ETSI TS 135 204-2016 Universal Mobile Telecommunications System (UMTS) LTE 3G Security Specification of the 3GPP confidentiality and integrity algorithms Document 4 Design conforma.pdf

1、 ETSI TS 1Universal Mobile TelSpecification ointeDocument 4: D(3GPP TS 35.2TECHNICAL SPECIFICATION135 204 V13.0.0 (2016elecommunications System (LTE; 3G Security; of the 3GPP confidentiality anntegrity algorithms; : Design conformance test dat.204 version 13.0.0 Release 1316-01) (UMTS); and ata 13)

2、ETSI ETSI TS 135 204 V13.0.0 (2016-01)13GPP TS 35.204 version 13.0.0 Release 13Reference RTS/TSGS-0335204vd00 Keywords LTE,SECURITY,UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Associatio

3、n but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print ver

4、sions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a sp

5、ecific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find erro

6、rs in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm exce

7、pt as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved.

8、DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the G

9、SM Association. ETSI ETSI TS 135 204 V13.0.0 (2016-01)23GPP TS 35.204 version 13.0.0 Release 13Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly availabl

10、e for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (

11、https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, e

12、ssential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP). The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or GSM identities. These should be inte

13、rpreted as being references to the corresponding ETSI deliverables. The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under http:/webapp.etsi.org/key/queryform.asp. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need n

14、ot“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 135 204 V13.0.0 (2016-

15、01)33GPP TS 35.204 version 13.0.0 Release 13Contents Intellectual Property Rights 2g3Foreword . 2g3Modal verbs terminology 2g3Foreword . 4g3Introduction 4g30 Scope 5g31 Outline of the design conformance test data 5g31.1 References 5g32 Introductory information 6g32.1 Introduction 6g32.2 Radix 6g32.3

16、 Bit/Byte ordering 6g32.4 Presentation of input/output data 6g32.5 Coverage. 6g33 Confidentiality algorithm f8 . 6g33.1 Overview 6g33.2 Format 6g33.3 Test Set 1 7g33.3.1 Binary Representation. 7g33.3.2 Hexadecimal Representation 7g33.4 Test Set 2 8g33.5 Test Set 3 8g33.6 Test Set 4 8g33.7 Test Set 5

17、 9g33.8 Test Set 6 9g34 Integrity algorithm f9 9g34.1 Overview 9g34.2 Test Set 1 10g34.2.1 Binary Representation. 10g34.2.2 Hexadecimal Representation 10g34.3 Test Set 2 10g34.4 Test Set 3 11g34.5 Test Set 4 11g34.6 Test Set 5 11g34.7 Test Set 6 11g3Annex A (informative): Change history . 12g3Histor

18、y 13g3ETSI ETSI TS 135 204 V13.0.0 (2016-01)43GPP TS 35.204 version 13.0.0 Release 13Foreword This Technical Specification has been produced by the 3rdGeneration Partnership Project (3GPP). The 3GPP Confidentiality and Integrity Algorithms f8 2 presented to TSG for approval; 3 or greater indicates T

19、SG approved document under change control. y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes have been incorporated in the document. Introduction This specification has

20、been prepared by the 3GPP Task Force, and gives black-box test data for the algorithm set. The test data has been selected to give a high degree of confidence that the implementation is correct. However, no claim is made that conformance with this test data guarantees a correct implementation. This

21、document is the last of four, which between them form the entire specification of the 3GPP Confidentiality and Integrity Algorithms: - 3GPP TS 35.201: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentialit

22、y and Integrity Algorithms; Document 1: f8 and f9 Specification“. - 3GPP TS 35.202: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 2: KASUMI Specification“. - 3G

23、PP TS 35.203: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 3: Implementors“ Test Data“. - 3GPP TS 35.204: “3rd Generation Partnership Project; Technical Specif

24、ication Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 4: Design Conformance Test Data“. This document is purely informative. The normative part of the specification of the f8 (confidentiality) and the f9 (integrity) algor

25、ithms is in the main body of Document 1. The normative part of the specification of KASUMI is found in document 2. ETSI ETSI TS 135 204 V13.0.0 (2016-01)53GPP TS 35.204 version 13.0.0 Release 130 Scope This specification gives black-box test data for the algorithm set. The test data has been selecte

26、d to give a high degree of confidence that the implementation is correct. However, no claim is made that conformance with this test data guarantees a correct implementation. 1 Outline of the design conformance test data Section 2 introduces the algorithms and describes the notation used in the subse

27、quent sections. Section 3 provides test data for the Confidentiality Algorithm f8. Section 4 provides test data for the Integrity Algorithm f9. 1.1 References The following documents contain provisions which, through reference in this text, constitute provisions of the present document. References a

28、re either specific (identified by date of publication, edition number, version number, etc.) or non-specific. For a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document

29、), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document. 1 3GPP TS 33.102 version 3.2.0: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Security Architecture“. 2 3GP

30、P TS 33.105 version 3.1.0: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Cryptographic Algorithm Requirements“. 3 3GPP TS 35.201: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security

31、; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 1: f8 and f9 Specification“. 4 3GPP TS 35.202: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithm

32、s; Document 2: KASUMI Specification“. 5 3GPP TS 35.203: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 3: Implementors“ Test Data“. 6 3GPP TS 35.204: “3rd Genera

33、tion Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 4: Design Conformance Test Data“. 7 ISO/IEC 9797-1:1999: “Information technology Security techniques Message Authentication C

34、odes (MACs)“. ETSI ETSI TS 135 204 V13.0.0 (2016-01)63GPP TS 35.204 version 13.0.0 Release 132 Introductory information 2.1 Introduction Within the security architecture of the 3GPP system there are two standardised algorithms; a confidentiality algorithm f8, and an integrity algorithm f9. These alg

35、orithms are specified in a companion document 3. This document provides sets of input/output test data for “black box“ testing of physical realisations of the f8 and f9 algorithms. 2.2 Radix Unless stated otherwise, all test data values presented in this document are in hexadecimal. 2.3 Bit/Byte ord

36、ering All data variables in this specification are presented with the most significant bit (or byte) on the left hand side and the least significant bit (or byte) on the right hand side. 2.4 Presentation of input/output data The basic data processed by the f8 and f9 algorithms are bit streams. In ge

37、neral in this document the data is presented in hexadecimal format as bytes, thus the last byte shown as part of an input or output data stream may include between 0 and 7 bits that are ignored once the LENGTH parameter is taken into account. (The least significant bits of the byte are ignored). 2.5

38、 Coverage For each of the algorithms the test data have been selected such that, provided the entire set of tests is run: - Each key bit will have been in both the “1“ and the “0“ states. - Each bit of the initialisation fields (COUNT, FRESH, BEARER, DIRECTION) will have been in both the “1“ and the

39、 “0“ states. - Every entry in the internal S-boxes will have been used. 3 Confidentiality algorithm f8 3.1 Overview The test data sets presented here are for the f8 confidentiality algorithm. 3.2 Format Each test set shows the various inputs to the algorithm including the plain text data stream to b

40、e encrypted/decrypted. (The length field is in decimal). The fields are: Key = CK0CK127 Count = COUNT0COUNT31 ETSI ETSI TS 135 204 V13.0.0 (2016-01)73GPP TS 35.204 version 13.0.0 Release 13Bearer = BEARER0BEARER3 Direction = DIRECTION0 Length = Length of data in decimal Plaintext = PT0 PT1 PTLength-

41、1 This is followed by the modified input data, i.e. it is the bit-wise exclusive-or of the corresponding keystream and the input data to the algorithm. Ciphertext = CT0 CT1.CTLength-1 As this is a stream cipher it is purely a matter of context whether the operation is regarded as encryption or decry

42、ption. For the purposes of this document we regard the input as Plaintext and the output as Ciphertext. The first test set is shown twice, once in binary format, once in hexadecimal format. This is to explicitly show the relationship between the binary data and the hexadecimal presentation. The rema

43、inder of the test sets are presented in hexadecimal format only. 3.3 Test Set 1 3.3.1 Binary Representation Key= 1101001111000101110101011001001000110010011111111011000100011100 0100000000110101110001100110100000001010111110001100011011010001 Count = 00111001100010100101100110110100 Bearer = 10101 D

44、irection = 1 Length = 253 bits Plaintext: 1001100000011011101001101000001001001100000110111111101100011010 1011010010000101010001110010000000101001101101110001110110000000 1000110011100011001111100010110011000011110000001011010111111100 0001111100111101111010001010011011011100011001101011000111110 C

45、iphertext: 1100101000001010011000001011010000101001100111100110100101010100 1101101111110111011010000110111001000110111101000100000110010000 1101110010000001101100000111010000000100010010000001001110110101 0000101010110001111111100100011001011001011110111010001100111 3.3.2 Hexadecimal Representation

46、 Key = D3C5D592327FB11C4035C6680AF8C6D1 Count = 398A59B4 Bearer = 15 Direction = 1 Length = 253 bits Plaintext: 981BA6824C1BFB1A B485472029B71D80 8CE33E2CC3C0B5FC 1F3DE8A6DC66B1F0 Ciphertext: CA0A60B4299E6954 DBF7686E46F44190 DC81B074044813B5 0AB1FE46597BA338 ETSI ETSI TS 135 204 V13.0.0 (2016-01)83

47、GPP TS 35.204 version 13.0.0 Release 133.4 Test Set 2 Key = 2BD6459F82C440E0952C49104805FF48 Count = C675A64B Bearer = 0C Direction = 1 Length = 798 bits Plaintext: 7EC61272743BF161 4726446A6C38CED1 66F6CA76EB543004 4286346CEF130F92 922B03450D3A9975 E5BD2EA0EB55AD8E 1B199E3EC4316020 E9A1B285E7627953

48、 59B7BDFD39BEF4B2 484583D5AFE082AE E638BF5FD5A60619 3901A08F4AB41AAB 9B134880 Cipher text: 1061793DAAACBE40 C9431E292B7FF494 96DB0D31CE24710C 01ACFF1B2C441FA9 3BB3BD65DE18027A 14CCA571A42E8B12 74AE30AC411AB6AF D88F924E65F9812D FA80EF8E9A7EA753 391D09F480D9147C B39C23A1ACB9AC9B 2A6B4709F7E6DD84 D8FA5

49、9A4 3.5 Test Set 3 Key = 0A8B6BD8D9B08B08D64E32D1817777FB Count = 544D49CD Bearer = 04 Direction = 0 Length = 310 bits Plaintext: FD40A41D370A1F65 745095687D47BA1D 36D2349E23F64439 2C8EA9C49D40C132 71AFF264D0F248 Cipher text: 22B707A481F264BE 691994C2A201354D 5741A2E6B4624EE9 DF30D8D94535165B D439223EBBD074 3.6 Test Set 4 Key = AA1F95AEA533BCB32EB63BF52D8F831A Count = 72D8C671 Bearer = 10 Direction = 1 Length = 1022 bits Plaintext: FB1B96C5C8BADFB2 E8E8EDFDE78E57F2 AD81E74103FC430A