Looks fine to me.
At 08:11 PM 10/29/2007, Alice Hagens wrote:
Russ,
Please check the errata as it appears here:
http://www.rfc-editor.org/errata_search.php?rfc=3217
Some of the notes can be moved to appear before the examples, if that
is more clear.
Assumed it should be marked "Verified", or did you want it marked
"Reported" and a notification sent to the IESG requesting that they
verify it?
Thank you.
RFC Editor/ah
On Oct 28, 2007, at 12:13 PM, Russ Housley wrote:
Dear RFC Editor:
Section 4.4 of RFC 3217 is ambiguous. The text is silent about the
RC2
parameter that indicates the effective key size. This errata
resolves the
ambiguity.
The first paragraph of section 4.4 says:
This section contains a RC2 Key Wrap example. Intermediate values
corresponding to the named items in section 4.1 are given in
hexadecimal.
New:
This section contains a RC2 Key Wrap example. Intermediate values
corresponding to the named items in section 4.1 are given in
hexadecimal. In
this example, the effective key length parameter for the RC2
algorithm should
be 40 bits.
To aid implementors, this errata includes two examples. The first
one matches
section 4.4 and uses a 40-bit effective key size. The second one
uses a
128-bit effective key size. Many thanks to Peter Yee for
generating the
examples and Blake Ramsdell for checking them.
Thanks,
Russ
==========================================
RC2 Effective Key Bits: 40
CEK is (16 bytes):
b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4 d9
LENGTH is: 16
LCEK is (17 bytes):
10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4
d9
PAD is (7 bytes):
48 45 cc e7 fd 12 50
LCEKPAD is (24 bytes):
10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4
d9 48 45 cc e7 fd 12 50
SHA-1 Digest is (20 bytes):
0a 6f f1 9f db 40 49 88 a2 fa ee 2e 53 37 12 98
7e ca 48 06
ICV is (8 bytes):
0a 6f f1 9f db 40 49 88
LCEKPADICV is (32 bytes):
10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4
d9 48 45 cc e7 fd 12 50 0a 6f f1 9f db 40 49 88
IV is (8 bytes):
c7 d9 00 59 b2 9e 97 f7
KEK (16 bytes):
fd 04 fd 08 06 07 07 fb 00 03 fe ff fd 02 fe 05
TEMP1 (32 bytes):
a0 1d a2 59 37 93 12 60 e4 8c 55 f5 04 ce 70 b8
ac 8c d7 9e ff 8e 99 32 9f a9 8a 07 a3 1f f7 a7
TEMP2 (40 bytes):
c7 d9 00 59 b2 9e 97 f7 a0 1d a2 59 37 93 12 60
e4 8c 55 f5 04 ce 70 b8 ac 8c d7 9e ff 8e 99 32
9f a9 8a 07 a3 1f f7 a7
TEMP3 (40 bytes):
a7 f7 1f a3 07 8a a9 9f 32 99 8e ff 9e d7 8c ac
b8 70 ce 04 f5 55 8c e4 60 12 93 37 59 a2 1d a0
f7 97 9e b2 59 00 d9 c7
FinalIV (8 bytes):
4a dd a2 2c 79 e8 21 05
KEK (16 bytes):
fd 04 fd 08 06 07 07 fb 00 03 fe ff fd 02 fe 05
RESULT (40 bytes):
70 e6 99 fb 57 01 f7 83 33 30 fb 71 e8 7c 85 a4
20 bd c9 9a f0 5d 22 af 5a 0e 48 d3 5f 31 38 98
6c ba af b4 b2 8d 4f 35
==========================================
RC2 Effective Key Bits: 128
CEK is (16 bytes):
b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4 d9
LENGTH is: 16
LCEK is (17 bytes):
10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4
d9
PAD is (7 bytes):
48 45 cc e7 fd 12 50
LCEKPAD is (24 bytes):
10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4
d9 48 45 cc e7 fd 12 50
SHA-1 Digest is (20 bytes):
0a 6f f1 9f db 40 49 88 a2 fa ee 2e 53 37 12 98
7e ca 48 06
ICV is (8 bytes):
0a 6f f1 9f db 40 49 88
LCEKPADICV is (32 bytes):
10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4
d9 48 45 cc e7 fd 12 50 0a 6f f1 9f db 40 49 88
IV is (8 bytes):
c7 d9 00 59 b2 9e 97 f7
KEK (16 bytes):
fd 04 fd 08 06 07 07 fb 00 03 fe ff fd 02 fe 05
TEMP1 (32 bytes):
03 5e 97 2a b1 5c c4 c9 c4 a0 3d ba a3 5a 21 66
67 e4 3e bc a2 67 46 ae 86 08 db c8 9e 64 ca 29
TEMP2 (40 bytes):
c7 d9 00 59 b2 9e 97 f7 03 5e 97 2a b1 5c c4 c9
c4 a0 3d ba a3 5a 21 66 67 e4 3e bc a2 67 46 ae
86 08 db c8 9e 64 ca 29
TEMP3 (40 bytes):
29 ca 64 9e c8 db 08 86 ae 46 67 a2 bc 3e e4 67
66 21 5a a3 ba 3d a0 c4 c9 c4 5c b1 2a 97 5e 03
f7 97 9e b2 59 00 d9 c7
FinalIV (8 bytes):
4a dd a2 2c 79 e8 21 05
KEK (16 bytes):
fd 04 fd 08 06 07 07 fb 00 03 fe ff fd 02 fe 05
RESULT (40 bytes):
f4 d8 02 1c 1e a4 63 d2 17 a9 eb 69 29 ff a5 77
36 d3 e2 03 86 c9 09 93 83 5b 4b e4 ad 8d 8a 1b
c6 3b 25 de 2b f7 79 93