Dear RFC Editor:
Section 4.4 of RFC 3217 is ambiguous. The text is silent about the RC2
parameter that indicates the effective key size. This errata resolves the
ambiguity.
The first paragraph of section 4.4 says:
This section contains a RC2 Key Wrap example. Intermediate values
corresponding to the named items in section 4.1 are given in hexadecimal.
New:
This section contains a RC2 Key Wrap example. Intermediate values
corresponding to the named items in section 4.1 are given in
hexadecimal. In
this example, the effective key length parameter for the RC2
algorithm should
be 40 bits.
To aid implementors, this errata includes two examples. The first one matches
section 4.4 and uses a 40-bit effective key size. The second one uses a
128-bit effective key size. Many thanks to Peter Yee for generating the
examples and Blake Ramsdell for checking them.
Thanks,
Russ
==========================================
RC2 Effective Key Bits: 40
CEK is (16 bytes):
b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4 d9
LENGTH is: 16
LCEK is (17 bytes):
10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4
d9
PAD is (7 bytes):
48 45 cc e7 fd 12 50
LCEKPAD is (24 bytes):
10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4
d9 48 45 cc e7 fd 12 50
SHA-1 Digest is (20 bytes):
0a 6f f1 9f db 40 49 88 a2 fa ee 2e 53 37 12 98
7e ca 48 06
ICV is (8 bytes):
0a 6f f1 9f db 40 49 88
LCEKPADICV is (32 bytes):
10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4
d9 48 45 cc e7 fd 12 50 0a 6f f1 9f db 40 49 88
IV is (8 bytes):
c7 d9 00 59 b2 9e 97 f7
KEK (16 bytes):
fd 04 fd 08 06 07 07 fb 00 03 fe ff fd 02 fe 05
TEMP1 (32 bytes):
a0 1d a2 59 37 93 12 60 e4 8c 55 f5 04 ce 70 b8
ac 8c d7 9e ff 8e 99 32 9f a9 8a 07 a3 1f f7 a7
TEMP2 (40 bytes):
c7 d9 00 59 b2 9e 97 f7 a0 1d a2 59 37 93 12 60
e4 8c 55 f5 04 ce 70 b8 ac 8c d7 9e ff 8e 99 32
9f a9 8a 07 a3 1f f7 a7
TEMP3 (40 bytes):
a7 f7 1f a3 07 8a a9 9f 32 99 8e ff 9e d7 8c ac
b8 70 ce 04 f5 55 8c e4 60 12 93 37 59 a2 1d a0
f7 97 9e b2 59 00 d9 c7
FinalIV (8 bytes):
4a dd a2 2c 79 e8 21 05
KEK (16 bytes):
fd 04 fd 08 06 07 07 fb 00 03 fe ff fd 02 fe 05
RESULT (40 bytes):
70 e6 99 fb 57 01 f7 83 33 30 fb 71 e8 7c 85 a4
20 bd c9 9a f0 5d 22 af 5a 0e 48 d3 5f 31 38 98
6c ba af b4 b2 8d 4f 35
==========================================
RC2 Effective Key Bits: 128
CEK is (16 bytes):
b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4 d9
LENGTH is: 16
LCEK is (17 bytes):
10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4
d9
PAD is (7 bytes):
48 45 cc e7 fd 12 50
LCEKPAD is (24 bytes):
10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4
d9 48 45 cc e7 fd 12 50
SHA-1 Digest is (20 bytes):
0a 6f f1 9f db 40 49 88 a2 fa ee 2e 53 37 12 98
7e ca 48 06
ICV is (8 bytes):
0a 6f f1 9f db 40 49 88
LCEKPADICV is (32 bytes):
10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4
d9 48 45 cc e7 fd 12 50 0a 6f f1 9f db 40 49 88
IV is (8 bytes):
c7 d9 00 59 b2 9e 97 f7
KEK (16 bytes):
fd 04 fd 08 06 07 07 fb 00 03 fe ff fd 02 fe 05
TEMP1 (32 bytes):
03 5e 97 2a b1 5c c4 c9 c4 a0 3d ba a3 5a 21 66
67 e4 3e bc a2 67 46 ae 86 08 db c8 9e 64 ca 29
TEMP2 (40 bytes):
c7 d9 00 59 b2 9e 97 f7 03 5e 97 2a b1 5c c4 c9
c4 a0 3d ba a3 5a 21 66 67 e4 3e bc a2 67 46 ae
86 08 db c8 9e 64 ca 29
TEMP3 (40 bytes):
29 ca 64 9e c8 db 08 86 ae 46 67 a2 bc 3e e4 67
66 21 5a a3 ba 3d a0 c4 c9 c4 5c b1 2a 97 5e 03
f7 97 9e b2 59 00 d9 c7
FinalIV (8 bytes):
4a dd a2 2c 79 e8 21 05
KEK (16 bytes):
fd 04 fd 08 06 07 07 fb 00 03 fe ff fd 02 fe 05
RESULT (40 bytes):
f4 d8 02 1c 1e a4 63 d2 17 a9 eb 69 29 ff a5 77
36 d3 e2 03 86 c9 09 93 83 5b 4b e4 ad 8d 8a 1b
c6 3b 25 de 2b f7 79 93