 2009. KS X 1213-1:2009, December 2009.
[ARIAPKCS] [ARIAPKCS]
RSA Laboratories, "Additional PKCS #11 Mechanisms", PKCS RSA Laboratories, "Additional PKCS #11 Mechanisms", PKCS
#11 v2.20 Amendment 3 Revision 1, January 2007. #11 v2.20 Amendment 3 Revision 1, January 2007.
[I-D.ietf-avtcore-srtp-aes-gcm] [I-D.ietf-avtcore-srtp-aes-gcm]
McGrew, D. and K. Igoe, "AES-GCM and AES-CCM Authenticated McGrew, D. and K. Igoe, "AES-GCM and AES-CCM Authenticated
Encryption in Secure RTP (SRTP)", draft-ietf-avtcore-srtp- Encryption in Secure RTP (SRTP)", draft-ietf-avtcore-srtp-
aes-gcm-06 (work in progress), May 2013. aes-gcm-07 (work in progress), July 2013.
[RFC3610] Whiting, D., Housley, R., and N. Ferguson, "Counter with [RFC3610] Whiting, D., Housley, R., and N. Ferguson, "Counter with
CBC-MAC (CCM)", RFC 3610, September 2003. CBC-MAC (CCM)", RFC 3610, September 2003.
[RFC5748] Yoon, S., Jeong, J., Kim, H., Jeong, H., and Y. Won, "IANA [RFC5748] Yoon, S., Jeong, J., Kim, H., Jeong, H., and Y. Won, "IANA
Registry Update for Support of the SEED Cipher Algorithm Registry Update for Support of the SEED Cipher Algorithm
in Multimedia Internet KEYing (MIKEY)", RFC 5748, August in Multimedia Internet KEYing (MIKEY)", RFC 5748, August
2010. 2010.
[RFC5794] Lee, J., Lee, J., Kim, J., Kwon, D., and C. Kim, "A [RFC5794] Lee, J., Lee, J., Kim, J., Kwon, D., and C. Kim, "A
skipping to change at page 23, line 35 skipping to change at page 23, line 46
A.2. ARIA-GCM Test Vectors A.2. ARIA-GCM Test Vectors
Common values are organized as follows: Common values are organized as follows:
Rollover Counter: 00000000 Rollover Counter: 00000000
Sequence Number: 315e Sequence Number: 315e
SSRC: 20e8f5eb SSRC: 20e8f5eb
Encryption Salt: 000000000000000000000000 Encryption Salt: 000000000000000000000000
Initialization Vector: 000020e8f5eb00000000315e Initialization Vector: 000020e8f5eb00000000315e
Payload: f57af5fd4ae19562976ec57a5a7ad55a RTP Payload: f57af5fd4ae19562976ec57a5a7ad55a
5af5c5e5c5fdf5c55ad57a4a7272d572 5af5c5e5c5fdf5c55ad57a4a7272d572
62e9729566ed66e97ac54a4a5a7ad5e1 62e9729566ed66e97ac54a4a5a7ad5e1
5ae5fdd5fd5ac5d56ae56ad5c572d54a 5ae5fdd5fd5ac5d56ae56ad5c572d54a
e54ac55a956afd6aed5a4ac562957a95 e54ac55a956afd6aed5a4ac562957a95
16991691d572fd14e97ae962ed7a9f4a 16991691d572fd14e97ae962ed7a9f4a
955af572e162f57a956666e17ae1f54a 955af572e162f57a956666e17ae1f54a
95f566d54a66e16e4afd6a9f7ae1c5c5 95f566d54a66e16e4afd6a9f7ae1c5c5
5ae5d56afde916c5e94a6ec56695e14a 5ae5d56afde916c5e94a6ec56695e14a
fde1148416e94ad57ac5146ed59d1cc5 fde1148416e94ad57ac5146ed59d1cc5
AAD: 8008315ebf2e6fe020e8f5eb Associated Data: 8008315ebf2e6fe020e8f5eb
The length of encrypted payload is larger than that of payload by 16
octets which the length of the tag from GCM. For other GCM
ciphersuites with shorter tag length than 16 octets, test vectors can
be obtained by truncation from ARIA-GCM test verctors.
A.2.1. ARIA_128_GCM A.2.1. ARIA_128_GCM
Key: e91e5e75da65554a48181f3846349562 Key: e91e5e75da65554a48181f3846349562
Encrypted RTP Payload: 4d8a9a0675550c704b17d8c9ddc81a5c Encrypted RTP Payload: 4d8a9a0675550c704b17d8c9ddc81a5c
d6f7da34f2fe1b3db7cb3dfb9697102e d6f7da34f2fe1b3db7cb3dfb9697102e
a0f3c1fc2dbc873d44bceeae8e444297 a0f3c1fc2dbc873d44bceeae8e444297
4ba21ff6789d3272613fb9631a7cf3f1 4ba21ff6789d3272613fb9631a7cf3f1
4bacbeb421633a90ffbe58c2fa6bdca5 4bacbeb421633a90ffbe58c2fa6bdca5
34f10d0de0502ce1d531b6336e588782 34f10d0de0502ce1d531b6336e588782
78531e5c22bc6c85bbd784d78d9e680a 78531e5c22bc6c85bbd784d78d9e680a
a19031aaf89101d669d7a3965c1f7e16 a19031aaf89101d669d7a3965c1f7e16
skipping to change at page 24, line 16 skipping to change at page 24, line 29
Encrypted RTP Payload: 4d8a9a0675550c704b17d8c9ddc81a5c Encrypted RTP Payload: 4d8a9a0675550c704b17d8c9ddc81a5c
d6f7da34f2fe1b3db7cb3dfb9697102e d6f7da34f2fe1b3db7cb3dfb9697102e
a0f3c1fc2dbc873d44bceeae8e444297 a0f3c1fc2dbc873d44bceeae8e444297
4ba21ff6789d3272613fb9631a7cf3f1 4ba21ff6789d3272613fb9631a7cf3f1
4bacbeb421633a90ffbe58c2fa6bdca5 4bacbeb421633a90ffbe58c2fa6bdca5
34f10d0de0502ce1d531b6336e588782 34f10d0de0502ce1d531b6336e588782
78531e5c22bc6c85bbd784d78d9e680a 78531e5c22bc6c85bbd784d78d9e680a
a19031aaf89101d669d7a3965c1f7e16 a19031aaf89101d669d7a3965c1f7e16
229d7463e0535f4e253f5d18187d40b8 229d7463e0535f4e253f5d18187d40b8
ae0f564bd970b5e7e2adfb211e89a953 ae0f564bd970b5e7e2adfb211e89a953
5abace3f37f5a736f4be984bbffbedc1
Authentication Tag: 5abace3f37f5a736f4be984bbffbedc1
A.2.2. ARIA_256_GCM A.2.2. ARIA_256_GCM
Key: 0c5ffd37a11edc42c325287fc0604f2e Key: 0c5ffd37a11edc42c325287fc0604f2e
3e8cd5671a00fe3216aa5eb105783b54 3e8cd5671a00fe3216aa5eb105783b54
Encrypted RTP Payload: 6f9e4bcbc8c85fc0128fb1e4a0a20cb9 Encrypted RTP Payload: 6f9e4bcbc8c85fc0128fb1e4a0a20cb9
932ff74581f54fc013dd054b19f99371 932ff74581f54fc013dd054b19f99371
425b352d97d3f337b90b63d1b082adee 425b352d97d3f337b90b63d1b082adee
ea9d2d7391897d591b985e55fb50cb53 ea9d2d7391897d591b985e55fb50cb53
50cf7d38dc27dda127c078a149c8eb98 50cf7d38dc27dda127c078a149c8eb98
083d66363a46e3726af217d3a00275ad 083d66363a46e3726af217d3a00275ad
5bf772c7610ea4c23006878f0ee69a83 5bf772c7610ea4c23006878f0ee69a83
97703169a419303f40b72e4573714d19 97703169a419303f40b72e4573714d19
e2697df61e7c7252e5abc6bade876ac4 e2697df61e7c7252e5abc6bade876ac4
961bfac4d5e867afca351a48aed52822 961bfac4d5e867afca351a48aed52822
e210d6ced2cf430ff841472915e7ef48
Authentication Tag: e210d6ced2cf430ff841472915e7ef48
A.3. ARIA-CCM Test Vectors A.3. ARIA-CCM Test Vectors
Common values are organized as follows: Common values are organized as follows:
Rollover Counter: 00000000 Rollover Counter: 00000000
Sequence Number: 315e Sequence Number: 315e
SSRC: 20e8f5eb SSRC: 20e8f5eb
Encryption Salt: 000000000000000000000000 Encryption Salt: 000000000000000000000000
Initialization Vector: 000020e8f5eb00000000315e Initialization Vector: 000020e8f5eb00000000315e
Payload: f57af5fd4ae19562976ec57a5a7ad55a RTP Payload: f57af5fd4ae19562976ec57a5a7ad55a
5af5c5e5c5fdf5c55ad57a4a7272d572 5af5c5e5c5fdf5c55ad57a4a7272d572
62e9729566ed66e97ac54a4a5a7ad5e1 62e9729566ed66e97ac54a4a5a7ad5e1
5ae5fdd5fd5ac5d56ae56ad5c572d54a 5ae5fdd5fd5ac5d56ae56ad5c572d54a
e54ac55a956afd6aed5a4ac562957a95 e54ac55a956afd6aed5a4ac562957a95
16991691d572fd14e97ae962ed7a9f4a 16991691d572fd14e97ae962ed7a9f4a
955af572e162f57a956666e17ae1f54a 955af572e162f57a956666e17ae1f54a
95f566d54a66e16e4afd6a9f7ae1c5c5 95f566d54a66e16e4afd6a9f7ae1c5c5
5ae5d56afde916c5e94a6ec56695e14a 5ae5d56afde916c5e94a6ec56695e14a
fde1148416e94ad57ac5146ed59d1cc5 fde1148416e94ad57ac5146ed59d1cc5
AAD: 8008315ebf2e6fe020e8f5eb Associated Data: 8008315ebf2e6fe020e8f5eb
The length of encrypted payload is larger than that of payload by the
tag length defined for each ciphersuite.
A.3.1. ARIA_128_CCM A.3.1. ARIA_128_CCM
Key: 974bee725d44fc3992267b284c3c6750 Key: 974bee725d44fc3992267b284c3c6750
Encrypted RTP Payload: 621e408a2e455505b39f704dcbac4307 Encrypted RTP Payload: 621e408a2e455505b39f704dcbac4307
daabbd6d670abc4e42f2fd2fca263f09 daabbd6d670abc4e42f2fd2fca263f09
4f4683e6fb0b10c5093d42b69dce0ba5 4f4683e6fb0b10c5093d42b69dce0ba5
46520e7c4400975713f3bde93ef13116 46520e7c4400975713f3bde93ef13116
0b9cbcd6df78a1502be7c6ea8d395b9e 0b9cbcd6df78a1502be7c6ea8d395b9e
d0078819c3105c0ab92cb67b16ba51bb d0078819c3105c0ab92cb67b16ba51bb
1f53508738bf7a37c9a905439b88b7af 1f53508738bf7a37c9a905439b88b7af
9d51a407916fdfea8d43bf253721846d 9d51a407916fdfea8d43bf253721846d
c1671391225fc58d9d0693c8ade6a4ff c1671391225fc58d9d0693c8ade6a4ff
b034ee6543dd4e651b7a084eae60f855 b034ee6543dd4e651b7a084eae60f855
40f04b6467e300f6b336aedf9df4185b
Authentication Tag: 40f04b6467e300f6b336aedf9df4185b
A.3.2. ARIA_256_CCM A.3.2. ARIA_256_CCM
Key: 0c5ffd37a11edc42c325287fc0604f2e Key: 0c5ffd37a11edc42c325287fc0604f2e
3e8cd5671a00fe3216aa5eb105783b54 3e8cd5671a00fe3216aa5eb105783b54
Encrypted RTP Payload: ff78128ee18ee3cb9fb0d20726a017ff Encrypted RTP Payload: ff78128ee18ee3cb9fb0d20726a017ff
67fbd09d3a4c38aa32f6d306d3fdda37 67fbd09d3a4c38aa32f6d306d3fdda37
8e459b83ed005507449d6cd981a4c1e3 8e459b83ed005507449d6cd981a4c1e3
ff4193870c276ef09b6317a01a228320 ff4193870c276ef09b6317a01a228320
6ae4b4be0d0b235422c8abb001224106 6ae4b4be0d0b235422c8abb001224106
56b75e1ffc7fb49c0d0c5d6169aa7623 56b75e1ffc7fb49c0d0c5d6169aa7623
610579968037aee8e83fc26264ea8665 610579968037aee8e83fc26264ea8665
90fd620aa3c0a5f323d953aa7f8defb0 90fd620aa3c0a5f323d953aa7f8defb0
d0d60ab5a9de44dbaf8eae74ea3ab5f3 d0d60ab5a9de44dbaf8eae74ea3ab5f3
0594154f405fd630aa4c4d5603efdfa1 0594154f405fd630aa4c4d5603efdfa1
87b6bd222c55365a9c7d0b215b77ea41
Authentication Tag: 87b6bd222c55365a9c7d0b215b77ea41
A.3.3. ARIA_128_CCM_8 A.3.3. ARIA_128_CCM_8
Key: 974bee725d44fc3992267b284c3c6750 Key: 974bee725d44fc3992267b284c3c6750
Encrypted RTP Payload: 621e408a2e455505b39f704dcbac4307 Encrypted RTP Payload: 621e408a2e455505b39f704dcbac4307
daabbd6d670abc4e42f2fd2fca263f09 daabbd6d670abc4e42f2fd2fca263f09
4f4683e6fb0b10c5093d42b69dce0ba5 4f4683e6fb0b10c5093d42b69dce0ba5
46520e7c4400975713f3bde93ef13116 46520e7c4400975713f3bde93ef13116
0b9cbcd6df78a1502be7c6ea8d395b9e 0b9cbcd6df78a1502be7c6ea8d395b9e
d0078819c3105c0ab92cb67b16ba51bb d0078819c3105c0ab92cb67b16ba51bb
1f53508738bf7a37c9a905439b88b7af 1f53508738bf7a37c9a905439b88b7af
9d51a407916fdfea8d43bf253721846d 9d51a407916fdfea8d43bf253721846d
c1671391225fc58d9d0693c8ade6a4ff c1671391225fc58d9d0693c8ade6a4ff
b034ee6543dd4e651b7a084eae60f855 b034ee6543dd4e651b7a084eae60f855
dd2282c93a67fe4b
Authentication Tag: dd2282c93a67fe4b
A.3.4. ARIA_256_CCM_8 A.3.4. ARIA_256_CCM_8
Key: 0c5ffd37a11edc42c325287fc0604f2e Key: 0c5ffd37a11edc42c325287fc0604f2e
3e8cd5671a00fe3216aa5eb105783b54 3e8cd5671a00fe3216aa5eb105783b54
Encrypted RTP Payload: ff78128ee18ee3cb9fb0d20726a017ff Encrypted RTP Payload: ff78128ee18ee3cb9fb0d20726a017ff
67fbd09d3a4c38aa32f6d306d3fdda37 67fbd09d3a4c38aa32f6d306d3fdda37
8e459b83ed005507449d6cd981a4c1e3 8e459b83ed005507449d6cd981a4c1e3
ff4193870c276ef09b6317a01a228320 ff4193870c276ef09b6317a01a228320
6ae4b4be0d0b235422c8abb001224106 6ae4b4be0d0b235422c8abb001224106
56b75e1ffc7fb49c0d0c5d6169aa7623 56b75e1ffc7fb49c0d0c5d6169aa7623
610579968037aee8e83fc26264ea8665 610579968037aee8e83fc26264ea8665
90fd620aa3c0a5f323d953aa7f8defb0 90fd620aa3c0a5f323d953aa7f8defb0
d0d60ab5a9de44dbaf8eae74ea3ab5f3 d0d60ab5a9de44dbaf8eae74ea3ab5f3
0594154f405fd630aa4c4d5603efdfa1 0594154f405fd630aa4c4d5603efdfa1
828dc0088f99a7ef
Authentication Tag: 828dc0088f99a7ef
A.3.5. ARIA_128_CCM_12 A.3.5. ARIA_128_CCM_12
Key: 974bee725d44fc3992267b284c3c6750 Key: 974bee725d44fc3992267b284c3c6750
Encrypted RTP Payload: 621e408a2e455505b39f704dcbac4307 Encrypted RTP Payload: 621e408a2e455505b39f704dcbac4307
daabbd6d670abc4e42f2fd2fca263f09 daabbd6d670abc4e42f2fd2fca263f09
4f4683e6fb0b10c5093d42b69dce0ba5 4f4683e6fb0b10c5093d42b69dce0ba5
46520e7c4400975713f3bde93ef13116 46520e7c4400975713f3bde93ef13116
0b9cbcd6df78a1502be7c6ea8d395b9e 0b9cbcd6df78a1502be7c6ea8d395b9e
d0078819c3105c0ab92cb67b16ba51bb d0078819c3105c0ab92cb67b16ba51bb
1f53508738bf7a37c9a905439b88b7af 1f53508738bf7a37c9a905439b88b7af
9d51a407916fdfea8d43bf253721846d 9d51a407916fdfea8d43bf253721846d
c1671391225fc58d9d0693c8ade6a4ff c1671391225fc58d9d0693c8ade6a4ff
b034ee6543dd4e651b7a084eae60f855 b034ee6543dd4e651b7a084eae60f855
01f3dedd15238da5ebfb1590
Authentication Tag: 01f3dedd15238da5ebfb1590
A.3.6. ARIA_256_CCM_12 A.3.6. ARIA_256_CCM_12
Key: 0c5ffd37a11edc42c325287fc0604f2e Key: 0c5ffd37a11edc42c325287fc0604f2e
3e8cd5671a00fe3216aa5eb105783b54 3e8cd5671a00fe3216aa5eb105783b54
Encrypted RTP Payload: ff78128ee18ee3cb9fb0d20726a017ff Encrypted RTP Payload: ff78128ee18ee3cb9fb0d20726a017ff
67fbd09d3a4c38aa32f6d306d3fdda37 67fbd09d3a4c38aa32f6d306d3fdda37
8e459b83ed005507449d6cd981a4c1e3 8e459b83ed005507449d6cd981a4c1e3
ff4193870c276ef09b6317a01a228320 ff4193870c276ef09b6317a01a228320
6ae4b4be0d0b235422c8abb001224106 6ae4b4be0d0b235422c8abb001224106
56b75e1ffc7fb49c0d0c5d6169aa7623 56b75e1ffc7fb49c0d0c5d6169aa7623
610579968037aee8e83fc26264ea8665 610579968037aee8e83fc26264ea8665
90fd620aa3c0a5f323d953aa7f8defb0 90fd620aa3c0a5f323d953aa7f8defb0
d0d60ab5a9de44dbaf8eae74ea3ab5f3 d0d60ab5a9de44dbaf8eae74ea3ab5f3
0594154f405fd630aa4c4d5603efdfa1 0594154f405fd630aa4c4d5603efdfa1
3615b7f90a651de15da20fb6
Authentication Tag: 3615b7f90a651de15da20fb6
A.4. Key Derivation Test Vector A.4. Key Derivation Test Vector
This section provides test vectors for the default key derivation This section provides test vectors for the default key derivation
function, which uses ARIA in Counter Mode. In the following, we walk function, which uses ARIA in Counter Mode. In the following, we walk
through the initial key derivation for the ARIA Counter Mode cipher, through the initial key derivation for the ARIA Counter Mode cipher,
which requires a 16/24/32 octet session encryption key according to which requires a 16/24/32 octet session encryption key according to
the session encryption key length and a 14 octet session salt, and an the session encryption key length and a 14 octet session salt, and an
authentication function which requires a 94 octet session authentication function which requires a 94 octet session
authentication key. These values are called the cipher key, the authentication key. These values are called the cipher key, the
 End of changes. 30 change blocks. 
55 lines changed or deleted 64 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/