ETSI TS 135 204-2018 Universal Mobile Telecommunications System (UMTS) LTE 3G Security Specification of the 3GPP confidentiality and integrity algorithms Document 4 Design conforma.pdf

1、 ETSI TS 135 204 V15.0.0 (2018-07) Universal Mobile Telecommunications System (UMTS); LTE; 3G Security; Specification of the 3GPP confidentiality and integrity algorithms; Document 4: Design conformance test data (3GPP TS 35.204 version 15.0.0 Release 15) TECHNICAL SPECIFICATION ETSI ETSI TS 135 204

2、 V15.0.0 (2018-07)13GPP TS 35.204 version 15.0.0 Release 15Reference RTS/TSGS-0335204vf00 Keywords LTE,SECURITY,UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif e

3、nregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present

4、 document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive

5、 within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the

6、present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as auth

7、orized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. ETSI 2018. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are trad

8、emarks of ETSI registered for the benefit of its Members. 3GPPTM and LTETMare trademarks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. oneM2M logo is protected for the benefit of its Members. GSMand the GSM logo are trademarks registered and owned by the

9、GSM Association. ETSI ETSI TS 135 204 V15.0.0 (2018-07)23GPP TS 35.204 version 15.0.0 Release 15Intellectual Property Rights Essential patents IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The information pertaining to these essential IPRs, if any,

10、 is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on

11、the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may

12、 be, or may become, essential to the present document. Trademarks The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners. ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no rig

13、ht to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks. Foreword This Technical Specification (TS) has been produced by ETSI 3rd Gene

14、ration Partnership Project (3GPP). The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or GSM identities. These should be interpreted as being references to the corresponding ETSI deliverables. The cross reference between GSM, UMTS, 3GPP

15、 and ETSI identities can be found under http:/webapp.etsi.org/key/queryform.asp. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafti

16、ng Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 135 204 V15.0.0 (2018-07)33GPP TS 35.204 version 15.0.0 Release 15Contents Intellectual Property Rights 2g3Foreword . 2g3Modal verbs

17、terminology 2g3Foreword . 4g3Introduction 4g30 Scope 5g31 Outline of the design conformance test data 5g31.1 References 5g32 Introductory information 5g32.1 Introduction 5g32.2 Radix 6g32.3 Bit/Byte ordering 6g32.4 Presentation of input/output data 6g32.5 Coverage. 6g33 Confidentiality algorithm f8

18、. 6g33.1 Overview 6g33.2 Format 6g33.3 Test Set 1 7g33.3.1 Binary Representation. 7g33.3.2 Hexadecimal Representation 7g33.4 Test Set 2 7g33.5 Test Set 3 8g33.6 Test Set 4 8g33.7 Test Set 5 8g33.8 Test Set 6 9g34 Integrity algorithm f9 9g34.1 Overview 9g34.2 Test Set 1 10g34.2.1 Binary Representatio

19、n. 10g34.2.2 Hexadecimal Representation 10g34.3 Test Set 2 10g34.4 Test Set 3 10g34.5 Test Set 4 10g34.6 Test Set 5 11g34.7 Test Set 6 11g3Annex A (informative): Change history . 12g3History 13g3ETSI ETSI TS 135 204 V15.0.0 (2018-07)43GPP TS 35.204 version 15.0.0 Release 15Foreword This Technical Sp

20、ecification has been produced by the 3rdGeneration Partnership Project (3GPP). The 3GPP Confidentiality and Integrity Algorithms f8 2 presented to TSG for approval; 3 or greater indicates TSG approved document under change control. y the second digit is incremented for all changes of substance, i.e.

21、 technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes have been incorporated in the document. Introduction This specification has been prepared by the 3GPP Task Force, and gives black-box test data for the algorithm set. The test data has be

22、en selected to give a high degree of confidence that the implementation is correct. However, no claim is made that conformance with this test data guarantees a correct implementation. This document is the last of four, which between them form the entire specification of the 3GPP Confidentiality and

23、Integrity Algorithms: - 3GPP TS 35.201: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 1: f8 and f9 Specification“. - 3GPP TS 35.202: “3rd Generation Partnership

24、 Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 2: KASUMI Specification“. - 3GPP TS 35.203: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3

25、G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 3: Implementors Test Data“. - 3GPP TS 35.204: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity

26、Algorithms; Document 4: Design Conformance Test Data“. This document is purely informative. The normative part of the specification of the f8 (confidentiality) and the f9 (integrity) algorithms is in the main body of Document 1. The normative part of the specification of KASUMI is found in document

27、2. ETSI ETSI TS 135 204 V15.0.0 (2018-07)53GPP TS 35.204 version 15.0.0 Release 150 Scope This specification gives black-box test data for the algorithm set. The test data has been selected to give a high degree of confidence that the implementation is correct. However, no claim is made that conform

28、ance with this test data guarantees a correct implementation. 1 Outline of the design conformance test data Section 2 introduces the algorithms and describes the notation used in the subsequent sections. Section 3 provides test data for the Confidentiality Algorithm f8. Section 4 provides test data

29、for the Integrity Algorithm f9. 1.1 References The following documents contain provisions which, through reference in this text, constitute provisions of the present document. - References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.

30、- For a specific reference, subsequent revisions do not apply. - For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release a

31、s the present document. 1 3GPP TS 33.102 version 3.2.0: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Security Architecture“. 2 3GPP TS 33.105 version 3.1.0: “3rd Generation Partnership Project; Technical Specification Group Services and

32、 System Aspects; 3G Security; Cryptographic Algorithm Requirements“. 3 3GPP TS 35.201: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 1: f8 and f9 Specification“

33、. 4 3GPP TS 35.202: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 2: KASUMI Specification“. 5 3GPP TS 35.203: “3rd Generation Partnership Project; Technical Spe

34、cification Group Services and System Aspects; 3G Security; Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 3: Implementors Test Data“. 6 3GPP TS 35.204: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specifica

35、tion of the 3GPP Confidentiality and Integrity Algorithms; Document 4: Design Conformance Test Data“. 7 ISO/IEC 9797-1:1999: “Information technology Security techniques Message Authentication Codes (MACs)“. 2 Introductory information 2.1 Introduction Within the security architecture of the 3GPP syst

36、em there are two standardised algorithms; a confidentiality algorithm f8, and an integrity algorithm f9. These algorithms are specified in a companion document 3. ETSI ETSI TS 135 204 V15.0.0 (2018-07)63GPP TS 35.204 version 15.0.0 Release 15This document provides sets of input/output test data for

37、black box testing of physical realisations of the f8 and f9 algorithms. 2.2 Radix Unless stated otherwise, all test data values presented in this document are in hexadecimal. 2.3 Bit/Byte ordering All data variables in this specification are presented with the most significant bit (or byte) on the l

38、eft hand side and the least significant bit (or byte) on the right hand side. 2.4 Presentation of input/output data The basic data processed by the f8 and f9 algorithms are bit streams. In general in this document the data is presented in hexadecimal format as bytes, thus the last byte shown as part

39、 of an input or output data stream may include between 0 and 7 bits that are ignored once the LENGTH parameter is taken into account. (The least significant bits of the byte are ignored). 2.5 Coverage For each of the algorithms the test data have been selected such that, provided the entire set of t

40、ests is run: - Each key bit will have been in both the 1 and the 0 states. - Each bit of the initialisation fields (COUNT, FRESH, BEARER, DIRECTION) will have been in both the 1 and the 0 states. - Every entry in the internal S-boxes will have been used. 3 Confidentiality algorithm f8 3.1 Overview T

41、he test data sets presented here are for the f8 confidentiality algorithm. 3.2 Format Each test set shows the various inputs to the algorithm including the plain text data stream to be encrypted/decrypted. (The length field is in decimal). The fields are: Key = CK0CK127 Count = COUNT0COUNT31 Bearer

42、= BEARER0BEARER3 Direction = DIRECTION0 Length = Length of data in decimal Plaintext = PT0 PT1 PTLength-1 This is followed by the modified input data, i.e. it is the bit-wise exclusive-or of the corresponding keystream and the input data to the algorithm. Ciphertext = CT0 CT1.CTLength-1 As this is a

43、 stream cipher it is purely a matter of context whether the operation is regarded as “encryption” or “decryption”. For the purposes of this document we regard the input as Plaintext and the output as Ciphertext. ETSI ETSI TS 135 204 V15.0.0 (2018-07)73GPP TS 35.204 version 15.0.0 Release 15The first

44、 test set is shown twice, once in binary format, once in hexadecimal format. This is to explicitly show the relationship between the binary data and the hexadecimal presentation. The remainder of the test sets are presented in hexadecimal format only. 3.3 Test Set 1 3.3.1 Binary Representation Key=

45、1101001111000101110101011001001000110010011111111011000100011100 0100000000110101110001100110100000001010111110001100011011010001 Count = 00111001100010100101100110110100 Bearer = 10101 Direction = 1 Length = 253 bits Plaintext: 1001100000011011101001101000001001001100000110111111101100011010 101101

46、0010000101010001110010000000101001101101110001110110000000 1000110011100011001111100010110011000011110000001011010111111100 0001111100111101111010001010011011011100011001101011000111110 Ciphertext: 1100101000001010011000001011010000101001100111100110100101010100 1101101111110111011010000110111001000

47、110111101000100000110010000 1101110010000001101100000111010000000100010010000001001110110101 0000101010110001111111100100011001011001011110111010001100111 3.3.2 Hexadecimal Representation Key = D3C5D592327FB11C4035C6680AF8C6D1 Count = 398A59B4 Bearer = 15 Direction = 1 Length = 253 bits Plaintext: 9

48、81BA6824C1BFB1A B485472029B71D80 8CE33E2CC3C0B5FC 1F3DE8A6DC66B1F0 Ciphertext: CA0A60B4299E6954 DBF7686E46F44190 DC81B074044813B5 0AB1FE46597BA338 3.4 Test Set 2 Key = 2BD6459F82C440E0952C49104805FF48 Count = C675A64B Bearer = 0C Direction = 1 Length = 798 bits Plaintext: 7EC61272743BF161 4726446A6C

49、38CED1 66F6CA76EB543004 4286346CEF130F92 922B03450D3A9975 E5BD2EA0EB55AD8E 1B199E3EC4316020 E9A1B285E7627953 59B7BDFD39BEF4B2 484583D5AFE082AE E638BF5FD5A60619 3901A08F4AB41AAB 9B134880 Cipher text: 1061793DAAACBE40 C9431E292B7FF494 96DB0D31CE24710C 01ACFF1B2C441FA9 3BB3BD65DE18027A 14CCA571A42E8B12 74AE30AC411AB6AF D88F924E65F9812D FA80EF8E9A7EA753 391D09F480D9147C B39C23A1ACB9AC9B 2A6B4709F7E6DD84 D8FA59A4 ETSI ETSI TS 135 204 V15.0.0 (2018-07)83GPP TS 35.204 version 15.0.0 Release 153.5 Test