errata logo graphic

Found 1 record.

Status: Verified (1)

RFC3217, "Triple-DES and RC2 Key Wrapping", December 2001

Source of RFC: smime (sec)

Errata ID: 639

Status: Verified
Type: Technical

Reported By: Russ Housley
Date Reported: 2007-10-28

Section 4.4 says:

   This section contains a RC2 Key Wrap example. Intermediate values
   corresponding to the named items in section 4.1 are given in
   hexadecimal.

It should say:

   This section contains a RC2 Key Wrap example. Intermediate values
   corresponding to the named items in section 4.1 are given in
   hexadecimal. In this example, the effective key length parameter for
   the RC2 algorithm should be 40 bits.

==========================================

RC2 Effective Key Bits: 40

CEK is (16 bytes):
 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4 d9

LENGTH is: 16

LCEK is (17 bytes):
 10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4
 d9

PAD is (7 bytes):
 48 45 cc e7 fd 12 50

LCEKPAD is (24 bytes):
 10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4
 d9 48 45 cc e7 fd 12 50

SHA-1 Digest is (20 bytes):
 0a 6f f1 9f db 40 49 88 a2 fa ee 2e 53 37 12 98
 7e ca 48 06

ICV is (8 bytes):
 0a 6f f1 9f db 40 49 88

LCEKPADICV is (32 bytes):
 10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4
 d9 48 45 cc e7 fd 12 50 0a 6f f1 9f db 40 49 88

IV is (8 bytes):
 c7 d9 00 59 b2 9e 97 f7

KEK (16 bytes):
 fd 04 fd 08 06 07 07 fb 00 03 fe ff fd 02 fe 05

TEMP1 (32 bytes):
 a0 1d a2 59 37 93 12 60 e4 8c 55 f5 04 ce 70 b8
 ac 8c d7 9e ff 8e 99 32 9f a9 8a 07 a3 1f f7 a7

TEMP2 (40 bytes):
 c7 d9 00 59 b2 9e 97 f7 a0 1d a2 59 37 93 12 60
 e4 8c 55 f5 04 ce 70 b8 ac 8c d7 9e ff 8e 99 32
 9f a9 8a 07 a3 1f f7 a7

TEMP3 (40 bytes):
 a7 f7 1f a3 07 8a a9 9f 32 99 8e ff 9e d7 8c ac
 b8 70 ce 04 f5 55 8c e4 60 12 93 37 59 a2 1d a0
 f7 97 9e b2 59 00 d9 c7

FinalIV (8 bytes):
 4a dd a2 2c 79 e8 21 05

KEK (16 bytes):
 fd 04 fd 08 06 07 07 fb 00 03 fe ff fd 02 fe 05

RESULT (40 bytes):
 70 e6 99 fb 57 01 f7 83 33 30 fb 71 e8 7c 85 a4
 20 bd c9 9a f0 5d 22 af 5a 0e 48 d3 5f 31 38 98
 6c ba af b4 b2 8d 4f 35

==========================================

RC2 Effective Key Bits: 128

CEK is (16 bytes):
 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4 d9

LENGTH is: 16

LCEK is (17 bytes):
 10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4
 d9

PAD is (7 bytes):
 48 45 cc e7 fd 12 50

LCEKPAD is (24 bytes):
 10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4
 d9 48 45 cc e7 fd 12 50

SHA-1 Digest is (20 bytes):
 0a 6f f1 9f db 40 49 88 a2 fa ee 2e 53 37 12 98
 7e ca 48 06

ICV is (8 bytes):
 0a 6f f1 9f db 40 49 88

LCEKPADICV is (32 bytes):
 10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4
 d9 48 45 cc e7 fd 12 50 0a 6f f1 9f db 40 49 88

IV is (8 bytes):
 c7 d9 00 59 b2 9e 97 f7

KEK (16 bytes):
 fd 04 fd 08 06 07 07 fb 00 03 fe ff fd 02 fe 05

TEMP1 (32 bytes):
 03 5e 97 2a b1 5c c4 c9 c4 a0 3d ba a3 5a 21 66
 67 e4 3e bc a2 67 46 ae 86 08 db c8 9e 64 ca 29

TEMP2 (40 bytes):
 c7 d9 00 59 b2 9e 97 f7 03 5e 97 2a b1 5c c4 c9
 c4 a0 3d ba a3 5a 21 66 67 e4 3e bc a2 67 46 ae
 86 08 db c8 9e 64 ca 29

TEMP3 (40 bytes):
 29 ca 64 9e c8 db 08 86 ae 46 67 a2 bc 3e e4 67
 66 21 5a a3 ba 3d a0 c4 c9 c4 5c b1 2a 97 5e 03
 f7 97 9e b2 59 00 d9 c7

FinalIV (8 bytes):
 4a dd a2 2c 79 e8 21 05

KEK (16 bytes):
 fd 04 fd 08 06 07 07 fb 00 03 fe ff fd 02 fe 05

RESULT (40 bytes):
 f4 d8 02 1c 1e a4 63 d2 17 a9 eb 69 29 ff a5 77
 36 d3 e2 03 86 c9 09 93 83 5b 4b e4 ad 8d 8a 1b
 c6 3b 25 de 2b f7 79 93

Notes:

The text is silent about the RC2 parameter that indicates the effective key size. This errata resolves the ambiguity.

To aid implementors, this errata includes two examples. The first one matches section 4.4 and uses a 40-bit effective key size. The second one uses a 128-bit effective key size. Many thanks to Peter Yee for generating the examples and Blake Ramsdell for checking them.


Report New Errata