RFC Errata
Found 1 record.
Status: Verified (1)
RFC 3217, "Triple-DES and RC2 Key Wrapping", December 2001
Source of RFC: smime (sec)
Errata ID: 639
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Russ Housley
Date Reported: 2007-10-28
Section 4.4 says:
This section contains a RC2 Key Wrap example. Intermediate values corresponding to the named items in section 4.1 are given in hexadecimal.
It should say:
This section contains a RC2 Key Wrap example. Intermediate values corresponding to the named items in section 4.1 are given in hexadecimal. In this example, the effective key length parameter for the RC2 algorithm should be 40 bits. ========================================== RC2 Effective Key Bits: 40 CEK is (16 bytes): b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4 d9 LENGTH is: 16 LCEK is (17 bytes): 10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4 d9 PAD is (7 bytes): 48 45 cc e7 fd 12 50 LCEKPAD is (24 bytes): 10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4 d9 48 45 cc e7 fd 12 50 SHA-1 Digest is (20 bytes): 0a 6f f1 9f db 40 49 88 a2 fa ee 2e 53 37 12 98 7e ca 48 06 ICV is (8 bytes): 0a 6f f1 9f db 40 49 88 LCEKPADICV is (32 bytes): 10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4 d9 48 45 cc e7 fd 12 50 0a 6f f1 9f db 40 49 88 IV is (8 bytes): c7 d9 00 59 b2 9e 97 f7 KEK (16 bytes): fd 04 fd 08 06 07 07 fb 00 03 fe ff fd 02 fe 05 TEMP1 (32 bytes): a0 1d a2 59 37 93 12 60 e4 8c 55 f5 04 ce 70 b8 ac 8c d7 9e ff 8e 99 32 9f a9 8a 07 a3 1f f7 a7 TEMP2 (40 bytes): c7 d9 00 59 b2 9e 97 f7 a0 1d a2 59 37 93 12 60 e4 8c 55 f5 04 ce 70 b8 ac 8c d7 9e ff 8e 99 32 9f a9 8a 07 a3 1f f7 a7 TEMP3 (40 bytes): a7 f7 1f a3 07 8a a9 9f 32 99 8e ff 9e d7 8c ac b8 70 ce 04 f5 55 8c e4 60 12 93 37 59 a2 1d a0 f7 97 9e b2 59 00 d9 c7 FinalIV (8 bytes): 4a dd a2 2c 79 e8 21 05 KEK (16 bytes): fd 04 fd 08 06 07 07 fb 00 03 fe ff fd 02 fe 05 RESULT (40 bytes): 70 e6 99 fb 57 01 f7 83 33 30 fb 71 e8 7c 85 a4 20 bd c9 9a f0 5d 22 af 5a 0e 48 d3 5f 31 38 98 6c ba af b4 b2 8d 4f 35 ========================================== RC2 Effective Key Bits: 128 CEK is (16 bytes): b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4 d9 LENGTH is: 16 LCEK is (17 bytes): 10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4 d9 PAD is (7 bytes): 48 45 cc e7 fd 12 50 LCEKPAD is (24 bytes): 10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4 d9 48 45 cc e7 fd 12 50 SHA-1 Digest is (20 bytes): 0a 6f f1 9f db 40 49 88 a2 fa ee 2e 53 37 12 98 7e ca 48 06 ICV is (8 bytes): 0a 6f f1 9f db 40 49 88 LCEKPADICV is (32 bytes): 10 b7 0a 25 fb c9 d8 6a 86 05 0c e0 d7 11 ea d4 d9 48 45 cc e7 fd 12 50 0a 6f f1 9f db 40 49 88 IV is (8 bytes): c7 d9 00 59 b2 9e 97 f7 KEK (16 bytes): fd 04 fd 08 06 07 07 fb 00 03 fe ff fd 02 fe 05 TEMP1 (32 bytes): 03 5e 97 2a b1 5c c4 c9 c4 a0 3d ba a3 5a 21 66 67 e4 3e bc a2 67 46 ae 86 08 db c8 9e 64 ca 29 TEMP2 (40 bytes): c7 d9 00 59 b2 9e 97 f7 03 5e 97 2a b1 5c c4 c9 c4 a0 3d ba a3 5a 21 66 67 e4 3e bc a2 67 46 ae 86 08 db c8 9e 64 ca 29 TEMP3 (40 bytes): 29 ca 64 9e c8 db 08 86 ae 46 67 a2 bc 3e e4 67 66 21 5a a3 ba 3d a0 c4 c9 c4 5c b1 2a 97 5e 03 f7 97 9e b2 59 00 d9 c7 FinalIV (8 bytes): 4a dd a2 2c 79 e8 21 05 KEK (16 bytes): fd 04 fd 08 06 07 07 fb 00 03 fe ff fd 02 fe 05 RESULT (40 bytes): f4 d8 02 1c 1e a4 63 d2 17 a9 eb 69 29 ff a5 77 36 d3 e2 03 86 c9 09 93 83 5b 4b e4 ad 8d 8a 1b c6 3b 25 de 2b f7 79 93
Notes:
The text is silent about the RC2 parameter that indicates the effective key size. This errata resolves the ambiguity.
To aid implementors, this errata includes two examples. The first one matches section 4.4 and uses a 40-bit effective key size. The second one uses a 128-bit effective key size. Many thanks to Peter Yee for generating the examples and Blake Ramsdell for checking them.