ETSI TS 135 204-2017 Universal Mobile Telecommunications System (UMTS) LTE 3G Security Specification of the 3GPP confidentiality and integrity algorithms Document 4 Design conforma.pdf

1、 ETSI TS 135 204 V14.0.0 (2017-04) Universal Mobile Telecommunications System (UMTS); LTE; 3G Security; Specification of the 3GPP confidentiality and integrity algorithms; Document 4: Design conformance test data (3GPP TS 35.204 version 14.0.0 Release 14) TECHNICAL SPECIFICATION ETSI ETSI TS 135 204

2、 V14.0.0 (2017-04)13GPP TS 35.204 version 14.0.0 Release 14Reference RTS/TSGS-0335204ve00 Keywords LTE,SECURITY,UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif e

3、nregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present

4、 document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive

5、 within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the

6、present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as auth

7、orized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2017. All rights reserved. DECTTM, PL

8、UGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. oneM2M logo is protected for the benefit of its Members GSM and the GSM logo

9、 are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 135 204 V14.0.0 (2017-04)23GPP TS 35.204 version 14.0.0 Release 14Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to thes

10、e essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest

11、updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web

12、server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP). The present document may refer to technical specifications or reports using their 3GPP identities, UMTS iden

13、tities or GSM identities. These should be interpreted as being references to the corresponding ETSI deliverables. The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under http:/webapp.etsi.org/key/queryform.asp. Modal verbs terminology In the present document “shall“, “shal

14、l not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct

15、 citation. ETSI ETSI TS 135 204 V14.0.0 (2017-04)33GPP TS 35.204 version 14.0.0 Release 14Contents Intellectual Property Rights 2g3Foreword . 2g3Modal verbs terminology 2g3Foreword . 4g3Introduction 4g30 Scope 5g31 Outline of the design conformance test data 5g31.1 References 5g32 Introductory infor

16、mation 6g32.1 Introduction 6g32.2 Radix 6g32.3 Bit/Byte ordering 6g32.4 Presentation of input/output data 6g32.5 Coverage. 6g33 Confidentiality algorithm f8 . 6g33.1 Overview 6g33.2 Format 6g33.3 Test Set 1 7g33.3.1 Binary Representation. 7g33.3.2 Hexadecimal Representation 7g33.4 Test Set 2 8g33.5

17、Test Set 3 8g33.6 Test Set 4 8g33.7 Test Set 5 9g33.8 Test Set 6 9g34 Integrity algorithm f9 9g34.1 Overview 9g34.2 Test Set 1 10g34.2.1 Binary Representation. 10g34.2.2 Hexadecimal Representation 10g34.3 Test Set 2 10g34.4 Test Set 3 11g34.5 Test Set 4 11g34.6 Test Set 5 11g34.7 Test Set 6 11g3Anne

18、x A (informative): Change history . 12g3History 13g3ETSI ETSI TS 135 204 V14.0.0 (2017-04)43GPP TS 35.204 version 14.0.0 Release 14Foreword This Technical Specification has been produced by the 3rdGeneration Partnership Project (3GPP). The 3GPP Confidentiality and Integrity Algorithms f8 2 presented

19、 to TSG for approval; 3 or greater indicates TSG approved document under change control. y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes have been incorporated in the

20、document. Introduction This specification has been prepared by the 3GPP Task Force, and gives black-box test data for the algorithm set. The test data has been selected to give a high degree of confidence that the implementation is correct. However, no claim is made that conformance with this test d

21、ata guarantees a correct implementation. This document is the last of four, which between them form the entire specification of the 3GPP Confidentiality and Integrity Algorithms: - 3GPP TS 35.201: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Secu

22、rity; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 1: f8 and f9 Specification“. - 3GPP TS 35.202: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algor

23、ithms; Document 2: KASUMI Specification“. - 3GPP TS 35.203: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 3: Implementors Test Data“. - 3GPP TS 35.204: “3rd Gen

24、eration Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 4: Design Conformance Test Data“. This document is purely informative. The normative part of the specification of the f8 (

25、confidentiality) and the f9 (integrity) algorithms is in the main body of Document 1. The normative part of the specification of KASUMI is found in document 2. ETSI ETSI TS 135 204 V14.0.0 (2017-04)53GPP TS 35.204 version 14.0.0 Release 140 Scope This specification gives black-box test data for the

26、algorithm set. The test data has been selected to give a high degree of confidence that the implementation is correct. However, no claim is made that conformance with this test data guarantees a correct implementation. 1 Outline of the design conformance test data Section 2 introduces the algorithms

27、 and describes the notation used in the subsequent sections. Section 3 provides test data for the Confidentiality Algorithm f8. Section 4 provides test data for the Integrity Algorithm f9. 1.1 References The following documents contain provisions which, through reference in this text, constitute pro

28、visions of the present document. - References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific. - For a specific reference, subsequent revisions do not apply. - For a non-specific reference, the latest version applies. In the case of a ref

29、erence to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document. 1 3GPP TS 33.102 version 3.2.0: “3rd Generation Partnership Project; Technical Specification Group Services and System

30、Aspects; 3G Security; Security Architecture“. 2 3GPP TS 33.105 version 3.1.0: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Cryptographic Algorithm Requirements“. 3 3GPP TS 35.201: “3rd Generation Partnership Project; Technical Specifica

31、tion Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 1: f8 and f9 Specification“. 4 3GPP TS 35.202: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification

32、of the 3GPP Confidentiality and Integrity Algorithms; Document 2: KASUMI Specification“. 5 3GPP TS 35.203: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 3: Impl

33、ementors Test Data“. 6 3GPP TS 35.204: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 4: Design Conformance Test Data“. 7 ISO/IEC 9797-1:1999: “Information techn

34、ology Security techniques Message Authentication Codes (MACs)“. ETSI ETSI TS 135 204 V14.0.0 (2017-04)63GPP TS 35.204 version 14.0.0 Release 142 Introductory information 2.1 Introduction Within the security architecture of the 3GPP system there are two standardised algorithms; a confidentiality algo

35、rithm f8, and an integrity algorithm f9. These algorithms are specified in a companion document 3. This document provides sets of input/output test data for black box testing of physical realisations of the f8 and f9 algorithms. 2.2 Radix Unless stated otherwise, all test data values presented in th

36、is document are in hexadecimal. 2.3 Bit/Byte ordering All data variables in this specification are presented with the most significant bit (or byte) on the left hand side and the least significant bit (or byte) on the right hand side. 2.4 Presentation of input/output data The basic data processed by

37、 the f8 and f9 algorithms are bit streams. In general in this document the data is presented in hexadecimal format as bytes, thus the last byte shown as part of an input or output data stream may include between 0 and 7 bits that are ignored once the LENGTH parameter is taken into account. (The leas

38、t significant bits of the byte are ignored). 2.5 Coverage For each of the algorithms the test data have been selected such that, provided the entire set of tests is run: - Each key bit will have been in both the 1 and the 0 states. - Each bit of the initialisation fields (COUNT, FRESH, BEARER, DIREC

39、TION) will have been in both the 1 and the 0 states. - Every entry in the internal S-boxes will have been used. 3 Confidentiality algorithm f8 3.1 Overview The test data sets presented here are for the f8 confidentiality algorithm. 3.2 Format Each test set shows the various inputs to the algorithm i

40、ncluding the plain text data stream to be encrypted/decrypted. (The length field is in decimal). The fields are: Key = CK0CK127 Count = COUNT0COUNT31 ETSI ETSI TS 135 204 V14.0.0 (2017-04)73GPP TS 35.204 version 14.0.0 Release 14Bearer = BEARER0BEARER3 Direction = DIRECTION0 Length = Length of data

41、in decimal Plaintext = PT0 PT1 PTLength-1 This is followed by the modified input data, i.e. it is the bit-wise exclusive-or of the corresponding keystream and the input data to the algorithm. Ciphertext = CT0 CT1.CTLength-1 As this is a stream cipher it is purely a matter of context whether the oper

42、ation is regarded as “encryption” or “decryption”. For the purposes of this document we regard the input as Plaintext and the output as Ciphertext. The first test set is shown twice, once in binary format, once in hexadecimal format. This is to explicitly show the relationship between the binary dat

43、a and the hexadecimal presentation. The remainder of the test sets are presented in hexadecimal format only. 3.3 Test Set 1 3.3.1 Binary Representation Key= 1101001111000101110101011001001000110010011111111011000100011100 0100000000110101110001100110100000001010111110001100011011010001 Count = 00111

44、001100010100101100110110100 Bearer = 10101 Direction = 1 Length = 253 bits Plaintext: 1001100000011011101001101000001001001100000110111111101100011010 1011010010000101010001110010000000101001101101110001110110000000 1000110011100011001111100010110011000011110000001011010111111100 0001111100111101111

45、010001010011011011100011001101011000111110 Ciphertext: 1100101000001010011000001011010000101001100111100110100101010100 1101101111110111011010000110111001000110111101000100000110010000 1101110010000001101100000111010000000100010010000001001110110101 00001010101100011111111001000110010110010111101110

46、10001100111 3.3.2 Hexadecimal Representation Key = D3C5D592327FB11C4035C6680AF8C6D1 Count = 398A59B4 Bearer = 15 Direction = 1 Length = 253 bits Plaintext: 981BA6824C1BFB1A B485472029B71D80 8CE33E2CC3C0B5FC 1F3DE8A6DC66B1F0 Ciphertext: CA0A60B4299E6954 DBF7686E46F44190 DC81B074044813B5 0AB1FE46597BA

47、338 ETSI ETSI TS 135 204 V14.0.0 (2017-04)83GPP TS 35.204 version 14.0.0 Release 143.4 Test Set 2 Key = 2BD6459F82C440E0952C49104805FF48 Count = C675A64B Bearer = 0C Direction = 1 Length = 798 bits Plaintext: 7EC61272743BF161 4726446A6C38CED1 66F6CA76EB543004 4286346CEF130F92 922B03450D3A9975 E5BD2E

48、A0EB55AD8E 1B199E3EC4316020 E9A1B285E7627953 59B7BDFD39BEF4B2 484583D5AFE082AE E638BF5FD5A60619 3901A08F4AB41AAB 9B134880 Cipher text: 1061793DAAACBE40 C9431E292B7FF494 96DB0D31CE24710C 01ACFF1B2C441FA9 3BB3BD65DE18027A 14CCA571A42E8B12 74AE30AC411AB6AF D88F924E65F9812D FA80EF8E9A7EA753 391D09F480D9

49、147C B39C23A1ACB9AC9B 2A6B4709F7E6DD84 D8FA59A4 3.5 Test Set 3 Key = 0A8B6BD8D9B08B08D64E32D1817777FB Count = 544D49CD Bearer = 04 Direction = 0 Length = 310 bits Plaintext: FD40A41D370A1F65 745095687D47BA1D 36D2349E23F64439 2C8EA9C49D40C132 71AFF264D0F248 Cipher text: 22B707A481F264BE 691994C2A201354D 5741A2E6B4624EE9 DF30D8D94535165B D439223EBBD074 3.6 Test Set 4 Key = AA1F95AEA533BCB32EB63BF52D8F831A Count = 72D8C671 Bearer = 10 Direction = 1 Length = 1022 bits Plaintext: FB1B9