rfc9605xml2.original.xml   rfc9605.xml 
<?xml version="1.0" encoding="UTF-8"?> <?xml version='1.0' encoding='utf-8'?>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> <!DOCTYPE rfc [
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.17 (Ruby 2.
6.10) -->
<!DOCTYPE rfc [
<!ENTITY nbsp "&#160;"> <!ENTITY nbsp "&#160;">
<!ENTITY zwsp "&#8203;"> <!ENTITY zwsp "&#8203;">
<!ENTITY nbhy "&#8209;"> <!ENTITY nbhy "&#8209;">
<!ENTITY wj "&#8288;"> <!ENTITY wj "&#8288;">
]> ]>
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" number="9605"
<rfc ipr="trust200902" docName="draft-ietf-sframe-enc-latest" category="std" con docName="draft-ietf-sframe-enc-09" category="std" consensus="true" submissionTyp
sensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="t e="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
rue">
<front> <front>
<title abbrev="SFrame">Secure Frame (SFrame): Lightweight Authenticated Encr yption for Real-Time Media</title> <title abbrev="SFrame">Secure Frame (SFrame): Lightweight Authenticated Encr yption for Real-Time Media</title>
<seriesInfo name="RFC" value="9605"/>
<author initials="E." surname="Omara" fullname="Emad Omara"> <author initials="E." surname="Omara" fullname="Emad Omara">
<organization>Apple</organization> <organization>Apple</organization>
<address> <address>
<email>eomara@apple.com</email> <email>eomara@apple.com</email>
</address> </address>
</author> </author>
<author initials="J." surname="Uberti" fullname="Justin Uberti"> <author initials="J." surname="Uberti" fullname="Justin Uberti">
<organization>Fixie.ai</organization> <organization>Fixie.ai</organization>
<address> <address>
<email>justin@fixie.ai</email> <email>justin@fixie.ai</email>
skipping to change at line 47 skipping to change at line 42
<address> <address>
<email>rlb@ipv.sx</email> <email>rlb@ipv.sx</email>
</address> </address>
</author> </author>
<author initials="Y." surname="Fablet" fullname="Youenn Fablet"> <author initials="Y." surname="Fablet" fullname="Youenn Fablet">
<organization>Apple</organization> <organization>Apple</organization>
<address> <address>
<email>youenn@apple.com</email> <email>youenn@apple.com</email>
</address> </address>
</author> </author>
<date year="2024" month="August"/>
<date year="2024" month="July" day="17"/>
<area>Applications and Real-Time</area> <area>Applications and Real-Time</area>
<workgroup>sframe</workgroup> <workgroup>sframe</workgroup>
<keyword>security</keyword> <keyword>real-time media encryption</keyword> <k <keyword>security</keyword>
eyword>end-to-end encryption</keyword> <keyword>real-time media encryption</keyword>
<keyword>end-to-end encryption</keyword>
<abstract> <abstract>
<?line 70?>
<t>This document describes the Secure Frame (SFrame) end-to-end encryption and <t>This document describes the Secure Frame (SFrame) end-to-end encryption and
authentication mechanism for media frames in a multiparty conference call, in authentication mechanism for media frames in a multiparty conference call, in
which central media servers (Selective Forwarding Units or SFUs) can access the which central media servers (Selective Forwarding Units or SFUs) can access the
media metadata needed to make forwarding decisions without having access to the media metadata needed to make forwarding decisions without having access to the
actual media.</t> actual media.</t>
<t>This mechanism differs from the Secure Real-Time Protocol (SRTP) in tha
<t>This mechanism differs from the Secure Real-Time Protocol (SRTP) in that t
it is independent of RTP (thus compatible with non-RTP media transport) and can it is independent of RTP (thus compatible with non-RTP media transport) and can
be applied to whole media frames in order to be more bandwidth efficient.</t> be applied to whole media frames in order to be more bandwidth efficient.</t>
</abstract> </abstract>
</front> </front>
<middle> <middle>
<?line 82?> <section anchor="introduction">
<name>Introduction</name>
<section anchor="introduction"><name>Introduction</name> <t>Modern multiparty video call systems use Selective Forwarding Unit (SFU
)
<t>Modern multiparty video call systems use Selective Forwarding Unit (SFU)
servers to efficiently route media streams to call endpoints based on factors su ch servers to efficiently route media streams to call endpoints based on factors su ch
as available bandwidth, desired video size, codec support, and other factors. An as available bandwidth, desired video size, codec support, and other factors. An
SFU typically does not need access to the media content of the conference, SFU typically does not need access to the media content of the conference,
which allows the media to be encrypted "end to end" so that it cannot be which allows the media to be encrypted "end to end" so that it cannot be
decrypted by the SFU. In order for the SFU to work properly, though, it usually decrypted by the SFU. In order for the SFU to work properly, though, it usually
needs to be able to access RTP metadata and RTCP feedback messages, which is not needs to be able to access RTP metadata and RTCP feedback messages, which is not
possible if all RTP/RTCP traffic is end-to-end encrypted.</t> possible if all RTP/RTCP traffic is end-to-end encrypted.</t>
<t>As such, two layers of encryption and authentication are required:</t>
<t>As such, two layers of encryption and authentication are required:</t> <ol spacing="normal" type="1"><li>
<t>Hop-by-hop (HBH) encryption of media, metadata, and feedback messag
<t><list style="numbers" type="1"> es
<t>Hop-by-hop (HBH) encryption of media, metadata, and feedback messages
between the endpoints and SFU</t> between the endpoints and SFU</t>
<t>End-to-end (E2E) encryption (E2EE) of media between the endpoints</t> </li>
</list></t> <li>
<t>End-to-end (E2E) encryption (E2EE) of media between the endpoints</
<t>The Secure Real-Time Protocol (SRTP) is already widely used for HBH encryptio t>
n </li>
</ol>
<t>The Secure Real-Time Protocol (SRTP) is already widely used for HBH enc
ryption
<xref target="RFC3711"/>. The SRTP "double encryption" scheme defines a way to d o E2E <xref target="RFC3711"/>. The SRTP "double encryption" scheme defines a way to d o E2E
encryption in SRTP <xref target="RFC8723"/>. Unfortunately, this scheme has poor efficiency encryption in SRTP <xref target="RFC8723"/>. Unfortunately, this scheme has poor efficiency
and high complexity, and its entanglement with RTP makes it unworkable in and high complexity, and its entanglement with RTP makes it unworkable in
several realistic SFU scenarios.</t> several realistic SFU scenarios.</t>
<t>This document proposes a new E2EE protection scheme known as SFrame,
<t>This document proposes a new E2EE protection scheme known as SFrame,
specifically designed to work in group conference calls with SFUs. SFrame is a specifically designed to work in group conference calls with SFUs. SFrame is a
general encryption framing that can be used to protect media payloads, agnostic general encryption framing that can be used to protect media payloads, agnostic
of transport.</t> of transport.</t>
</section>
</section> <section anchor="terminology">
<section anchor="terminology"><name>Terminology</name> <name>Terminology</name>
<t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>",
<t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUI "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bc
RED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL p14>",
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECO "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>",
MMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be i "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are
nterpreted as to be
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and interpreted as described in BCP&nbsp;14 <xref target="RFC2119"/> <xref
only when, they target="RFC8174"/> when, and only when, they appear in all capitals, as
appear in all capitals, as shown here.</t> shown here.</t>
<?line -18?>
<dl> <dl>
<dt>MAC:</dt> <dt>MAC:</dt>
<dd> <dd>
<t>Message Authentication Code</t> <t>Message Authentication Code</t>
</dd> </dd>
<dt>E2EE:</dt> <dt>E2EE:</dt>
<dd> <dd>
<t>End-to-End Encryption</t> <t>End-to-End Encryption</t>
</dd> </dd>
<dt>HBH:</dt> <dt>HBH:</dt>
<dd> <dd>
<t>Hop-by-Hop</t> <t>Hop-by-Hop</t>
</dd> </dd>
</dl> </dl>
<t>We use "Selective Forwarding Unit (SFU)" and "media stream" in a less f
<t>We use "Selective Forwarding Unit (SFU)" and "media stream" in a less formal ormal sense
sense
than in <xref target="RFC7656"/>. An SFU is a selective switching function for media than in <xref target="RFC7656"/>. An SFU is a selective switching function for media
payloads, and a media stream is a sequence of media payloads, payloads, and a media stream is a sequence of media payloads,
regardless of whether those media payloads are transported over RTP or some regardless of whether those media payloads are transported over RTP or some
other protocol.</t> other protocol.</t>
</section>
</section> <section anchor="goals">
<section anchor="goals"><name>Goals</name> <name>Goals</name>
<t>SFrame is designed to be a suitable E2EE protection scheme for conferen
<t>SFrame is designed to be a suitable E2EE protection scheme for conference cal ce call
l
media in a broad range of scenarios, as outlined by the following goals:</t> media in a broad range of scenarios, as outlined by the following goals:</t>
<ol spacing="normal" type="1"><li>
<t><list style="numbers" type="1"> <t>Provide a secure E2EE mechanism for audio and video in conference c
<t>Provide a secure E2EE mechanism for audio and video in conference calls alls
that can be used with arbitrary SFU servers.</t> that can be used with arbitrary SFU servers.</t>
<t>Decouple media encryption from key management to allow SFrame to be used </li>
<li>
<t>Decouple media encryption from key management to allow SFrame to be
used
with an arbitrary key management system.</t> with an arbitrary key management system.</t>
<t>Minimize packet expansion to allow successful conferencing in as many </li>
<li>
<t>Minimize packet expansion to allow successful conferencing in as ma
ny
network conditions as possible.</t> network conditions as possible.</t>
<t>Decouple the media encryption framework from the underlying transport, </li>
<li>
<t>Decouple the media encryption framework from the underlying transpo
rt,
allowing use in non-RTP scenarios, e.g., WebTransport allowing use in non-RTP scenarios, e.g., WebTransport
<xref target="I-D.ietf-webtrans-overview"/>.</t> <xref target="I-D.ietf-webtrans-overview"/>.</t>
<t>When used with RTP and its associated error-resilience mechanisms, i.e., RT </li>
X <li>
<t>When used with RTP and its associated error-resilience mechanisms,
i.e., RTX
and Forward Error Correction (FEC), require no special handling for RTX and FEC packets.</t> and Forward Error Correction (FEC), require no special handling for RTX and FEC packets.</t>
<t>Minimize the changes needed in SFU servers.</t> </li>
<t>Minimize the changes needed in endpoints.</t> <li>
<t>Work with the most popular audio and video codecs used in conferencing <t>Minimize the changes needed in SFU servers.</t>
</li>
<li>
<t>Minimize the changes needed in endpoints.</t>
</li>
<li>
<t>Work with the most popular audio and video codecs used in conferenc
ing
scenarios.</t> scenarios.</t>
</list></t> </li>
</ol>
</section> </section>
<section anchor="sframe"><name>SFrame</name> <section anchor="sframe">
<name>SFrame</name>
<t>This document defines an encryption mechanism that provides effective E2EE, <t>This document defines an encryption mechanism that provides effective E
2EE,
is simple to implement, has no dependencies on RTP, and minimizes is simple to implement, has no dependencies on RTP, and minimizes
encryption bandwidth overhead. This section describes how the mechanism encryption bandwidth overhead. This section describes how the mechanism
works and includes details of how applications utilize SFrame for media protecti on works and includes details of how applications utilize SFrame for media protecti on
as well as the actual mechanics of E2EE for protecting media.</t> as well as the actual mechanics of E2EE for protecting media.</t>
<section anchor="application-context">
<section anchor="application-context"><name>Application Context</name> <name>Application Context</name>
<t>SFrame is a general encryption framing, intended to be used as an E2E
<t>SFrame is a general encryption framing, intended to be used as an E2EE E
layer over an underlying HBH-encrypted transport such as SRTP or QUIC layer over an underlying HBH-encrypted transport such as SRTP or QUIC
<xref target="RFC3711"/><xref target="I-D.ietf-moq-transport"/>.</t> <xref target="RFC3711"/><xref target="I-D.ietf-moq-transport"/>.</t>
<t>The scale at which SFrame encryption is applied to media determines t
<t>The scale at which SFrame encryption is applied to media determines the overa he overall
ll
amount of overhead that SFrame adds to the media stream as well as the amount of overhead that SFrame adds to the media stream as well as the
engineering complexity involved in integrating SFrame into a particular engineering complexity involved in integrating SFrame into a particular
environment. Two patterns are common: using SFrame to encrypt either whole environment. Two patterns are common: using SFrame to encrypt either whole
media frames (per frame) or individual transport-level media payloads media frames (per frame) or individual transport-level media payloads
(per packet).</t> (per packet).</t>
<t>For example, <xref target="media-stack"/> shows a typical media sende
<t>For example, <xref target="media-stack"/> shows a typical media sender stack r stack that takes media
that takes media
from some source, encodes it into frames, divides those frames into media from some source, encodes it into frames, divides those frames into media
packets, and then sends those payloads in SRTP packets. The receiver stack packets, and then sends those payloads in SRTP packets. The receiver stack
performs the reverse operations, reassembling frames from SRTP packets and performs the reverse operations, reassembling frames from SRTP packets and
decoding. Arrows indicate two different ways that SFrame protection could be decoding. Arrows indicate two different ways that SFrame protection could be
integrated into this media stack: to encrypt whole frames or individual media integrated into this media stack: to encrypt whole frames or individual media
packets.</t> packets.</t>
<t>Applying SFrame per frame in this system offers higher efficiency but
<t>Applying SFrame per frame in this system offers higher efficiency but may may
require a more complex integration in environments where depacketization relies require a more complex integration in environments where depacketization relies
on the content of media packets. Applying SFrame per packet avoids this on the content of media packets. Applying SFrame per packet avoids this
complexity at the cost of higher bandwidth consumption. Some quantitative complexity at the cost of higher bandwidth consumption. Some quantitative
discussion of these trade-offs is provided in <xref target="overhead-analysis"/> .</t> discussion of these trade-offs is provided in <xref target="overhead-analysis"/> .</t>
<t>As noted above, however, SFrame is a general media encapsulation and
<t>As noted above, however, SFrame is a general media encapsulation and can be can be
applied in other scenarios. The important thing is that the sender and applied in other scenarios. The important thing is that the sender and
receivers of an SFrame-encrypted object agree on that object's semantics. receivers of an SFrame-encrypted object agree on that object's semantics.
SFrame does not provide this agreement; it must be arranged by the application.< /t> SFrame does not provide this agreement; it must be arranged by the application.< /t>
<figure anchor="media-stack">
<figure title="Two Options for Integrating SFrame in a Typical Media Stack" anch <name>Two Options for Integrating SFrame in a Typical Media Stack</nam
or="media-stack"><artset><artwork type="svg"><svg xmlns="http://www.w3.org/2000 e>
/svg" version="1.1" height="576" width="584" viewBox="0 0 584 576" class="diagra <artset>
m" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap= <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version=
"round"> "1.1" height="576" width="584" viewBox="0 0 584 576" class="diagram" text-anchor
<path d="M 24,112 L 24,144" fill="none" stroke="black"/> ="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 24,432 L 24,464" fill="none" stroke="black"/> <path d="M 24,112 L 24,144" fill="none" stroke="black"/>
<path d="M 56,32 L 56,240" fill="none" stroke="black"/> <path d="M 24,432 L 24,464" fill="none" stroke="black"/>
<path d="M 56,352 L 56,560" fill="none" stroke="black"/> <path d="M 56,32 L 56,240" fill="none" stroke="black"/>
<path d="M 80,64 L 80,128" fill="none" stroke="black"/> <path d="M 56,352 L 56,560" fill="none" stroke="black"/>
<path d="M 80,464 L 80,528" fill="none" stroke="black"/> <path d="M 80,64 L 80,128" fill="none" stroke="black"/>
<path d="M 152,64 L 152,128" fill="none" stroke="black"/> <path d="M 80,464 L 80,528" fill="none" stroke="black"/>
<path d="M 152,464 L 152,528" fill="none" stroke="black"/> <path d="M 152,64 L 152,128" fill="none" stroke="black"/>
<path d="M 184,104 L 184,144" fill="none" stroke="black"/> <path d="M 152,464 L 152,528" fill="none" stroke="black"/>
<path d="M 184,208 L 184,384" fill="none" stroke="black"/> <path d="M 184,104 L 184,144" fill="none" stroke="black"/>
<path d="M 184,448 L 184,488" fill="none" stroke="black"/> <path d="M 184,208 L 184,384" fill="none" stroke="black"/>
<path d="M 208,64 L 208,128" fill="none" stroke="black"/> <path d="M 184,448 L 184,488" fill="none" stroke="black"/>
<path d="M 208,464 L 208,528" fill="none" stroke="black"/> <path d="M 208,64 L 208,128" fill="none" stroke="black"/>
<path d="M 320,64 L 320,128" fill="none" stroke="black"/> <path d="M 208,464 L 208,528" fill="none" stroke="black"/>
<path d="M 320,464 L 320,528" fill="none" stroke="black"/> <path d="M 320,64 L 320,128" fill="none" stroke="black"/>
<path d="M 344,104 L 344,144" fill="none" stroke="black"/> <path d="M 320,464 L 320,528" fill="none" stroke="black"/>
<path d="M 344,208 L 344,384" fill="none" stroke="black"/> <path d="M 344,104 L 344,144" fill="none" stroke="black"/>
<path d="M 352,448 L 352,488" fill="none" stroke="black"/> <path d="M 344,208 L 344,384" fill="none" stroke="black"/>
<path d="M 376,64 L 376,128" fill="none" stroke="black"/> <path d="M 352,448 L 352,488" fill="none" stroke="black"/>
<path d="M 376,464 L 376,528" fill="none" stroke="black"/> <path d="M 376,64 L 376,128" fill="none" stroke="black"/>
<path d="M 424,136 L 424,272" fill="none" stroke="black"/> <path d="M 376,464 L 376,528" fill="none" stroke="black"/>
<path d="M 424,320 L 424,456" fill="none" stroke="black"/> <path d="M 424,136 L 424,272" fill="none" stroke="black"/>
<path d="M 472,64 L 472,128" fill="none" stroke="black"/> <path d="M 424,320 L 424,456" fill="none" stroke="black"/>
<path d="M 472,464 L 472,528" fill="none" stroke="black"/> <path d="M 472,64 L 472,128" fill="none" stroke="black"/>
<path d="M 496,32 L 496,88" fill="none" stroke="black"/> <path d="M 472,464 L 472,528" fill="none" stroke="black"/>
<path d="M 496,104 L 496,240" fill="none" stroke="black"/> <path d="M 496,32 L 496,88" fill="none" stroke="black"/>
<path d="M 496,352 L 496,488" fill="none" stroke="black"/> <path d="M 496,104 L 496,240" fill="none" stroke="black"/>
<path d="M 496,504 L 496,560" fill="none" stroke="black"/> <path d="M 496,352 L 496,488" fill="none" stroke="black"/>
<path d="M 504,272 L 504,320" fill="none" stroke="black"/> <path d="M 496,504 L 496,560" fill="none" stroke="black"/>
<path d="M 560,96 L 560,264" fill="none" stroke="black"/> <path d="M 504,272 L 504,320" fill="none" stroke="black"/>
<path d="M 560,320 L 560,496" fill="none" stroke="black"/> <path d="M 560,96 L 560,264" fill="none" stroke="black"/>
<path d="M 576,272 L 576,320" fill="none" stroke="black"/> <path d="M 560,320 L 560,496" fill="none" stroke="black"/>
<path d="M 56,32 L 496,32" fill="none" stroke="black"/> <path d="M 576,272 L 576,320" fill="none" stroke="black"/>
<path d="M 80,64 L 152,64" fill="none" stroke="black"/> <path d="M 56,32 L 496,32" fill="none" stroke="black"/>
<path d="M 208,64 L 320,64" fill="none" stroke="black"/> <path d="M 80,64 L 152,64" fill="none" stroke="black"/>
<path d="M 376,64 L 472,64" fill="none" stroke="black"/> <path d="M 208,64 L 320,64" fill="none" stroke="black"/>
<path d="M 160,96 L 200,96" fill="none" stroke="black"/> <path d="M 376,64 L 472,64" fill="none" stroke="black"/>
<path d="M 328,96 L 368,96" fill="none" stroke="black"/> <path d="M 160,96 L 200,96" fill="none" stroke="black"/>
<path d="M 480,96 L 560,96" fill="none" stroke="black"/> <path d="M 328,96 L 368,96" fill="none" stroke="black"/>
<path d="M 80,128 L 152,128" fill="none" stroke="black"/> <path d="M 480,96 L 560,96" fill="none" stroke="black"/>
<path d="M 208,128 L 320,128" fill="none" stroke="black"/> <path d="M 80,128 L 152,128" fill="none" stroke="black"/>
<path d="M 376,128 L 472,128" fill="none" stroke="black"/> <path d="M 208,128 L 320,128" fill="none" stroke="black"/>
<path d="M 56,240 L 176,240" fill="none" stroke="black"/> <path d="M 376,128 L 472,128" fill="none" stroke="black"/>
<path d="M 192,240 L 336,240" fill="none" stroke="black"/> <path d="M 56,240 L 176,240" fill="none" stroke="black"/>
<path d="M 352,240 L 416,240" fill="none" stroke="black"/> <path d="M 192,240 L 336,240" fill="none" stroke="black"/>
<path d="M 432,240 L 496,240" fill="none" stroke="black"/> <path d="M 352,240 L 416,240" fill="none" stroke="black"/>
<path d="M 504,272 L 576,272" fill="none" stroke="black"/> <path d="M 432,240 L 496,240" fill="none" stroke="black"/>
<path d="M 184,304 L 216,304" fill="none" stroke="black"/> <path d="M 504,272 L 576,272" fill="none" stroke="black"/>
<path d="M 320,304 L 344,304" fill="none" stroke="black"/> <path d="M 184,304 L 216,304" fill="none" stroke="black"/>
<path d="M 504,320 L 576,320" fill="none" stroke="black"/> <path d="M 320,304 L 344,304" fill="none" stroke="black"/>
<path d="M 56,352 L 176,352" fill="none" stroke="black"/> <path d="M 504,320 L 576,320" fill="none" stroke="black"/>
<path d="M 192,352 L 336,352" fill="none" stroke="black"/> <path d="M 56,352 L 176,352" fill="none" stroke="black"/>
<path d="M 352,352 L 416,352" fill="none" stroke="black"/> <path d="M 192,352 L 336,352" fill="none" stroke="black"/>
<path d="M 432,352 L 496,352" fill="none" stroke="black"/> <path d="M 352,352 L 416,352" fill="none" stroke="black"/>
<path d="M 80,464 L 152,464" fill="none" stroke="black"/> <path d="M 432,352 L 496,352" fill="none" stroke="black"/>
<path d="M 208,464 L 320,464" fill="none" stroke="black"/> <path d="M 80,464 L 152,464" fill="none" stroke="black"/>
<path d="M 376,464 L 472,464" fill="none" stroke="black"/> <path d="M 208,464 L 320,464" fill="none" stroke="black"/>
<path d="M 160,496 L 200,496" fill="none" stroke="black"/> <path d="M 376,464 L 472,464" fill="none" stroke="black"/>
<path d="M 328,496 L 368,496" fill="none" stroke="black"/> <path d="M 160,496 L 200,496" fill="none" stroke="black"/>
<path d="M 480,496 L 560,496" fill="none" stroke="black"/> <path d="M 328,496 L 368,496" fill="none" stroke="black"/>
<path d="M 80,528 L 152,528" fill="none" stroke="black"/> <path d="M 480,496 L 560,496" fill="none" stroke="black"/>
<path d="M 208,528 L 320,528" fill="none" stroke="black"/> <path d="M 80,528 L 152,528" fill="none" stroke="black"/>
<path d="M 376,528 L 472,528" fill="none" stroke="black"/> <path d="M 208,528 L 320,528" fill="none" stroke="black"/>
<path d="M 56,560 L 496,560" fill="none" stroke="black"/> <path d="M 376,528 L 472,528" fill="none" stroke="black"/>
<path d="M 24,464 L 40,496" fill="none" stroke="black"/> <path d="M 56,560 L 496,560" fill="none" stroke="black"/>
<path d="M 24,432 L 40,464" fill="none" stroke="black"/> <path d="M 24,464 L 40,496" fill="none" stroke="black"/>
<path d="M 24,144 L 40,176" fill="none" stroke="black"/> <path d="M 24,432 L 40,464" fill="none" stroke="black"/>
<path d="M 24,112 L 40,144" fill="none" stroke="black"/> <path d="M 24,144 L 40,176" fill="none" stroke="black"/>
<path d="M 8,144 L 24,112" fill="none" stroke="black"/> <path d="M 24,112 L 40,144" fill="none" stroke="black"/>
<path d="M 8,176 L 24,144" fill="none" stroke="black"/> <path d="M 8,144 L 24,112" fill="none" stroke="black"/>
<path d="M 8,464 L 24,432" fill="none" stroke="black"/> <path d="M 8,176 L 24,144" fill="none" stroke="black"/>
<path d="M 8,496 L 24,464" fill="none" stroke="black"/> <path d="M 8,464 L 24,432" fill="none" stroke="black"/>
<path d="M 24,80 C 15.16936,80 8,87.16936 8,96" fill="none" stroke="black"/> <path d="M 8,496 L 24,464" fill="none" stroke="black"/>
<path d="M 24,80 C 32.83064,80 40,87.16936 40,96" fill="none" stroke="black"/> <path d="M 24,80 C 15.16936,80 8,87.16936 8,96" fill="none" stro
<path d="M 24,112 C 15.16936,112 8,104.83064 8,96" fill="none" stroke="black"/> ke="black"/>
<path d="M 24,112 C 32.83064,112 40,104.83064 40,96" fill="none" stroke="black"/ <path d="M 24,80 C 32.83064,80 40,87.16936 40,96" fill="none" st
> roke="black"/>
<path d="M 24,400 C 15.16936,400 8,407.16936 8,416" fill="none" stroke="black"/> <path d="M 24,112 C 15.16936,112 8,104.83064 8,96" fill="none" s
<path d="M 24,400 C 32.83064,400 40,407.16936 40,416" fill="none" stroke="black" troke="black"/>
/> <path d="M 24,112 C 32.83064,112 40,104.83064 40,96" fill="none"
<path d="M 24,432 C 15.16936,432 8,424.83064 8,416" fill="none" stroke="black"/> stroke="black"/>
<path d="M 24,432 C 32.83064,432 40,424.83064 40,416" fill="none" stroke="black" <path d="M 24,400 C 15.16936,400 8,407.16936 8,416" fill="none"
/> stroke="black"/>
<polygon class="arrowhead" points="568,264 556,258.4 556,269.6" fill="black" tra <path d="M 24,400 C 32.83064,400 40,407.16936 40,416" fill="none
nsform="rotate(90,560,264)"/> " stroke="black"/>
<polygon class="arrowhead" points="488,496 476,490.4 476,501.6" fill="black" tra <path d="M 24,432 C 15.16936,432 8,424.83064 8,416" fill="none"
nsform="rotate(180,480,496)"/> stroke="black"/>
<polygon class="arrowhead" points="432,456 420,450.4 420,461.6" fill="black" tra <path d="M 24,432 C 32.83064,432 40,424.83064 40,416" fill="none
nsform="rotate(90,424,456)"/> " stroke="black"/>
<polygon class="arrowhead" points="432,136 420,130.4 420,141.6" fill="black" tra <polygon class="arrowhead" points="568,264 556,258.4 556,269.6"
nsform="rotate(270,424,136)"/> fill="black" transform="rotate(90,560,264)"/>
<polygon class="arrowhead" points="376,96 364,90.4 364,101.6" fill="black" trans <polygon class="arrowhead" points="488,496 476,490.4 476,501.6"
form="rotate(0,368,96)"/> fill="black" transform="rotate(180,480,496)"/>
<polygon class="arrowhead" points="360,488 348,482.4 348,493.6" fill="black" tra <polygon class="arrowhead" points="432,456 420,450.4 420,461.6"
nsform="rotate(90,352,488)"/> fill="black" transform="rotate(90,424,456)"/>
<polygon class="arrowhead" points="352,384 340,378.4 340,389.6" fill="black" tra <polygon class="arrowhead" points="432,136 420,130.4 420,141.6"
nsform="rotate(90,344,384)"/> fill="black" transform="rotate(270,424,136)"/>
<polygon class="arrowhead" points="352,208 340,202.4 340,213.6" fill="black" tra <polygon class="arrowhead" points="376,96 364,90.4 364,101.6" fi
nsform="rotate(270,344,208)"/> ll="black" transform="rotate(0,368,96)"/>
<polygon class="arrowhead" points="352,104 340,98.4 340,109.6" fill="black" tran <polygon class="arrowhead" points="360,488 348,482.4 348,493.6"
sform="rotate(270,344,104)"/> fill="black" transform="rotate(90,352,488)"/>
<polygon class="arrowhead" points="336,496 324,490.4 324,501.6" fill="black" tra <polygon class="arrowhead" points="352,384 340,378.4 340,389.6"
nsform="rotate(180,328,496)"/> fill="black" transform="rotate(90,344,384)"/>
<polygon class="arrowhead" points="208,96 196,90.4 196,101.6" fill="black" trans <polygon class="arrowhead" points="352,208 340,202.4 340,213.6"
form="rotate(0,200,96)"/> fill="black" transform="rotate(270,344,208)"/>
<polygon class="arrowhead" points="192,488 180,482.4 180,493.6" fill="black" tra <polygon class="arrowhead" points="352,104 340,98.4 340,109.6" f
nsform="rotate(90,184,488)"/> ill="black" transform="rotate(270,344,104)"/>
<polygon class="arrowhead" points="192,384 180,378.4 180,389.6" fill="black" tra <polygon class="arrowhead" points="336,496 324,490.4 324,501.6"
nsform="rotate(90,184,384)"/> fill="black" transform="rotate(180,328,496)"/>
<polygon class="arrowhead" points="192,208 180,202.4 180,213.6" fill="black" tra <polygon class="arrowhead" points="208,96 196,90.4 196,101.6" fi
nsform="rotate(270,184,208)"/> ll="black" transform="rotate(0,200,96)"/>
<polygon class="arrowhead" points="192,104 180,98.4 180,109.6" fill="black" tran <polygon class="arrowhead" points="192,488 180,482.4 180,493.6"
sform="rotate(270,184,104)"/> fill="black" transform="rotate(90,184,488)"/>
<polygon class="arrowhead" points="168,496 156,490.4 156,501.6" fill="black" tra <polygon class="arrowhead" points="192,384 180,378.4 180,389.6"
nsform="rotate(180,160,496)"/> fill="black" transform="rotate(90,184,384)"/>
<g class="text"> <polygon class="arrowhead" points="192,208 180,202.4 180,213.6"
<text x="424" y="84">HBH</text> fill="black" transform="rotate(270,184,208)"/>
<text x="116" y="100">Encode</text> <polygon class="arrowhead" points="192,104 180,98.4 180,109.6" f
<text x="264" y="100">Packetize</text> ill="black" transform="rotate(270,184,104)"/>
<text x="424" y="100">Protect</text> <polygon class="arrowhead" points="168,496 156,490.4 156,501.6"
<text x="180" y="164">SFrame</text> fill="black" transform="rotate(180,160,496)"/>
<text x="340" y="164">SFrame</text> <g class="text">
<text x="184" y="180">Protect</text> <text x="424" y="84">HBH</text>
<text x="344" y="180">Protect</text> <text x="116" y="100">Encode</text>
<text x="24" y="196">Alice</text> <text x="264" y="100">Packetize</text>
<text x="156" y="196">(per</text> <text x="424" y="100">Protect</text>
<text x="204" y="196">frame)</text> <text x="180" y="164">SFrame</text>
<text x="316" y="196">(per</text> <text x="340" y="164">SFrame</text>
<text x="368" y="196">packet)</text> <text x="184" y="180">Protect</text>
<text x="248" y="292">E2E</text> <text x="344" y="180">Protect</text>
<text x="280" y="292">Key</text> <text x="24" y="196">Alice</text>
<text x="416" y="292">HBH</text> <text x="156" y="196">(per</text>
<text x="448" y="292">Key</text> <text x="204" y="196">frame)</text>
<text x="536" y="292">Media</text> <text x="316" y="196">(per</text>
<text x="268" y="308">Management</text> <text x="368" y="196">packet)</text>
<text x="436" y="308">Management</text> <text x="248" y="292">E2E</text>
<text x="540" y="308">Server</text> <text x="280" y="292">Key</text>
<text x="180" y="404">SFrame</text> <text x="416" y="292">HBH</text>
<text x="348" y="404">SFrame</text> <text x="448" y="292">Key</text>
<text x="184" y="420">Unprotect</text> <text x="536" y="292">Media</text>
<text x="352" y="420">Unprotect</text> <text x="268" y="308">Management</text>
<text x="156" y="436">(per</text> <text x="436" y="308">Management</text>
<text x="204" y="436">frame)</text> <text x="540" y="308">Server</text>
<text x="324" y="436">(per</text> <text x="180" y="404">SFrame</text>
<text x="376" y="436">packet)</text> <text x="348" y="404">SFrame</text>
<text x="424" y="484">HBH</text> <text x="184" y="420">Unprotect</text>
<text x="116" y="500">Decode</text> <text x="352" y="420">Unprotect</text>
<text x="264" y="500">Depacketize</text> <text x="156" y="436">(per</text>
<text x="424" y="500">Unprotect</text> <text x="204" y="436">frame)</text>
<text x="24" y="516">Bob</text> <text x="324" y="436">(per</text>
</g> <text x="376" y="436">packet)</text>
</svg> <text x="424" y="484">HBH</text>
</artwork><artwork type="ascii-art"><![CDATA[ <text x="116" y="500">Decode</text>
<text x="264" y="500">Depacketize</text>
<text x="424" y="500">Unprotect</text>
<text x="24" y="516">Bob</text>
</g>
</svg>
</artwork>
<artwork type="ascii-art"><![CDATA[
+------------------------------------------------------+ +------------------------------------------------------+
| | | |
| +--------+ +-------------+ +-----------+ | | +--------+ +-------------+ +-----------+ |
.-. | | | | | | HBH | | .-. | | | | | | HBH | |
| | | | Encode |----->| Packetize |----->| Protect |----------+ | | | | Encode |----->| Packetize |----->| Protect |----------+
'+' | | | ^ | | ^ | | | | '+' | | | ^ | | ^ | | | |
/|\ | +--------+ | +-------------+ | +-----------+ | | /|\ | +--------+ | +-------------+ | +-----------+ | |
/ + \ | | | ^ | | / + \ | | | ^ | |
/ \ | SFrame SFrame | | | / \ | SFrame SFrame | | |
/ \ | Protect Protect | | | / \ | Protect Protect | | |
skipping to change at line 372 skipping to change at line 365
| | | Unprotect Unprotect | | | | | | Unprotect Unprotect | | |
'+' | (per frame) (per packet) | | | '+' | (per frame) (per packet) | | |
/|\ | | | V | | /|\ | | | V | |
/ + \ | +--------+ | +-------------+ | +-----------+ | | / + \ | +--------+ | +-------------+ | +-----------+ | |
/ \ | | | V | | V | HBH | | | / \ | | | V | | V | HBH | | |
/ \ | | Decode |<-----| Depacketize |<-----| Unprotect |<---------+ / \ | | Decode |<-----| Depacketize |<-----| Unprotect |<---------+
Bob | | | | | | | | Bob | | | | | | | |
| +--------+ +-------------+ +-----------+ | | +--------+ +-------------+ +-----------+ |
| | | |
+------------------------------------------------------+ +------------------------------------------------------+
]]></artwork></artset></figure> ]]></artwork>
</artset>
<t>Like SRTP, SFrame does not define how the keys used for SFrame are exchanged </figure>
by <t>Like SRTP, SFrame does not define how the keys used for SFrame are ex
changed by
the parties in the conference. Keys for SFrame might be distributed over an the parties in the conference. Keys for SFrame might be distributed over an
existing E2E-secure channel (see <xref target="sender-keys"/>) or derived from a n E2E-secure existing E2E-secure channel (see <xref target="sender-keys"/>) or derived from a n E2E-secure
shared secret (see <xref target="mls"/>). The key management system <bcp14>MUST </bcp14> ensure that each shared secret (see <xref target="mls"/>). The key management system <bcp14>MUST </bcp14> ensure that each
key used for encrypting media is used by exactly one media sender in order to key used for encrypting media is used by exactly one media sender in order to
avoid reuse of nonces.</t> avoid reuse of nonces.</t>
</section>
</section> <section anchor="sframe-ciphertext">
<section anchor="sframe-ciphertext"><name>SFrame Ciphertext</name> <name>SFrame Ciphertext</name>
<t>An SFrame ciphertext comprises an SFrame header followed by the outpu
<t>An SFrame ciphertext comprises an SFrame header followed by the output of an t of an
Authenticated Encryption with Associated Data (AEAD) encryption of the plaintext <xref target="RFC5116"/>, with the header provided as additional Authenticated Encryption with Associated Data (AEAD) encryption of the plaintext <xref target="RFC5116"/>, with the header provided as additional
authenticated data (AAD).</t> authenticated data (AAD).</t>
<t>The SFrame header is a variable-length structure described in detail
<t>The SFrame header is a variable-length structure described in detail in in
<xref target="sframe-header"/>. The structure of the encrypted data and authent ication tag <xref target="sframe-header"/>. The structure of the encrypted data and authent ication tag
are determined by the AEAD algorithm in use.</t> are determined by the AEAD algorithm in use.</t>
<figure anchor="sframe-ciphertext-struct">
<figure title="Structure of an SFrame Ciphertext" anchor="sframe-ciphertext-stru <name>Structure of an SFrame Ciphertext</name>
ct"><artset><artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version <artset>
="1.1" height="320" width="512" viewBox="0 0 512 320" class="diagram" text-ancho <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version=
r="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> "1.1" height="320" width="512" viewBox="0 0 512 320" class="diagram" text-anchor
<path d="M 8,64 L 8,304" fill="none" stroke="black"/> ="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 32,32 L 32,256" fill="none" stroke="black"/> <path d="M 8,64 L 8,304" fill="none" stroke="black"/>
<path d="M 48,32 L 48,64" fill="none" stroke="black"/> <path d="M 32,32 L 32,256" fill="none" stroke="black"/>
<path d="M 88,32 L 88,64" fill="none" stroke="black"/> <path d="M 48,32 L 48,64" fill="none" stroke="black"/>
<path d="M 104,32 L 104,64" fill="none" stroke="black"/> <path d="M 88,32 L 88,64" fill="none" stroke="black"/>
<path d="M 144,32 L 144,64" fill="none" stroke="black"/> <path d="M 104,32 L 104,64" fill="none" stroke="black"/>
<path d="M 312,32 L 312,64" fill="none" stroke="black"/> <path d="M 144,32 L 144,64" fill="none" stroke="black"/>
<path d="M 480,32 L 480,256" fill="none" stroke="black"/> <path d="M 312,32 L 312,64" fill="none" stroke="black"/>
<path d="M 504,32 L 504,304" fill="none" stroke="black"/> <path d="M 480,32 L 480,256" fill="none" stroke="black"/>
<path d="M 32,32 L 504,32" fill="none" stroke="black"/> <path d="M 504,32 L 504,304" fill="none" stroke="black"/>
<path d="M 8,64 L 480,64" fill="none" stroke="black"/> <path d="M 32,32 L 504,32" fill="none" stroke="black"/>
<path d="M 8,224 L 504,224" fill="none" stroke="black"/> <path d="M 8,64 L 480,64" fill="none" stroke="black"/>
<path d="M 32,256 L 480,256" fill="none" stroke="black"/> <path d="M 8,224 L 504,224" fill="none" stroke="black"/>
<path d="M 8,304 L 32,304" fill="none" stroke="black"/> <path d="M 32,256 L 480,256" fill="none" stroke="black"/>
<path d="M 480,304 L 504,304" fill="none" stroke="black"/> <path d="M 8,304 L 32,304" fill="none" stroke="black"/>
<polygon class="arrowhead" points="496,224 484,218.4 484,229.6" fill="black" tra <path d="M 480,304 L 504,304" fill="none" stroke="black"/>
nsform="rotate(180,488,224)"/> <polygon class="arrowhead" points="496,224 484,218.4 484,229.6"
<polygon class="arrowhead" points="496,32 484,26.4 484,37.6" fill="black" transf fill="black" transform="rotate(180,488,224)"/>
orm="rotate(180,488,32)"/> <polygon class="arrowhead" points="496,32 484,26.4 484,37.6" fil
<polygon class="arrowhead" points="32,224 20,218.4 20,229.6" fill="black" transf l="black" transform="rotate(180,488,32)"/>
orm="rotate(0,24,224)"/> <polygon class="arrowhead" points="32,224 20,218.4 20,229.6" fil
<polygon class="arrowhead" points="32,64 20,58.4 20,69.6" fill="black" transform l="black" transform="rotate(0,24,224)"/>
="rotate(0,24,64)"/> <polygon class="arrowhead" points="32,64 20,58.4 20,69.6" fill="
<g class="text"> black" transform="rotate(0,24,64)"/>
<text x="40" y="52">K</text> <g class="text">
<text x="68" y="52">KLEN</text> <text x="40" y="52">K</text>
<text x="96" y="52">C</text> <text x="68" y="52">KLEN</text>
<text x="124" y="52">CLEN</text> <text x="96" y="52">C</text>
<text x="216" y="52">Key</text> <text x="124" y="52">CLEN</text>
<text x="244" y="52">ID</text> <text x="216" y="52">Key</text>
<text x="392" y="52">Counter</text> <text x="244" y="52">ID</text>
<text x="224" y="148">Encrypted</text> <text x="392" y="52">Counter</text>
<text x="284" y="148">Data</text> <text x="224" y="148">Encrypted</text>
<text x="228" y="244">Authentication</text> <text x="284" y="148">Data</text>
<text x="304" y="244">Tag</text> <text x="228" y="244">Authentication</text>
<text x="80" y="308">Encrypted</text> <text x="304" y="244">Tag</text>
<text x="152" y="308">Portion</text> <text x="80" y="308">Encrypted</text>
<text x="352" y="308">Authenticated</text> <text x="152" y="308">Portion</text>
<text x="440" y="308">Portion</text> <text x="352" y="308">Authenticated</text>
</g> <text x="440" y="308">Portion</text>
</svg> </g>
</artwork><artwork type="ascii-art"><![CDATA[ </svg>
</artwork>
<artwork type="ascii-art"><![CDATA[
+-+----+-+----+--------------------+--------------------+<-+ +-+----+-+----+--------------------+--------------------+<-+
|K|KLEN|C|CLEN| Key ID | Counter | | |K|KLEN|C|CLEN| Key ID | Counter | |
+->+-+----+-+----+--------------------+--------------------+ | +->+-+----+-+----+--------------------+--------------------+ |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | Encrypted Data | | | | Encrypted Data | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
+->+-------------------------------------------------------+<-+ +->+-------------------------------------------------------+<-+
| | Authentication Tag | | | | Authentication Tag | |
| +-------------------------------------------------------+ | | +-------------------------------------------------------+ |
| | | |
| | | |
+--- Encrypted Portion Authenticated Portion ---+ +--- Encrypted Portion Authenticated Portion ---+
]]></artwork></artset></figure> ]]></artwork>
</artset>
<t>When SFrame is applied per packet, the payload of each packet will be an SFra </figure>
me <t>When SFrame is applied per packet, the payload of each packet will be
an SFrame
ciphertext. When SFrame is applied per frame, the SFrame ciphertext ciphertext. When SFrame is applied per frame, the SFrame ciphertext
representing an encrypted frame will span several packets, with the header representing an encrypted frame will span several packets, with the header
appearing in the first packet and the authentication tag in the last packet. appearing in the first packet and the authentication tag in the last packet.
It is the responsibility of the application to reassemble an encrypted frame fro m It is the responsibility of the application to reassemble an encrypted frame fro m
individual packets, accounting for packet loss and reordering as necessary.</t> individual packets, accounting for packet loss and reordering as necessary.</t>
</section>
</section> <section anchor="sframe-header">
<section anchor="sframe-header"><name>SFrame Header</name> <name>SFrame Header</name>
<t>The SFrame header specifies two values from which encryption paramete
<t>The SFrame header specifies two values from which encryption parameters are rs are
derived:</t> derived:</t>
<ul spacing="normal">
<t><list style="symbols"> <li>
<t>A Key ID (KID) that determines which encryption key should be used</t> <t>A Key ID (KID) that determines which encryption key should be use
<t>A Counter (CTR) that is used to construct the nonce for the encryption</t> d</t>
</list></t> </li>
<li>
<t>Applications <bcp14>MUST</bcp14> ensure that each (KID, CTR) combination is u <t>A Counter (CTR) that is used to construct the nonce for the encry
sed for exactly ption</t>
</li>
</ul>
<t>Applications <bcp14>MUST</bcp14> ensure that each (KID, CTR) combinat
ion is used for exactly
one SFrame encryption operation. A typical approach to achieve this guarantee is one SFrame encryption operation. A typical approach to achieve this guarantee is
outlined in <xref target="header-value-uniqueness"/>.</t> outlined in <xref target="header-value-uniqueness"/>.</t>
<figure anchor="fig-sframe-header">
<figure title="SFrame Header" anchor="fig-sframe-header"><artset><artwork type= <name>SFrame Header</name>
"svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="160" width=" <artset>
352" viewBox="0 0 352 160" class="diagram" text-anchor="middle" font-family="mon <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version=
ospace" font-size="13px" stroke-linecap="round"> "1.1" height="160" width="352" viewBox="0 0 352 160" class="diagram" text-anchor
<path d="M 8,112 L 8,144" fill="none" stroke="black"/> ="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 24,112 L 24,144" fill="none" stroke="black"/> <path d="M 8,112 L 8,144" fill="none" stroke="black"/>
<path d="M 72,112 L 72,144" fill="none" stroke="black"/> <path d="M 24,112 L 24,144" fill="none" stroke="black"/>
<path d="M 88,112 L 88,144" fill="none" stroke="black"/> <path d="M 72,112 L 72,144" fill="none" stroke="black"/>
<path d="M 136,112 L 136,144" fill="none" stroke="black"/> <path d="M 88,112 L 88,144" fill="none" stroke="black"/>
<path d="M 240,112 L 240,144" fill="none" stroke="black"/> <path d="M 136,112 L 136,144" fill="none" stroke="black"/>
<path d="M 344,112 L 344,144" fill="none" stroke="black"/> <path d="M 240,112 L 240,144" fill="none" stroke="black"/>
<path d="M 24,64 L 56,64" fill="none" stroke="black"/> <path d="M 344,112 L 344,144" fill="none" stroke="black"/>
<path d="M 88,64 L 120,64" fill="none" stroke="black"/> <path d="M 24,64 L 56,64" fill="none" stroke="black"/>
<path d="M 8,112 L 344,112" fill="none" stroke="black"/> <path d="M 88,64 L 120,64" fill="none" stroke="black"/>
<path d="M 8,144 L 344,144" fill="none" stroke="black"/> <path d="M 8,112 L 344,112" fill="none" stroke="black"/>
<path d="M 24,64 C 15.16936,64 8,71.16936 8,80" fill="none" stroke="black"/> <path d="M 8,144 L 344,144" fill="none" stroke="black"/>
<path d="M 56,64 C 64.83064,64 72,56.83064 72,48" fill="none" stroke="black"/> <path d="M 24,64 C 15.16936,64 8,71.16936 8,80" fill="none" stro
<path d="M 88,64 C 79.16936,64 72,56.83064 72,48" fill="none" stroke="black"/> ke="black"/>
<path d="M 120,64 C 128.83064,64 136,71.16936 136,80" fill="none" stroke="black" <path d="M 56,64 C 64.83064,64 72,56.83064 72,48" fill="none" st
/> roke="black"/>
<g class="text"> <path d="M 88,64 C 79.16936,64 72,56.83064 72,48" fill="none" st
<text x="52" y="36">Config</text> roke="black"/>
<text x="100" y="36">Byte</text> <path d="M 120,64 C 128.83064,64 136,71.16936 136,80" fill="none
<text x="16" y="100">0</text> " stroke="black"/>
<text x="32" y="100">1</text> <g class="text">
<text x="48" y="100">2</text> <text x="52" y="36">Config</text>
<text x="64" y="100">3</text> <text x="100" y="36">Byte</text>
<text x="80" y="100">4</text> <text x="16" y="100">0</text>
<text x="96" y="100">5</text> <text x="32" y="100">1</text>
<text x="112" y="100">6</text> <text x="48" y="100">2</text>
<text x="128" y="100">7</text> <text x="64" y="100">3</text>
<text x="16" y="132">X</text> <text x="80" y="100">4</text>
<text x="48" y="132">K</text> <text x="96" y="100">5</text>
<text x="80" y="132">Y</text> <text x="112" y="100">6</text>
<text x="112" y="132">C</text> <text x="128" y="100">7</text>
<text x="188" y="132">KID...</text> <text x="16" y="132">X</text>
<text x="292" y="132">CTR...</text> <text x="48" y="132">K</text>
</g> <text x="80" y="132">Y</text>
</svg> <text x="112" y="132">C</text>
</artwork><artwork type="ascii-art"><![CDATA[ <text x="188" y="132">KID...</text>
<text x="292" y="132">CTR...</text>
</g>
</svg>
</artwork>
<artwork type="ascii-art"><![CDATA[
Config Byte Config Byte
| |
.-----' '-----. .-----' '-----.
| | | |
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+------------+------------+ +-+-+-+-+-+-+-+-+------------+------------+
|X| K |Y| C | KID... | CTR... | |X| K |Y| C | KID... | CTR... |
+-+-+-+-+-+-+-+-+------------+------------+ +-+-+-+-+-+-+-+-+------------+------------+
]]></artwork></artset></figure> ]]></artwork>
</artset>
<t>The SFrame header has the overall structure shown in <xref target="fig-sframe </figure>
-header"/>. The <t>The SFrame header has the overall structure shown in <xref target="fi
g-sframe-header"/>. The
first byte is a "config byte", with the following fields:</t> first byte is a "config byte", with the following fields:</t>
<dl>
<dl> <dt>Extended KID Flag (X, 1 bit):</dt>
<dt>Extended KID Flag (X, 1 bit):</dt> <dd>
<dd> <t>Indicates if the K field contains the KID or the KID length.</t>
<t>Indicates if the K field contains the KID or the KID length.</t> </dd>
</dd> <dt>KID or KID Length (K, 3 bits):</dt>
<dt>KID or KID Length (K, 3 bits):</dt> <dd>
<dd> <t>If the X flag is set to 0, this field contains the KID. If the X
<t>If the X flag is set to 0, this field contains the KID. If the X flag is flag is
set to 1, then it contains the length of the KID, minus one.</t> set to 1, then it contains the length of the KID, minus one.</t>
</dd> </dd>
<dt>Extended CTR Flag (Y, 1 bit):</dt> <dt>Extended CTR Flag (Y, 1 bit):</dt>
<dd> <dd>
<t>Indicates if the C field contains the CTR or the CTR length.</t> <t>Indicates if the C field contains the CTR or the CTR length.</t>
</dd> </dd>
<dt>CTR or CTR Length (C, 3 bits):</dt> <dt>CTR or CTR Length (C, 3 bits):</dt>
<dd> <dd>
<t>This field contains the CTR if the Y flag is set to 0, or the CTR <t>This field contains the CTR if the Y flag is set to 0, or the CTR
length, minus one, if set to 1.</t> length, minus one, if set to 1.</t>
</dd> </dd>
</dl> </dl>
<t>The KID and CTR fields are encoded as compact unsigned integers in
<t>The KID and CTR fields are encoded as compact unsigned integers in
network (big-endian) byte order. If the value of one of these fields is in the network (big-endian) byte order. If the value of one of these fields is in the
range 0-7, then the value is carried in the corresponding bits of the config range 0-7, then the value is carried in the corresponding bits of the config
byte (K or C) and the corresponding flag (X or Y) is set to zero. Otherwise, byte (K or C) and the corresponding flag (X or Y) is set to zero. Otherwise,
the value <bcp14>MUST</bcp14> be encoded with the minimum number of bytes requir ed and the value <bcp14>MUST</bcp14> be encoded with the minimum number of bytes requir ed and
appended after the config byte, with the KID first and CTR second. appended after the config byte, with the KID first and CTR second.
The header field (K or C) is set to the number of bytes in the encoded value, The header field (K or C) is set to the number of bytes in the encoded value,
minus one. The value 000 represents a length of 1, 001 a length of 2, etc. minus one. The value 000 represents a length of 1, 001 a length of 2, etc.
This allows a 3-bit length field to represent the value lengths 1-8.</t> This allows a 3-bit length field to represent the value lengths 1-8.</t>
<t>The SFrame header can thus take one of the four forms shown in
<t>The SFrame header can thus take one of the four forms shown in
<xref target="fig-sframe-header-cases"/>, depending on which of the X and Y flag s are set.</t> <xref target="fig-sframe-header-cases"/>, depending on which of the X and Y flag s are set.</t>
<figure anchor="fig-sframe-header-cases">
<figure title="Forms of Encoded SFrame Header" anchor="fig-sframe-header-cases"> <name>Forms of Encoded SFrame Header</name>
<artset><artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1. <artset>
1" height="336" width="544" viewBox="0 0 544 336" class="diagram" text-anchor="m <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version=
iddle" font-family="monospace" font-size="13px" stroke-linecap="round"> "1.1" height="336" width="544" viewBox="0 0 544 336" class="diagram" text-anchor
<path d="M 8,48 L 8,80" fill="none" stroke="black"/> ="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 8,128 L 8,160" fill="none" stroke="black"/> <path d="M 8,48 L 8,80" fill="none" stroke="black"/>
<path d="M 8,208 L 8,240" fill="none" stroke="black"/> <path d="M 8,128 L 8,160" fill="none" stroke="black"/>
<path d="M 8,288 L 8,320" fill="none" stroke="black"/> <path d="M 8,208 L 8,240" fill="none" stroke="black"/>
<path d="M 24,48 L 24,80" fill="none" stroke="black"/> <path d="M 8,288 L 8,320" fill="none" stroke="black"/>
<path d="M 24,128 L 24,160" fill="none" stroke="black"/> <path d="M 24,48 L 24,80" fill="none" stroke="black"/>
<path d="M 24,208 L 24,240" fill="none" stroke="black"/> <path d="M 24,128 L 24,160" fill="none" stroke="black"/>
<path d="M 24,288 L 24,320" fill="none" stroke="black"/> <path d="M 24,208 L 24,240" fill="none" stroke="black"/>
<path d="M 72,48 L 72,80" fill="none" stroke="black"/> <path d="M 24,288 L 24,320" fill="none" stroke="black"/>
<path d="M 72,128 L 72,160" fill="none" stroke="black"/> <path d="M 72,48 L 72,80" fill="none" stroke="black"/>
<path d="M 72,192 L 72,240" fill="none" stroke="black"/> <path d="M 72,128 L 72,160" fill="none" stroke="black"/>
<path d="M 72,272 L 72,320" fill="none" stroke="black"/> <path d="M 72,192 L 72,240" fill="none" stroke="black"/>
<path d="M 88,48 L 88,80" fill="none" stroke="black"/> <path d="M 72,272 L 72,320" fill="none" stroke="black"/>
<path d="M 88,128 L 88,160" fill="none" stroke="black"/> <path d="M 88,48 L 88,80" fill="none" stroke="black"/>
<path d="M 88,208 L 88,240" fill="none" stroke="black"/> <path d="M 88,128 L 88,160" fill="none" stroke="black"/>
<path d="M 88,288 L 88,320" fill="none" stroke="black"/> <path d="M 88,208 L 88,240" fill="none" stroke="black"/>
<path d="M 136,48 L 136,80" fill="none" stroke="black"/> <path d="M 88,288 L 88,320" fill="none" stroke="black"/>
<path d="M 136,128 L 136,160" fill="none" stroke="black"/> <path d="M 136,48 L 136,80" fill="none" stroke="black"/>
<path d="M 136,208 L 136,240" fill="none" stroke="black"/> <path d="M 136,128 L 136,160" fill="none" stroke="black"/>
<path d="M 136,288 L 136,320" fill="none" stroke="black"/> <path d="M 136,208 L 136,240" fill="none" stroke="black"/>
<path d="M 336,128 L 336,160" fill="none" stroke="black"/> <path d="M 136,288 L 136,320" fill="none" stroke="black"/>
<path d="M 336,208 L 336,240" fill="none" stroke="black"/> <path d="M 336,128 L 336,160" fill="none" stroke="black"/>
<path d="M 336,288 L 336,320" fill="none" stroke="black"/> <path d="M 336,208 L 336,240" fill="none" stroke="black"/>
<path d="M 536,288 L 536,320" fill="none" stroke="black"/> <path d="M 336,288 L 336,320" fill="none" stroke="black"/>
<path d="M 8,48 L 136,48" fill="none" stroke="black"/> <path d="M 536,288 L 536,320" fill="none" stroke="black"/>
<path d="M 8,80 L 136,80" fill="none" stroke="black"/> <path d="M 8,48 L 136,48" fill="none" stroke="black"/>
<path d="M 8,128 L 336,128" fill="none" stroke="black"/> <path d="M 8,80 L 136,80" fill="none" stroke="black"/>
<path d="M 8,160 L 336,160" fill="none" stroke="black"/> <path d="M 8,128 L 336,128" fill="none" stroke="black"/>
<path d="M 8,208 L 336,208" fill="none" stroke="black"/> <path d="M 8,160 L 336,160" fill="none" stroke="black"/>
<path d="M 8,240 L 336,240" fill="none" stroke="black"/> <path d="M 8,208 L 336,208" fill="none" stroke="black"/>
<path d="M 8,288 L 536,288" fill="none" stroke="black"/> <path d="M 8,240 L 336,240" fill="none" stroke="black"/>
<path d="M 8,320 L 536,320" fill="none" stroke="black"/> <path d="M 8,288 L 536,288" fill="none" stroke="black"/>
<g class="text"> <path d="M 8,320 L 536,320" fill="none" stroke="black"/>
<text x="16" y="36">KID</text> <g class="text">
<text x="40" y="36">&lt;</text> <text x="16" y="36">KID</text>
<text x="60" y="36">8,</text> <text x="40" y="36">&lt;</text>
<text x="88" y="36">CTR</text> <text x="60" y="36">8,</text>
<text x="112" y="36">&lt;</text> <text x="88" y="36">CTR</text>
<text x="132" y="36">8:</text> <text x="112" y="36">&lt;</text>
<text x="16" y="68">0</text> <text x="132" y="36">8:</text>
<text x="48" y="68">KID</text> <text x="16" y="68">0</text>
<text x="80" y="68">0</text> <text x="48" y="68">KID</text>
<text x="112" y="68">CTR</text> <text x="80" y="68">0</text>
<text x="16" y="116">KID</text> <text x="112" y="68">CTR</text>
<text x="40" y="116">&lt;</text> <text x="16" y="116">KID</text>
<text x="60" y="116">8,</text> <text x="40" y="116">&lt;</text>
<text x="88" y="116">CTR</text> <text x="60" y="116">8,</text>
<text x="116" y="116">&gt;=</text> <text x="88" y="116">CTR</text>
<text x="140" y="116">8:</text> <text x="116" y="116">&gt;=</text>
<text x="16" y="148">0</text> <text x="140" y="116">8:</text>
<text x="48" y="148">KID</text> <text x="16" y="148">0</text>
<text x="80" y="148">1</text> <text x="48" y="148">KID</text>
<text x="108" y="148">CLEN</text> <text x="80" y="148">1</text>
<text x="180" y="148">CTR...</text> <text x="108" y="148">CLEN</text>
<text x="264" y="148">(length=CLEN)</text> <text x="180" y="148">CTR...</text>
<text x="16" y="196">KID</text> <text x="264" y="148">(length=CLEN)</text>
<text x="44" y="196">&gt;=</text> <text x="16" y="196">KID</text>
<text x="64" y="196">8</text> <text x="44" y="196">&gt;=</text>
<text x="96" y="196">CTR</text> <text x="64" y="196">8</text>
<text x="120" y="196">&lt;</text> <text x="96" y="196">CTR</text>
<text x="140" y="196">8:</text> <text x="120" y="196">&lt;</text>
<text x="16" y="228">1</text> <text x="140" y="196">8:</text>
<text x="44" y="228">KLEN</text> <text x="16" y="228">1</text>
<text x="80" y="228">0</text> <text x="44" y="228">KLEN</text>
<text x="112" y="228">CTR</text> <text x="80" y="228">0</text>
<text x="180" y="228">KID...</text> <text x="112" y="228">CTR</text>
<text x="264" y="228">(length=KLEN)</text> <text x="180" y="228">KID...</text>
<text x="16" y="276">KID</text> <text x="264" y="228">(length=KLEN)</text>
<text x="44" y="276">&gt;=</text> <text x="16" y="276">KID</text>
<text x="64" y="276">8</text> <text x="44" y="276">&gt;=</text>
<text x="96" y="276">CTR</text> <text x="64" y="276">8</text>
<text x="124" y="276">&gt;=</text> <text x="96" y="276">CTR</text>
<text x="148" y="276">8:</text> <text x="124" y="276">&gt;=</text>
<text x="16" y="308">1</text> <text x="148" y="276">8:</text>
<text x="44" y="308">KLEN</text> <text x="16" y="308">1</text>
<text x="80" y="308">1</text> <text x="44" y="308">KLEN</text>
<text x="108" y="308">CLEN</text> <text x="80" y="308">1</text>
<text x="180" y="308">KID...</text> <text x="108" y="308">CLEN</text>
<text x="264" y="308">(length=KLEN)</text> <text x="180" y="308">KID...</text>
<text x="380" y="308">CTR...</text> <text x="264" y="308">(length=KLEN)</text>
<text x="464" y="308">(length=CLEN)</text> <text x="380" y="308">CTR...</text>
</g> <text x="464" y="308">(length=CLEN)</text>
</svg> </g>
</artwork><artwork type="ascii-art"><![CDATA[ </svg>
</artwork>
<artwork type="ascii-art"><![CDATA[
KID < 8, CTR < 8: KID < 8, CTR < 8:
+-+-----+-+-----+ +-+-----+-+-----+
|0| KID |0| CTR | |0| KID |0| CTR |
+-+-----+-+-----+ +-+-----+-+-----+
KID < 8, CTR >= 8: KID < 8, CTR >= 8:
+-+-----+-+-----+------------------------+ +-+-----+-+-----+------------------------+
|0| KID |1|CLEN | CTR... (length=CLEN) | |0| KID |1|CLEN | CTR... (length=CLEN) |
+-+-----+-+-----+------------------------+ +-+-----+-+-----+------------------------+
KID >= 8, CTR < 8: KID >= 8, CTR < 8:
+-+-----+-+-----+------------------------+ +-+-----+-+-----+------------------------+
|1|KLEN |0| CTR | KID... (length=KLEN) | |1|KLEN |0| CTR | KID... (length=KLEN) |
+-+-----+-+-----+------------------------+ +-+-----+-+-----+------------------------+
KID >= 8, CTR >= 8: KID >= 8, CTR >= 8:
+-+-----+-+-----+------------------------+------------------------+ +-+-----+-+-----+------------------------+------------------------+
|1|KLEN |1|CLEN | KID... (length=KLEN) | CTR... (length=CLEN) | |1|KLEN |1|CLEN | KID... (length=KLEN) | CTR... (length=CLEN) |
+-+-----+-+-----+------------------------+------------------------+ +-+-----+-+-----+------------------------+------------------------+
]]></artwork></artset></figure> ]]></artwork>
</artset>
</section> </figure>
<section anchor="encryption-schema"><name>Encryption Schema</name> </section>
<section anchor="encryption-schema">
<t>SFrame encryption uses an AEAD encryption algorithm and hash function defined <name>Encryption Schema</name>
by <t>SFrame encryption uses an AEAD encryption algorithm and hash function
defined by
the cipher suite in use (see <xref target="cipher-suites"/>). We will refer to the following the cipher suite in use (see <xref target="cipher-suites"/>). We will refer to the following
aspects of the AEAD and the hash algorithm below:</t> aspects of the AEAD and the hash algorithm below:</t>
<ul spacing="normal">
<t><list style="symbols"> <li>
<t><spanx style="verb">AEAD.Encrypt</spanx> and <spanx style="verb">AEAD.Decry <t><tt>AEAD.Encrypt</tt> and <tt>AEAD.Decrypt</tt> - The encryption
pt</spanx> - The encryption and decryption functions and decryption functions
for the AEAD. We follow the convention of RFC 5116 <xref target="RFC5116"/> and consider for the AEAD. We follow the convention of RFC 5116 <xref target="RFC5116"/> and consider
the authentication tag part of the ciphertext produced by <spanx style="verb">AE AD.Encrypt</spanx> (as the authentication tag part of the ciphertext produced by <tt>AEAD.Encrypt</tt> (as
opposed to a separate field as in SRTP <xref target="RFC3711"/>).</t> opposed to a separate field as in SRTP <xref target="RFC3711"/>).</t>
<t><spanx style="verb">AEAD.Nk</spanx> - The size in bytes of a key for the en </li>
cryption algorithm</t> <li>
<t><spanx style="verb">AEAD.Nn</spanx> - The size in bytes of a nonce for the <t><tt>AEAD.Nk</tt> - The size in bytes of a key for the encryption
encryption algorithm</t> algorithm</t>
<t><spanx style="verb">AEAD.Nt</spanx> - The overhead in bytes of the encrypti </li>
on algorithm (typically the <li>
<t><tt>AEAD.Nn</tt> - The size in bytes of a nonce for the encryptio
n algorithm</t>
</li>
<li>
<t><tt>AEAD.Nt</tt> - The overhead in bytes of the encryption algori
thm (typically the
size of a "tag" that is added to the plaintext)</t> size of a "tag" that is added to the plaintext)</t>
<t><spanx style="verb">AEAD.Nka</spanx> - For cipher suites using the compound </li>
AEAD described in <li>
<t><tt>AEAD.Nka</tt> - For cipher suites using the compound AEAD des
cribed in
<xref target="aes-ctr-with-sha2"/>, the size in bytes of a key for the underlyin g encryption <xref target="aes-ctr-with-sha2"/>, the size in bytes of a key for the underlyin g encryption
algorithm</t> algorithm</t>
<t><spanx style="verb">Hash.Nh</spanx> - The size in bytes of the output of th </li>
e hash function</t> <li>
</list></t> <t><tt>Hash.Nh</tt> - The size in bytes of the output of the hash fu
nction</t>
<section anchor="key-selection"><name>Key Selection</name> </li>
</ul>
<t>Each SFrame encryption or decryption operation is premised on a single secret <section anchor="key-selection">
<spanx style="verb">base_key</spanx>, which is labeled with an integer KID value <name>Key Selection</name>
signaled in the SFrame <t>Each SFrame encryption or decryption operation is premised on a sin
gle secret
<tt>base_key</tt>, which is labeled with an integer KID value signaled in the SF
rame
header.</t> header.</t>
<t>The sender and receivers need to agree on which <tt>base_key</tt> s
<t>The sender and receivers need to agree on which <spanx style="verb">base_key< hould be used for a given
/spanx> should be used for a given KID. Moreover, senders and receivers need to agree on whether a <tt>base_key</t
KID. Moreover, senders and receivers need to agree on whether a <spanx style="v t> will be used
erb">base_key</spanx> will be used for encryption or decryption only. The process for provisioning <tt>base_key</tt
for encryption or decryption only. The process for provisioning <spanx style="ve > values and their KID
rb">base_key</spanx> values and their KID
values is beyond the scope of this specification, but its security properties wi ll values is beyond the scope of this specification, but its security properties wi ll
bound the assurances that SFrame provides. For example, if SFrame is used to bound the assurances that SFrame provides. For example, if SFrame is used to
provide E2E security against intermediary media nodes, then SFrame keys need to provide E2E security against intermediary media nodes, then SFrame keys need to
be negotiated in a way that does not make them accessible to these intermediarie s.</t> be negotiated in a way that does not make them accessible to these intermediarie s.</t>
<t>For each known KID value, the client stores the corresponding symme
<t>For each known KID value, the client stores the corresponding symmetric key tric key
<spanx style="verb">base_key</spanx>. For keys that can be used for encryption, <tt>base_key</tt>. For keys that can be used for encryption, the client also st
the client also stores ores
the next CTR value to be used when encrypting (initially 0).</t> the next CTR value to be used when encrypting (initially 0).</t>
<t>When encrypting a plaintext, the application specifies which KID is
<t>When encrypting a plaintext, the application specifies which KID is to be use to be used,
d,
and the CTR value is incremented after successful encryption. When decrypting, and the CTR value is incremented after successful encryption. When decrypting,
the <spanx style="verb">base_key</spanx> for decryption is selected from the ava ilable keys using the KID the <tt>base_key</tt> for decryption is selected from the available keys using t he KID
value in the SFrame header.</t> value in the SFrame header.</t>
<t>A given <tt>base_key</tt> <bcp14>MUST NOT</bcp14> be used for encry
<t>A given <spanx style="verb">base_key</spanx> <bcp14>MUST NOT</bcp14> be used ption by multiple senders. Such reuse
for encryption by multiple senders. Such reuse
would result in multiple encrypted frames being generated with the same (key, would result in multiple encrypted frames being generated with the same (key,
nonce) pair, which harms the protections provided by many AEAD algorithms. nonce) pair, which harms the protections provided by many AEAD algorithms.
Implementations <bcp14>MUST</bcp14> mark each <spanx style="verb">base_key</span x> as usable for encryption or decryption, Implementations <bcp14>MUST</bcp14> mark each <tt>base_key</tt> as usable for en cryption or decryption,
never both.</t> never both.</t>
<t>Note that the set of available keys might change over the lifetime
<t>Note that the set of available keys might change over the lifetime of a of a
real-time session. In such cases, the client will need to manage key usage to real-time session. In such cases, the client will need to manage key usage to
avoid media loss due to a key being used to encrypt before all receivers are avoid media loss due to a key being used to encrypt before all receivers are
able to use it to decrypt. For example, an application may make decryption-only able to use it to decrypt. For example, an application may make decryption-only
keys available immediately, but delay the use of keys for encryption until (a) keys available immediately, but delay the use of keys for encryption until (a)
all receivers have acknowledged receipt of the new key, or (b) a timeout expires .</t> all receivers have acknowledged receipt of the new key, or (b) a timeout expires .</t>
</section>
</section> <section anchor="key-derivation">
<section anchor="key-derivation"><name>Key Derivation</name> <name>Key Derivation</name>
<t>SFrame encryption and decryption use a key and salt derived from th
<t>SFrame encryption and decryption use a key and salt derived from the <spanx s e <tt>base_key</tt>
tyle="verb">base_key</spanx> associated with a KID. Given a <tt>base_key</tt> value, the key and salt are de
associated with a KID. Given a <spanx style="verb">base_key</spanx> value, the rived
key and salt are derived
using HMAC-based Key Derivation Function (HKDF) <xref target="RFC5869"/> as foll ows:</t> using HMAC-based Key Derivation Function (HKDF) <xref target="RFC5869"/> as foll ows:</t>
<sourcecode type="pseudocode"><![CDATA[
<figure><sourcecode type="pseudocode"><![CDATA[
def derive_key_salt(KID, base_key): def derive_key_salt(KID, base_key):
sframe_secret = HKDF-Extract("", base_key) sframe_secret = HKDF-Extract("", base_key)
sframe_key_label = "SFrame 1.0 Secret key " + KID + cipher_suite sframe_key_label = "SFrame 1.0 Secret key " + KID + cipher_suite
sframe_key = sframe_key =
HKDF-Expand(sframe_secret, sframe_key_label, AEAD.Nk) HKDF-Expand(sframe_secret, sframe_key_label, AEAD.Nk)
sframe_salt_label = "SFrame 1.0 Secret salt " + KID + cipher_suite sframe_salt_label = "SFrame 1.0 Secret salt " + KID + cipher_suite
sframe_salt = sframe_salt =
HKDF-Expand(sframe_secret, sframe_salt_label, AEAD.Nn) HKDF-Expand(sframe_secret, sframe_salt_label, AEAD.Nn)
return sframe_key, sframe_salt return sframe_key, sframe_salt
]]></sourcecode></figure> ]]></sourcecode>
<t>In the derivation of <tt>sframe_secret</tt>:</t>
<t>In the derivation of <spanx style="verb">sframe_secret</spanx>:</t> <ul spacing="normal">
<li>
<t><list style="symbols"> <t>The <tt>+</tt> operator represents concatenation of byte string
<t>The <spanx style="verb">+</spanx> operator represents concatenation of byte s.</t>
strings.</t> </li>
<t>The KID value is encoded as an 8-byte big-endian integer, not the compresse <li>
d <t>The KID value is encoded as an 8-byte big-endian integer, not t
he compressed
form used in the SFrame header.</t> form used in the SFrame header.</t>
<t>The <spanx style="verb">cipher_suite</spanx> value is a 2-byte big-endian i </li>
nteger representing the <li>
<t>The <tt>cipher_suite</tt> value is a 2-byte big-endian integer
representing the
cipher suite in use (see <xref target="sframe-cipher-suites"/>).</t> cipher suite in use (see <xref target="sframe-cipher-suites"/>).</t>
</list></t> </li>
</ul>
<t>The hash function used for HKDF is determined by the cipher suite in use.</t> <t>The hash function used for HKDF is determined by the cipher suite i
n use.</t>
</section> </section>
<section anchor="encryption"><name>Encryption</name> <section anchor="encryption">
<name>Encryption</name>
<t>SFrame encryption uses the AEAD encryption algorithm for the cipher suite in <t>SFrame encryption uses the AEAD encryption algorithm for the cipher
use. suite in use.
The key for the encryption is the <spanx style="verb">sframe_key</spanx>. The n The key for the encryption is the <tt>sframe_key</tt>. The nonce is formed by f
once is formed by first XORing irst XORing
the <spanx style="verb">sframe_salt</spanx> with the current CTR value, and then the <tt>sframe_salt</tt> with the current CTR value, and then encoding the resul
encoding the result as a big-endian integer of t as a big-endian integer of
length <spanx style="verb">AEAD.Nn</spanx>.</t> length <tt>AEAD.Nn</tt>.</t>
<t>The encryptor forms an SFrame header using the CTR and KID values p
<t>The encryptor forms an SFrame header using the CTR and KID values provided. rovided.
The encoded header is provided as AAD to the AEAD encryption operation, together The encoded header is provided as AAD to the AEAD encryption operation, together
with application-provided metadata about the encrypted media (see <xref target=" metadata"/>).</t> with application-provided metadata about the encrypted media (see <xref target=" metadata"/>).</t>
<sourcecode type="pseudocode"><![CDATA[
<figure><sourcecode type="pseudocode"><![CDATA[
def encrypt(CTR, KID, metadata, plaintext): def encrypt(CTR, KID, metadata, plaintext):
sframe_key, sframe_salt = key_store[KID] sframe_key, sframe_salt = key_store[KID]
# encode_big_endian(x, n) produces an n-byte string encoding the # encode_big_endian(x, n) produces an n-byte string encoding the
# integer x in big-endian byte order. # integer x in big-endian byte order.
ctr = encode_big_endian(CTR, AEAD.Nn) ctr = encode_big_endian(CTR, AEAD.Nn)
nonce = xor(sframe_salt, CTR) nonce = xor(sframe_salt, CTR)
# encode_sframe_header produces a byte string encoding the # encode_sframe_header produces a byte string encoding the
# provided KID and CTR values into an SFrame header. # provided KID and CTR values into an SFrame header.
header = encode_sframe_header(CTR, KID) header = encode_sframe_header(CTR, KID)
aad = header + metadata aad = header + metadata
ciphertext = AEAD.Encrypt(sframe_key, nonce, aad, plaintext) ciphertext = AEAD.Encrypt(sframe_key, nonce, aad, plaintext)
return header + ciphertext return header + ciphertext
]]></sourcecode></figure> ]]></sourcecode>
<t>For example, the metadata input to encryption allows for frame meta
<t>For example, the metadata input to encryption allows for frame metadata to be data to be
authenticated when SFrame is applied per frame. After encoding the frame and authenticated when SFrame is applied per frame. After encoding the frame and
before packetizing it, the necessary media metadata will be moved out of the before packetizing it, the necessary media metadata will be moved out of the
encoded frame buffer to be sent in some channel visible to the SFU (e.g., an encoded frame buffer to be sent in some channel visible to the SFU (e.g., an
RTP header extension).</t> RTP header extension).</t>
<figure>
<figure title="Encrypting an SFrame Ciphertext"><artset><artwork type="svg"><sv <name>Encrypting an SFrame Ciphertext</name>
g xmlns="http://www.w3.org/2000/svg" version="1.1" height="608" width="416" view <artset>
Box="0 0 416 608" class="diagram" text-anchor="middle" font-family="monospace" f <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" versio
ont-size="13px" stroke-linecap="round"> n="1.1" height="608" width="416" viewBox="0 0 416 608" class="diagram" text-anch
<path d="M 40,224 L 40,480" fill="none" stroke="black"/> or="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 64,176 L 64,272" fill="none" stroke="black"/> <path d="M 40,224 L 40,480" fill="none" stroke="black"/>
<path d="M 96,160 L 96,288" fill="none" stroke="black"/> <path d="M 64,176 L 64,272" fill="none" stroke="black"/>
<path d="M 128,320 L 128,352" fill="none" stroke="black"/> <path d="M 96,160 L 96,288" fill="none" stroke="black"/>
<path d="M 144,160 L 144,288" fill="none" stroke="black"/> <path d="M 128,320 L 128,352" fill="none" stroke="black"/>
<path d="M 168,176 L 168,208" fill="none" stroke="black"/> <path d="M 144,160 L 144,288" fill="none" stroke="black"/>
<path d="M 168,464 L 168,592" fill="none" stroke="black"/> <path d="M 168,176 L 168,208" fill="none" stroke="black"/>
<path d="M 192,352 L 192,384" fill="none" stroke="black"/> <path d="M 168,464 L 168,592" fill="none" stroke="black"/>
<path d="M 264,320 L 264,352" fill="none" stroke="black"/> <path d="M 192,352 L 192,384" fill="none" stroke="black"/>
<path d="M 280,32 L 280,128" fill="none" stroke="black"/> <path d="M 264,320 L 264,352" fill="none" stroke="black"/>
<path d="M 296,464 L 296,592" fill="none" stroke="black"/> <path d="M 280,32 L 280,128" fill="none" stroke="black"/>
<path d="M 320,208 L 320,240" fill="none" stroke="black"/> <path d="M 296,464 L 296,592" fill="none" stroke="black"/>
<path d="M 344,128 L 344,400" fill="none" stroke="black"/> <path d="M 320,208 L 320,240" fill="none" stroke="black"/>
<path d="M 344,432 L 344,528" fill="none" stroke="black"/> <path d="M 344,128 L 344,400" fill="none" stroke="black"/>
<path d="M 408,32 L 408,128" fill="none" stroke="black"/> <path d="M 344,432 L 344,528" fill="none" stroke="black"/>
<path d="M 280,32 L 408,32" fill="none" stroke="black"/> <path d="M 408,32 L 408,128" fill="none" stroke="black"/>
<path d="M 280,128 L 408,128" fill="none" stroke="black"/> <path d="M 280,32 L 408,32" fill="none" stroke="black"/>
<path d="M 96,160 L 144,160" fill="none" stroke="black"/> <path d="M 280,128 L 408,128" fill="none" stroke="black"/>
<path d="M 144,176 L 192,176" fill="none" stroke="black"/> <path d="M 96,160 L 144,160" fill="none" stroke="black"/>
<path d="M 296,176 L 336,176" fill="none" stroke="black"/> <path d="M 144,176 L 192,176" fill="none" stroke="black"/>
<path d="M 168,208 L 192,208" fill="none" stroke="black"/> <path d="M 296,176 L 336,176" fill="none" stroke="black"/>
<path d="M 304,208 L 320,208" fill="none" stroke="black"/> <path d="M 168,208 L 192,208" fill="none" stroke="black"/>
<path d="M 40,224 L 64,224" fill="none" stroke="black"/> <path d="M 304,208 L 320,208" fill="none" stroke="black"/>
<path d="M 96,224 L 144,224" fill="none" stroke="black"/> <path d="M 40,224 L 64,224" fill="none" stroke="black"/>
<path d="M 144,240 L 336,240" fill="none" stroke="black"/> <path d="M 96,224 L 144,224" fill="none" stroke="black"/>
<path d="M 96,288 L 144,288" fill="none" stroke="black"/> <path d="M 144,240 L 336,240" fill="none" stroke="black"/>
<path d="M 128,320 L 264,320" fill="none" stroke="black"/> <path d="M 96,288 L 144,288" fill="none" stroke="black"/>
<path d="M 128,352 L 264,352" fill="none" stroke="black"/> <path d="M 128,320 L 264,320" fill="none" stroke="black"/>
<path d="M 40,384 L 336,384" fill="none" stroke="black"/> <path d="M 128,352 L 264,352" fill="none" stroke="black"/>
<path d="M 168,464 L 296,464" fill="none" stroke="black"/> <path d="M 40,384 L 336,384" fill="none" stroke="black"/>
<path d="M 40,480 L 160,480" fill="none" stroke="black"/> <path d="M 168,464 L 296,464" fill="none" stroke="black"/>
<path d="M 168,496 L 296,496" fill="none" stroke="black"/> <path d="M 40,480 L 160,480" fill="none" stroke="black"/>
<path d="M 304,528 L 344,528" fill="none" stroke="black"/> <path d="M 168,496 L 296,496" fill="none" stroke="black"/>
<path d="M 168,592 L 296,592" fill="none" stroke="black"/> <path d="M 304,528 L 344,528" fill="none" stroke="black"/>
<path d="M 80,160 C 71.16936,160 64,167.16936 64,176" fill="none" stroke="black" <path d="M 168,592 L 296,592" fill="none" stroke="black"/>
/> <path d="M 80,160 C 71.16936,160 64,167.16936 64,176" fill="no
<path d="M 80,288 C 71.16936,288 64,280.83064 64,272" fill="none" stroke="black" ne" stroke="black"/>
/> <path d="M 80,288 C 71.16936,288 64,280.83064 64,272" fill="no
<polygon class="arrowhead" points="344,384 332,378.4 332,389.6" fill="black" tra ne" stroke="black"/>
nsform="rotate(0,336,384)"/> <polygon class="arrowhead" points="344,384 332,378.4 332,389.6
<polygon class="arrowhead" points="344,240 332,234.4 332,245.6" fill="black" tra " fill="black" transform="rotate(0,336,384)"/>
nsform="rotate(0,336,240)"/> <polygon class="arrowhead" points="344,240 332,234.4 332,245.6
<polygon class="arrowhead" points="344,176 332,170.4 332,181.6" fill="black" tra " fill="black" transform="rotate(0,336,240)"/>
nsform="rotate(0,336,176)"/> <polygon class="arrowhead" points="344,176 332,170.4 332,181.6
<polygon class="arrowhead" points="312,528 300,522.4 300,533.6" fill="black" tra " fill="black" transform="rotate(0,336,176)"/>
nsform="rotate(180,304,528)"/> <polygon class="arrowhead" points="312,528 300,522.4 300,533.6
<polygon class="arrowhead" points="200,208 188,202.4 188,213.6" fill="black" tra " fill="black" transform="rotate(180,304,528)"/>
nsform="rotate(0,192,208)"/> <polygon class="arrowhead" points="200,208 188,202.4 188,213.6
<polygon class="arrowhead" points="200,176 188,170.4 188,181.6" fill="black" tra " fill="black" transform="rotate(0,192,208)"/>
nsform="rotate(0,192,176)"/> <polygon class="arrowhead" points="200,176 188,170.4 188,181.6
<polygon class="arrowhead" points="168,480 156,474.4 156,485.6" fill="black" tra " fill="black" transform="rotate(0,192,176)"/>
nsform="rotate(0,160,480)"/> <polygon class="arrowhead" points="168,480 156,474.4 156,485.6
<g class="text"> " fill="black" transform="rotate(0,160,480)"/>
<text x="344" y="84">plaintext</text> <g class="text">
<text x="244" y="180">sframe_key</text> <text x="344" y="84">plaintext</text>
<text x="368" y="180">Key</text> <text x="244" y="180">sframe_key</text>
<text x="28" y="196">Header</text> <text x="368" y="180">Key</text>
<text x="120" y="196">KID</text> <text x="28" y="196">Header</text>
<text x="248" y="212">sframe_salt</text> <text x="120" y="196">KID</text>
<text x="376" y="244">Nonce</text> <text x="248" y="212">sframe_salt</text>
<text x="120" y="260">CTR</text> <text x="376" y="244">Nonce</text>
<text x="196" y="340">metadata</text> <text x="120" y="260">CTR</text>
<text x="368" y="388">AAD</text> <text x="196" y="340">metadata</text>
<text x="348" y="420">AEAD.Encrypt</text> <text x="368" y="388">AAD</text>
<text x="188" y="452">SFrame</text> <text x="348" y="420">AEAD.Encrypt</text>
<text x="260" y="452">Ciphertext</text> <text x="188" y="452">SFrame</text>
<text x="204" y="484">SFrame</text> <text x="260" y="452">Ciphertext</text>
<text x="260" y="484">Header</text> <text x="204" y="484">SFrame</text>
<text x="236" y="548">ciphertext</text> <text x="260" y="484">Header</text>
</g> <text x="236" y="548">ciphertext</text>
</svg> </g>
</artwork><artwork type="ascii-art"><![CDATA[ </svg>
</artwork>
<artwork type="ascii-art"><![CDATA[
+---------------+ +---------------+
| | | |
| | | |
| plaintext | | plaintext |
| | | |
| | | |
+-------+-------+ +-------+-------+
| |
.- +-----+ | .- +-----+ |
| | +--+--> sframe_key ----->| Key | | +--+--> sframe_key ----->| Key
skipping to change at line 890 skipping to change at line 897
| SFrame Ciphertext | | SFrame Ciphertext |
| +---------------+ | | +---------------+ |
+-------------->| SFrame Header | | +-------------->| SFrame Header | |
+---------------+ | +---------------+ |
| | | | | |
| |<----+ | |<----+
| ciphertext | | ciphertext |
| | | |
| | | |
+---------------+ +---------------+
]]></artwork></artset></figure> ]]></artwork>
</artset>
</section> </figure>
<section anchor="decryption"><name>Decryption</name> </section>
<section anchor="decryption">
<t>Before decrypting, a receiver needs to assemble a full SFrame ciphertext. Whe <name>Decryption</name>
n <t>Before decrypting, a receiver needs to assemble a full SFrame ciphe
rtext. When
an SFrame ciphertext is fragmented into multiple parts for transport (e.g., an SFrame ciphertext is fragmented into multiple parts for transport (e.g.,
a whole encrypted frame sent in multiple SRTP packets), the receiving client a whole encrypted frame sent in multiple SRTP packets), the receiving client
collects all the fragments of the ciphertext, using appropriate sequencing collects all the fragments of the ciphertext, using appropriate sequencing
and start/end markers in the transport. Once all of the required fragments are and start/end markers in the transport. Once all of the required fragments are
available, the client reassembles them into the SFrame ciphertext and passes available, the client reassembles them into the SFrame ciphertext and passes
the ciphertext to SFrame for decryption.</t> the ciphertext to SFrame for decryption.</t>
<t>The KID field in the SFrame header is used to find the right key an
<t>The KID field in the SFrame header is used to find the right key and salt for d salt for
the encrypted frame, and the CTR field is used to construct the nonce. The SFram e the encrypted frame, and the CTR field is used to construct the nonce. The SFram e
decryption procedure is as follows:</t> decryption procedure is as follows:</t>
<sourcecode type="pseudocode"><![CDATA[
<figure><sourcecode type="pseudocode"><![CDATA[
def decrypt(metadata, sframe_ciphertext): def decrypt(metadata, sframe_ciphertext):
KID, CTR, header, ciphertext = parse_ciphertext(sframe_ciphertext) KID, CTR, header, ciphertext = parse_ciphertext(sframe_ciphertext)
sframe_key, sframe_salt = key_store[KID] sframe_key, sframe_salt = key_store[KID]
ctr = encode_big_endian(CTR, AEAD.Nn) ctr = encode_big_endian(CTR, AEAD.Nn)
nonce = xor(sframe_salt, ctr) nonce = xor(sframe_salt, ctr)
aad = header + metadata aad = header + metadata
return AEAD.Decrypt(sframe_key, nonce, aad, ciphertext) return AEAD.Decrypt(sframe_key, nonce, aad, ciphertext)
]]></sourcecode></figure> ]]></sourcecode>
<t>If a ciphertext fails to decrypt because there is no key available
<t>If a ciphertext fails to decrypt because there is no key available for the KI for the KID
D
in the SFrame header, the client <bcp14>MAY</bcp14> buffer the ciphertext and re try decryption in the SFrame header, the client <bcp14>MAY</bcp14> buffer the ciphertext and re try decryption
once a key with that KID is received. If a ciphertext fails to decrypt for any once a key with that KID is received. If a ciphertext fails to decrypt for any
other reason, the client <bcp14>MUST</bcp14> discard the ciphertext. Invalid cip hertexts <bcp14>SHOULD</bcp14> be other reason, the client <bcp14>MUST</bcp14> discard the ciphertext. Invalid cip hertexts <bcp14>SHOULD</bcp14> be
discarded in a way that is indistinguishable (to an external observer) from havi ng discarded in a way that is indistinguishable (to an external observer) from havi ng
processed a valid ciphertext. In other words, the SFrame decrypt operation processed a valid ciphertext. In other words, the SFrame decrypt operation
should take the same amount of time regardless of whether decryption succeeds or fails.</t> should take the same amount of time regardless of whether decryption succeeds or fails.</t>
<figure>
<figure title="Decrypting an SFrame Ciphertext"><artset><artwork type="svg"><sv <name>Decrypting an SFrame Ciphertext</name>
g xmlns="http://www.w3.org/2000/svg" version="1.1" height="640" width="384" view <artset>
Box="0 0 384 640" class="diagram" text-anchor="middle" font-family="monospace" f <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" versio
ont-size="13px" stroke-linecap="round"> n="1.1" height="640" width="384" viewBox="0 0 384 640" class="diagram" text-anch
<path d="M 8,64 L 8,432" fill="none" stroke="black"/> or="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 32,224 L 32,320" fill="none" stroke="black"/> <path d="M 8,64 L 8,432" fill="none" stroke="black"/>
<path d="M 64,208 L 64,336" fill="none" stroke="black"/> <path d="M 32,224 L 32,320" fill="none" stroke="black"/>
<path d="M 96,368 L 96,400" fill="none" stroke="black"/> <path d="M 64,208 L 64,336" fill="none" stroke="black"/>
<path d="M 112,208 L 112,336" fill="none" stroke="black"/> <path d="M 96,368 L 96,400" fill="none" stroke="black"/>
<path d="M 136,48 L 136,176" fill="none" stroke="black"/> <path d="M 112,208 L 112,336" fill="none" stroke="black"/>
<path d="M 136,224 L 136,256" fill="none" stroke="black"/> <path d="M 136,48 L 136,176" fill="none" stroke="black"/>
<path d="M 160,400 L 160,432" fill="none" stroke="black"/> <path d="M 136,224 L 136,256" fill="none" stroke="black"/>
<path d="M 232,368 L 232,400" fill="none" stroke="black"/> <path d="M 160,400 L 160,432" fill="none" stroke="black"/>
<path d="M 248,512 L 248,608" fill="none" stroke="black"/> <path d="M 232,368 L 232,400" fill="none" stroke="black"/>
<path d="M 264,48 L 264,176" fill="none" stroke="black"/> <path d="M 248,512 L 248,608" fill="none" stroke="black"/>
<path d="M 288,256 L 288,288" fill="none" stroke="black"/> <path d="M 264,48 L 264,176" fill="none" stroke="black"/>
<path d="M 312,112 L 312,448" fill="none" stroke="black"/> <path d="M 288,256 L 288,288" fill="none" stroke="black"/>
<path d="M 312,496 L 312,504" fill="none" stroke="black"/> <path d="M 312,112 L 312,448" fill="none" stroke="black"/>
<path d="M 376,512 L 376,608" fill="none" stroke="black"/> <path d="M 312,496 L 312,504" fill="none" stroke="black"/>
<path d="M 136,48 L 264,48" fill="none" stroke="black"/> <path d="M 376,512 L 376,608" fill="none" stroke="black"/>
<path d="M 8,64 L 128,64" fill="none" stroke="black"/> <path d="M 136,48 L 264,48" fill="none" stroke="black"/>
<path d="M 136,80 L 264,80" fill="none" stroke="black"/> <path d="M 8,64 L 128,64" fill="none" stroke="black"/>
<path d="M 272,112 L 312,112" fill="none" stroke="black"/> <path d="M 136,80 L 264,80" fill="none" stroke="black"/>
<path d="M 136,176 L 264,176" fill="none" stroke="black"/> <path d="M 272,112 L 312,112" fill="none" stroke="black"/>
<path d="M 64,208 L 112,208" fill="none" stroke="black"/> <path d="M 136,176 L 264,176" fill="none" stroke="black"/>
<path d="M 112,224 L 160,224" fill="none" stroke="black"/> <path d="M 64,208 L 112,208" fill="none" stroke="black"/>
<path d="M 264,224 L 304,224" fill="none" stroke="black"/> <path d="M 112,224 L 160,224" fill="none" stroke="black"/>
<path d="M 136,256 L 160,256" fill="none" stroke="black"/> <path d="M 264,224 L 304,224" fill="none" stroke="black"/>
<path d="M 272,256 L 288,256" fill="none" stroke="black"/> <path d="M 136,256 L 160,256" fill="none" stroke="black"/>
<path d="M 8,272 L 24,272" fill="none" stroke="black"/> <path d="M 272,256 L 288,256" fill="none" stroke="black"/>
<path d="M 64,272 L 112,272" fill="none" stroke="black"/> <path d="M 8,272 L 24,272" fill="none" stroke="black"/>
<path d="M 112,288 L 304,288" fill="none" stroke="black"/> <path d="M 64,272 L 112,272" fill="none" stroke="black"/>
<path d="M 64,336 L 112,336" fill="none" stroke="black"/> <path d="M 112,288 L 304,288" fill="none" stroke="black"/>
<path d="M 96,368 L 232,368" fill="none" stroke="black"/> <path d="M 64,336 L 112,336" fill="none" stroke="black"/>
<path d="M 96,400 L 232,400" fill="none" stroke="black"/> <path d="M 96,368 L 232,368" fill="none" stroke="black"/>
<path d="M 8,432 L 304,432" fill="none" stroke="black"/> <path d="M 96,400 L 232,400" fill="none" stroke="black"/>
<path d="M 248,512 L 376,512" fill="none" stroke="black"/> <path d="M 8,432 L 304,432" fill="none" stroke="black"/>
<path d="M 248,608 L 376,608" fill="none" stroke="black"/> <path d="M 248,512 L 376,512" fill="none" stroke="black"/>
<path d="M 48,208 C 39.16936,208 32,215.16936 32,224" fill="none" stroke="black" <path d="M 248,608 L 376,608" fill="none" stroke="black"/>
/> <path d="M 48,208 C 39.16936,208 32,215.16936 32,224" fill="no
<path d="M 48,336 C 39.16936,336 32,328.83064 32,320" fill="none" stroke="black" ne" stroke="black"/>
/> <path d="M 48,336 C 39.16936,336 32,328.83064 32,320" fill="no
<polygon class="arrowhead" points="320,504 308,498.4 308,509.6" fill="black" tra ne" stroke="black"/>
nsform="rotate(90,312,504)"/> <polygon class="arrowhead" points="320,504 308,498.4 308,509.6
<polygon class="arrowhead" points="312,432 300,426.4 300,437.6" fill="black" tra " fill="black" transform="rotate(90,312,504)"/>
nsform="rotate(0,304,432)"/> <polygon class="arrowhead" points="312,432 300,426.4 300,437.6
<polygon class="arrowhead" points="312,288 300,282.4 300,293.6" fill="black" tra " fill="black" transform="rotate(0,304,432)"/>
nsform="rotate(0,304,288)"/> <polygon class="arrowhead" points="312,288 300,282.4 300,293.6
<polygon class="arrowhead" points="312,224 300,218.4 300,229.6" fill="black" tra " fill="black" transform="rotate(0,304,288)"/>
nsform="rotate(0,304,224)"/> <polygon class="arrowhead" points="312,224 300,218.4 300,229.6
<polygon class="arrowhead" points="168,256 156,250.4 156,261.6" fill="black" tra " fill="black" transform="rotate(0,304,224)"/>
nsform="rotate(0,160,256)"/> <polygon class="arrowhead" points="168,256 156,250.4 156,261.6
<polygon class="arrowhead" points="168,224 156,218.4 156,229.6" fill="black" tra " fill="black" transform="rotate(0,160,256)"/>
nsform="rotate(0,160,224)"/> <polygon class="arrowhead" points="168,224 156,218.4 156,229.6
<polygon class="arrowhead" points="32,272 20,266.4 20,277.6" fill="black" transf " fill="black" transform="rotate(0,160,224)"/>
orm="rotate(0,24,272)"/> <polygon class="arrowhead" points="32,272 20,266.4 20,277.6" f
<g class="text"> ill="black" transform="rotate(0,24,272)"/>
<text x="156" y="36">SFrame</text> <g class="text">
<text x="228" y="36">Ciphertext</text> <text x="156" y="36">SFrame</text>
<text x="172" y="68">SFrame</text> <text x="228" y="36">Ciphertext</text>
<text x="228" y="68">Header</text> <text x="172" y="68">SFrame</text>
<text x="204" y="132">ciphertext</text> <text x="228" y="68">Header</text>
<text x="212" y="228">sframe_key</text> <text x="204" y="132">ciphertext</text>
<text x="336" y="228">Key</text> <text x="212" y="228">sframe_key</text>
<text x="88" y="244">KID</text> <text x="336" y="228">Key</text>
<text x="216" y="260">sframe_salt</text> <text x="88" y="244">KID</text>
<text x="344" y="292">Nonce</text> <text x="216" y="260">sframe_salt</text>
<text x="88" y="308">CTR</text> <text x="344" y="292">Nonce</text>
<text x="164" y="388">metadata</text> <text x="88" y="308">CTR</text>
<text x="336" y="436">AAD</text> <text x="164" y="388">metadata</text>
<text x="316" y="468">AEAD.Decrypt</text> <text x="336" y="436">AAD</text>
<text x="312" y="484">|</text> <text x="316" y="468">AEAD.Decrypt</text>
<text x="312" y="564">plaintext</text> <text x="312" y="484">|</text>
</g> <text x="312" y="564">plaintext</text>
</svg> </g>
</artwork><artwork type="ascii-art"><![CDATA[ </svg>
</artwork>
<artwork type="ascii-art"><![CDATA[
SFrame Ciphertext SFrame Ciphertext
+---------------+ +---------------+
+---------------| SFrame Header | +---------------| SFrame Header |
| +---------------+ | +---------------+
| | | | | |
| | |-----+ | | |-----+
| | ciphertext | | | | ciphertext | |
| | | | | | | |
| | | | | | | |
| +---------------+ | | +---------------+ |
skipping to change at line 1029 skipping to change at line 1037
AEAD.Decrypt AEAD.Decrypt
| |
V V
+---------------+ +---------------+
| | | |
| | | |
| plaintext | | plaintext |
| | | |
| | | |
+---------------+ +---------------+
]]></artwork></artset></figure> ]]></artwork>
</artset>
</section> </figure>
</section> </section>
<section anchor="cipher-suites"><name>Cipher Suites</name> </section>
<section anchor="cipher-suites">
<t>Each SFrame session uses a single cipher suite that specifies the following <name>Cipher Suites</name>
<t>Each SFrame session uses a single cipher suite that specifies the fol
lowing
primitives:</t> primitives:</t>
<ul spacing="normal">
<t><list style="symbols"> <li>
<t>A hash function used for key derivation</t> <t>A hash function used for key derivation</t>
<t>An AEAD encryption algorithm <xref target="RFC5116"></xref> used for frame </li>
encryption, optionally <li>
<t>An AEAD encryption algorithm <xref target="RFC5116"/> used for fr
ame encryption, optionally
with a truncated authentication tag</t> with a truncated authentication tag</t>
</list></t> </li>
</ul>
<t>This document defines the following cipher suites, with the constants defined <t>This document defines the following cipher suites, with the constants
in defined in
<xref target="encryption-schema"/>:</t> <xref target="encryption-schema"/>:</t>
<table anchor="cipher-suite-constants">
<texttable title="SFrame Cipher Suite Constants" anchor="cipher-suite-constants" <name>SFrame Cipher Suite Constants</name>
> <thead>
<ttcol align='left'>Name</ttcol> <tr>
<ttcol align='left'>Nh</ttcol> <th align="left">Name</th>
<ttcol align='left'>Nka</ttcol> <th align="left">Nh</th>
<ttcol align='left'>Nk</ttcol> <th align="left">Nka</th>
<ttcol align='left'>Nn</ttcol> <th align="left">Nk</th>
<ttcol align='left'>Nt</ttcol> <th align="left">Nn</th>
<c><spanx style="verb">AES_128_CTR_HMAC_SHA256_80</spanx></c> <th align="left">Nt</th>
<c>32</c> </tr>
<c>16</c> </thead>
<c>48</c> <tbody>
<c>12</c> <tr>
<c>10</c> <td align="left">
<c><spanx style="verb">AES_128_CTR_HMAC_SHA256_64</spanx></c> <tt>AES_128_CTR_HMAC_SHA256_80</tt></td>
<c>32</c> <td align="left">32</td>
<c>16</c> <td align="left">16</td>
<c>48</c> <td align="left">48</td>
<c>12</c> <td align="left">12</td>
<c>8</c> <td align="left">10</td>
<c><spanx style="verb">AES_128_CTR_HMAC_SHA256_32</spanx></c> </tr>
<c>32</c> <tr>
<c>16</c> <td align="left">
<c>48</c> <tt>AES_128_CTR_HMAC_SHA256_64</tt></td>
<c>12</c> <td align="left">32</td>
<c>4</c> <td align="left">16</td>
<c><spanx style="verb">AES_128_GCM_SHA256_128</spanx></c> <td align="left">48</td>
<c>32</c> <td align="left">12</td>
<c>n/a</c> <td align="left">8</td>
<c>16</c> </tr>
<c>12</c> <tr>
<c>16</c> <td align="left">
<c><spanx style="verb">AES_256_GCM_SHA512_128</spanx></c> <tt>AES_128_CTR_HMAC_SHA256_32</tt></td>
<c>64</c> <td align="left">32</td>
<c>n/a</c> <td align="left">16</td>
<c>32</c> <td align="left">48</td>
<c>12</c> <td align="left">12</td>
<c>16</c> <td align="left">4</td>
</texttable> </tr>
<tr>
<t>Numeric identifiers for these cipher suites are defined in the IANA registry <td align="left">
<tt>AES_128_GCM_SHA256_128</tt></td>
<td align="left">32</td>
<td align="left">n/a</td>
<td align="left">16</td>
<td align="left">12</td>
<td align="left">16</td>
</tr>
<tr>
<td align="left">
<tt>AES_256_GCM_SHA512_128</tt></td>
<td align="left">64</td>
<td align="left">n/a</td>
<td align="left">32</td>
<td align="left">12</td>
<td align="left">16</td>
</tr>
</tbody>
</table>
<t>Numeric identifiers for these cipher suites are defined in the IANA r
egistry
created in <xref target="sframe-cipher-suites"/>.</t> created in <xref target="sframe-cipher-suites"/>.</t>
<t>In the suite names, the length of the authentication tag is indicated
<t>In the suite names, the length of the authentication tag is indicated by by
the last value: "_128" indicates a 128-bit tag, "_80" indicates the last value: "_128" indicates a 128-bit tag, "_80" indicates
an 80-bit tag, "_64" indicates a 64-bit tag, and "_32" indicates a an 80-bit tag, "_64" indicates a 64-bit tag, and "_32" indicates a
32-bit tag.</t> 32-bit tag.</t>
<t>In a session that uses multiple media streams, different cipher suite
<t>In a session that uses multiple media streams, different cipher suites might s might be
be
configured for different media streams. For example, in order to conserve configured for different media streams. For example, in order to conserve
bandwidth, a session might use a cipher suite with 80-bit tags for video frames bandwidth, a session might use a cipher suite with 80-bit tags for video frames
and another cipher suite with 32-bit tags for audio frames.</t> and another cipher suite with 32-bit tags for audio frames.</t>
<section anchor="aes-ctr-with-sha2">
<section anchor="aes-ctr-with-sha2"><name>AES-CTR with SHA2</name> <name>AES-CTR with SHA2</name>
<t>In order to allow very short tag sizes, we define a synthetic AEAD
<t>In order to allow very short tag sizes, we define a synthetic AEAD function function
using the authenticated counter mode of AES together with HMAC for using the authenticated counter mode of AES together with HMAC for
authentication. We use an encrypt-then-MAC approach, as in SRTP <xref target="R FC3711"/>.</t> authentication. We use an encrypt-then-MAC approach, as in SRTP <xref target="R FC3711"/>.</t>
<t>Before encryption or decryption, encryption and authentication subk
<t>Before encryption or decryption, encryption and authentication subkeys are eys are
derived from the single AEAD key. The overall length of the AEAD key is <spanx derived from the single AEAD key. The overall length of the AEAD key is <tt>Nka
style="verb">Nka + +
Nh</spanx>, where <spanx style="verb">Nka</spanx> represents the key size for th Nh</tt>, where <tt>Nka</tt> represents the key size for the AES block cipher in
e AES block cipher in use and <spanx style="verb">Nh</spanx> use and <tt>Nh</tt>
represents the output size of the hash function (as in <xref target="encryption -schema"/>). represents the output size of the hash function (as in <xref target="encryption -schema"/>).
The encryption subkey comprises the first <spanx style="verb">Nka</spanx> bytes The encryption subkey comprises the first <tt>Nka</tt> bytes and the authenticat
and the authentication ion
subkey comprises the remaining <spanx style="verb">Nh</spanx> bytes.</t> subkey comprises the remaining <tt>Nh</tt> bytes.</t>
<sourcecode type="pseudocode"><![CDATA[
<figure><sourcecode type="pseudocode"><![CDATA[
def derive_subkeys(sframe_key): def derive_subkeys(sframe_key):
# The encryption key comprises the first Nka bytes # The encryption key comprises the first Nka bytes
enc_key = sframe_key[..Nka] enc_key = sframe_key[..Nka]
# The authentication key comprises Nh remaining bytes # The authentication key comprises Nh remaining bytes
auth_key = sframe_key[Nka..] auth_key = sframe_key[Nka..]
return enc_key, auth_key return enc_key, auth_key
]]></sourcecode></figure> ]]></sourcecode>
<t>The AEAD encryption and decryption functions are then composed of i
<t>The AEAD encryption and decryption functions are then composed of individual ndividual
calls to the CTR encrypt function and HMAC. The resulting MAC value is truncate d calls to the CTR encrypt function and HMAC. The resulting MAC value is truncate d
to a number of bytes <spanx style="verb">Nt</spanx> fixed by the cipher suite.</ to a number of bytes <tt>Nt</tt> fixed by the cipher suite.</t>
t> <sourcecode type="pseudocode"><![CDATA[
<figure><sourcecode type="pseudocode"><![CDATA[
def truncate(tag, n): def truncate(tag, n):
# Take the first `n` bytes of `tag` # Take the first `n` bytes of `tag`
return tag[..n] return tag[..n]
def compute_tag(auth_key, nonce, aad, ct): def compute_tag(auth_key, nonce, aad, ct):
aad_len = encode_big_endian(len(aad), 8) aad_len = encode_big_endian(len(aad), 8)
ct_len = encode_big_endian(len(ct), 8) ct_len = encode_big_endian(len(ct), 8)
tag_len = encode_big_endian(Nt, 8) tag_len = encode_big_endian(Nt, 8)
auth_data = aad_len + ct_len + tag_len + nonce + aad + ct auth_data = aad_len + ct_len + tag_len + nonce + aad + ct
tag = HMAC(auth_key, auth_data) tag = HMAC(auth_key, auth_data)
skipping to change at line 1157 skipping to change at line 1181
def AEAD.Decrypt(key, nonce, aad, ct): def AEAD.Decrypt(key, nonce, aad, ct):
inner_ct, tag = split_ct(ct, tag_len) inner_ct, tag = split_ct(ct, tag_len)
enc_key, auth_key = derive_subkeys(key) enc_key, auth_key = derive_subkeys(key)
candidate_tag = compute_tag(auth_key, nonce, aad, inner_ct) candidate_tag = compute_tag(auth_key, nonce, aad, inner_ct)
if !constant_time_equal(tag, candidate_tag): if !constant_time_equal(tag, candidate_tag):
raise Exception("Authentication Failure") raise Exception("Authentication Failure")
initial_counter = nonce + 0x00000000 # append four zero bytes initial_counter = nonce + 0x00000000 # append four zero bytes
return AES-CTR.Decrypt(enc_key, initial_counter, inner_ct) return AES-CTR.Decrypt(enc_key, initial_counter, inner_ct)
]]></sourcecode></figure> ]]></sourcecode>
</section>
</section> </section>
</section> </section>
</section> <section anchor="key-management">
<section anchor="key-management"><name>Key Management</name> <name>Key Management</name>
<t>SFrame must be integrated with an E2E key management framework to excha
<t>SFrame must be integrated with an E2E key management framework to exchange an nge and
d
rotate the keys used for SFrame encryption. The key management rotate the keys used for SFrame encryption. The key management
framework provides the following functions:</t> framework provides the following functions:</t>
<ul spacing="normal">
<t><list style="symbols"> <li>
<t>Provisioning KID / <spanx style="verb">base_key</spanx> mappings to partici <t>Provisioning KID / <tt>base_key</tt> mappings to participating clie
pating clients</t> nts</t>
<t>Updating the above data as clients join or leave</t> </li>
</list></t> <li>
<t>Updating the above data as clients join or leave</t>
<t>It is the responsibility of the application to provide the key management </li>
</ul>
<t>It is the responsibility of the application to provide the key manageme
nt
framework, as described in <xref target="key-management-framework"/>.</t> framework, as described in <xref target="key-management-framework"/>.</t>
<section anchor="sender-keys">
<section anchor="sender-keys"><name>Sender Keys</name> <name>Sender Keys</name>
<t>If the participants in a call have a preexisting E2E-secure channel,
<t>If the participants in a call have a preexisting E2E-secure channel, they can they can
use it to distribute SFrame keys. Each client participating in a call generates use it to distribute SFrame keys. Each client participating in a call generates
a fresh <spanx style="verb">base_key</spanx> value that it will use to encrypt m edia. The client then uses a fresh <tt>base_key</tt> value that it will use to encrypt media. The client th en uses
the E2E-secure channel to send their encryption key to the other participants.</ t> the E2E-secure channel to send their encryption key to the other participants.</ t>
<t>In this scheme, it is assumed that receivers have a signal outside of
<t>In this scheme, it is assumed that receivers have a signal outside of SFrame SFrame for
for
which client has sent a given frame (e.g., an RTP synchronization source (SSRC)) . SFrame KID which client has sent a given frame (e.g., an RTP synchronization source (SSRC)) . SFrame KID
values are then used to distinguish between versions of the sender's <spanx styl values are then used to distinguish between versions of the sender's <tt>base_ke
e="verb">base_key</spanx>.</t> y</tt>.</t>
<t>KID values in this scheme have two parts: a "key generation" and a "r
<t>KID values in this scheme have two parts: a "key generation" and a "ratchet s atchet step".
tep".
Both are unsigned integers that begin at zero. The key generation increments Both are unsigned integers that begin at zero. The key generation increments
each time the sender distributes a new key to receivers. The ratchet step is each time the sender distributes a new key to receivers. The ratchet step is
incremented each time the sender ratchets their key forward for forward secrecy: </t> incremented each time the sender ratchets their key forward for forward secrecy: </t>
<sourcecode type="pseudocode"><![CDATA[
<figure><sourcecode type="pseudocode"><![CDATA[
base_key[i+1] = HKDF-Expand( base_key[i+1] = HKDF-Expand(
HKDF-Extract("", base_key[i]), HKDF-Extract("", base_key[i]),
"SFrame 1.0 Ratchet", CipherSuite.Nh) "SFrame 1.0 Ratchet", CipherSuite.Nh)
]]></sourcecode></figure> ]]></sourcecode>
<t>For compactness, we do not send the whole ratchet step. Instead, we
<t>For compactness, we do not send the whole ratchet step. Instead, we send onl send only
y its low-order <tt>R</tt> bits, where <tt>R</tt> is a value set by the applicatio
its low-order <spanx style="verb">R</spanx> bits, where <spanx style="verb">R</s n. Different
panx> is a value set by the application. Different senders may use different values of <tt>R</tt>, but each receiver of a given sen
senders may use different values of <spanx style="verb">R</spanx>, but each rece der
iver of a given sender needs to know what value of <tt>R</tt> is used by the sender so that they can re
needs to know what value of <spanx style="verb">R</spanx> is used by the sender cognize
so that they can recognize when they need to ratchet (vs. expecting a new key). <tt>R</tt> effectively def
when they need to ratchet (vs. expecting a new key). <spanx style="verb">R</spa ines a
nx> effectively defines a reordering window, since no more than 2<sup><tt>R</tt></sup> ratchet steps can b
reordering window, since no more than 2<sup><spanx style="verb">R</spanx></sup> e
ratchet steps can be active at a given time. The key generation is sent in the remaining <tt>64 - R<
active at a given time. The key generation is sent in the remaining <spanx styl /tt>
e="verb">64 - R</spanx>
bits of the KID.</t> bits of the KID.</t>
<sourcecode type="pseudocode"><![CDATA[
<figure><sourcecode type="pseudocode"><![CDATA[
KID = (key_generation << R) + (ratchet_step % (1 << R)) KID = (key_generation << R) + (ratchet_step % (1 << R))
]]></sourcecode></figure> ]]></sourcecode>
<figure anchor="sender-keys-kid">
<figure title="Structure of a KID in the Sender Keys Scheme" anchor="sender-keys <name>Structure of a KID in the Sender Keys Scheme</name>
-kid"><artset><artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" versi <artset>
on="1.1" height="112" width="280" viewBox="0 0 280 112" class="diagram" text-anc <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version=
hor="middle" font-family="monospace" font-size="13px" stroke-linecap="round"> "1.1" height="112" width="280" viewBox="0 0 280 112" class="diagram" text-anchor
<path d="M 8,64 L 8,96" fill="none" stroke="black"/> ="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 152,64 L 152,96" fill="none" stroke="black"/> <path d="M 8,64 L 8,96" fill="none" stroke="black"/>
<path d="M 272,64 L 272,96" fill="none" stroke="black"/> <path d="M 152,64 L 152,96" fill="none" stroke="black"/>
<path d="M 16,48 L 144,48" fill="none" stroke="black"/> <path d="M 272,64 L 272,96" fill="none" stroke="black"/>
<path d="M 160,48 L 264,48" fill="none" stroke="black"/> <path d="M 16,48 L 144,48" fill="none" stroke="black"/>
<path d="M 8,64 L 272,64" fill="none" stroke="black"/> <path d="M 160,48 L 264,48" fill="none" stroke="black"/>
<path d="M 8,96 L 272,96" fill="none" stroke="black"/> <path d="M 8,64 L 272,64" fill="none" stroke="black"/>
<polygon class="arrowhead" points="272,48 260,42.4 260,53.6" fill="black" transf <path d="M 8,96 L 272,96" fill="none" stroke="black"/>
orm="rotate(0,264,48)"/> <polygon class="arrowhead" points="272,48 260,42.4 260,53.6" fil
<polygon class="arrowhead" points="168,48 156,42.4 156,53.6" fill="black" transf l="black" transform="rotate(0,264,48)"/>
orm="rotate(180,160,48)"/> <polygon class="arrowhead" points="168,48 156,42.4 156,53.6" fil
<polygon class="arrowhead" points="152,48 140,42.4 140,53.6" fill="black" transf l="black" transform="rotate(180,160,48)"/>
orm="rotate(0,144,48)"/> <polygon class="arrowhead" points="152,48 140,42.4 140,53.6" fil
<polygon class="arrowhead" points="24,48 12,42.4 12,53.6" fill="black" transform l="black" transform="rotate(0,144,48)"/>
="rotate(180,16,48)"/> <polygon class="arrowhead" points="24,48 12,42.4 12,53.6" fill="
<g class="text"> black" transform="rotate(180,16,48)"/>
<text x="60" y="36">64-R</text> <g class="text">
<text x="100" y="36">bits</text> <text x="60" y="36">64-R</text>
<text x="192" y="36">R</text> <text x="100" y="36">bits</text>
<text x="220" y="36">bits</text> <text x="192" y="36">R</text>
<text x="32" y="84">Key</text> <text x="220" y="36">bits</text>
<text x="92" y="84">Generation</text> <text x="32" y="84">Key</text>
<text x="192" y="84">Ratchet</text> <text x="92" y="84">Generation</text>
<text x="244" y="84">Step</text> <text x="192" y="84">Ratchet</text>
</g> <text x="244" y="84">Step</text>
</svg> </g>
</artwork><artwork type="ascii-art"><![CDATA[ </svg>
</artwork>
<artwork type="ascii-art"><![CDATA[
64-R bits R bits 64-R bits R bits
<---------------> <------------> <---------------> <------------>
+-----------------+--------------+ +-----------------+--------------+
| Key Generation | Ratchet Step | | Key Generation | Ratchet Step |
+-----------------+--------------+ +-----------------+--------------+
]]></artwork></artset></figure> ]]></artwork>
</artset>
<t>The sender signals such a ratchet step update by sending with a KID value in </figure>
<t>The sender signals such a ratchet step update by sending with a KID v
alue in
which the ratchet step has been incremented. A receiver who receives from a which the ratchet step has been incremented. A receiver who receives from a
sender with a new KID computes the new key as above. The old key may be kept sender with a new KID computes the new key as above. The old key may be kept
for some time to allow for out-of-order delivery, but should be deleted for some time to allow for out-of-order delivery, but should be deleted
promptly.</t> promptly.</t>
<t>If a new participant joins in the middle of a session, they will need
<t>If a new participant joins in the middle of a session, they will need to rece to receive
ive
from each sender (a) the current sender key for that sender and (b) the current from each sender (a) the current sender key for that sender and (b) the current
KID value for the sender. Evicting a participant requires each sender to send KID value for the sender. Evicting a participant requires each sender to send
a fresh sender key to all receivers.</t> a fresh sender key to all receivers.</t>
<t>It is the application's responsibility to decide when sender keys are
<t>It is the application's responsibility to decide when sender keys are updated updated. A sender
. A sender key may be updated by sending a new <tt>base_key</tt> (updating the key generati
key may be updated by sending a new <spanx style="verb">base_key</spanx> (updati on) or
ng the key generation) or by hashing the current <tt>base_key</tt> (updating the ratchet step). Ratchetin
by hashing the current <spanx style="verb">base_key</spanx> (updating the ratche g the
t step). Ratcheting the
key forward is useful when adding new receivers to an SFrame-based interaction, key forward is useful when adding new receivers to an SFrame-based interaction,
since it ensures that the new receivers can't decrypt any media encrypted before since it ensures that the new receivers can't decrypt any media encrypted before
they were added. If a sender wishes to assure the opposite property when they were added. If a sender wishes to assure the opposite property when
removing a receiver (i.e., ensuring that the receiver can't decrypt media after removing a receiver (i.e., ensuring that the receiver can't decrypt media after
they are removed), then the sender will need to distribute a new sender key.</t> they are removed), then the sender will need to distribute a new sender key.</t>
</section>
</section> <section anchor="mls">
<section anchor="mls"><name>MLS</name> <name>MLS</name>
<t>The Messaging Layer Security (MLS) protocol provides group authentica
<t>The Messaging Layer Security (MLS) protocol provides group authenticated key ted key
exchange <xref target="MLS-ARCH"/> <xref target="MLS-PROTO"/>. In exchange <xref target="I-D.ietf-mls-architecture"/> <xref target="RFC9420"/>. I
n
principle, it could be used to instantiate the sender key scheme above, but it principle, it could be used to instantiate the sender key scheme above, but it
can also be used more efficiently directly.</t> can also be used more efficiently directly.</t>
<t>MLS creates a linear sequence of keys, each of which is shared among
<t>MLS creates a linear sequence of keys, each of which is shared among the memb the members
ers
of a group at a given point in time. When a member joins or leaves the group, a of a group at a given point in time. When a member joins or leaves the group, a
new key is produced that is known only to the augmented or reduced group. Each new key is produced that is known only to the augmented or reduced group. Each
step in the lifetime of the group is known as an "epoch", and each member of the step in the lifetime of the group is known as an "epoch", and each member of the
group is assigned an "index" that is constant for the time they are in the group is assigned an "index" that is constant for the time they are in the
group.</t> group.</t>
<t>To generate keys and nonces for SFrame, we use the MLS exporter funct
<t>To generate keys and nonces for SFrame, we use the MLS exporter function to ion to
generate a <spanx style="verb">base_key</spanx> value for each MLS epoch. Each generate a <tt>base_key</tt> value for each MLS epoch. Each member of the group
member of the group is is
assigned a set of KID values so that each member has a unique <spanx style="verb assigned a set of KID values so that each member has a unique <tt>sframe_key</tt
">sframe_key</spanx> and > and
<spanx style="verb">sframe_salt</spanx> that it uses to encrypt with. Senders m <tt>sframe_salt</tt> that it uses to encrypt with. Senders may choose any KID v
ay choose any KID value alue
within their assigned set of KID values, e.g., to allow a single sender to send within their assigned set of KID values, e.g., to allow a single sender to send
multiple, uncoordinated outbound media streams.</t> multiple, uncoordinated outbound media streams.</t>
<sourcecode type="pseudocode"><![CDATA[
<figure><sourcecode type="pseudocode"><![CDATA[
base_key = MLS-Exporter("SFrame 1.0 Base Key", "", AEAD.Nk) base_key = MLS-Exporter("SFrame 1.0 Base Key", "", AEAD.Nk)
]]></sourcecode></figure> ]]></sourcecode>
<t>For compactness, we do not send the whole epoch number. Instead, we
<t>For compactness, we do not send the whole epoch number. Instead, we send onl send only
y its low-order <tt>E</tt> bits, where <tt>E</tt> is a value set by the applicatio
its low-order <spanx style="verb">E</spanx> bits, where <spanx style="verb">E</s n. <tt>E</tt>
panx> is a value set by the application. <spanx style="verb">E</spanx> effectively defines a reordering window, since no more than 2<sup><tt>E</tt></su
effectively defines a reordering window, since no more than 2<sup><spanx style=" p>
verb">E</spanx></sup>
epochs can be active at a given time. To handle rollover of the epoch counter, epochs can be active at a given time. To handle rollover of the epoch counter,
receivers <bcp14>MUST</bcp14> remove an old epoch when a new epoch with the same low-order receivers <bcp14>MUST</bcp14> remove an old epoch when a new epoch with the same low-order
E bits is introduced.</t> E bits is introduced.</t>
<t>Let <tt>S</tt> be the number of bits required to encode a member inde
<t>Let <spanx style="verb">S</spanx> be the number of bits required to encode a x in the group,
member index in the group, i.e., the smallest value such that <tt>group_size &lt;= (1 &lt;&lt; S)</tt>. Th
i.e., the smallest value such that <spanx style="verb">group_size &lt;= (1 &lt;& e sender index
lt; S)</spanx>. The sender index is encoded in the <tt>S</tt> bits above the epoch. The remaining <tt>64 - S - E
is encoded in the <spanx style="verb">S</spanx> bits above the epoch. The remai </tt> bits of
ning <spanx style="verb">64 - S - E</spanx> bits of the KID value are a <tt>context</tt> value chosen by the sender (<tt>context</tt
the KID value are a <spanx style="verb">context</spanx> value chosen by the send > value <tt>0</tt> will
er (<spanx style="verb">context</spanx> value <spanx style="verb">0</spanx> will
produce the shortest encoded KID).</t> produce the shortest encoded KID).</t>
<sourcecode type="pseudocode"><![CDATA[
<figure><sourcecode type="pseudocode"><![CDATA[
KID = (context << (S + E)) + (sender_index << E) + (epoch % (1 << E)) KID = (context << (S + E)) + (sender_index << E) + (epoch % (1 << E))
]]></sourcecode></figure> ]]></sourcecode>
<figure anchor="mls-kid">
<figure title="Structure of a KID for an MLS Sender" anchor="mls-kid"><artset><a <name>Structure of a KID for an MLS Sender</name>
rtwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height= <artset>
"112" width="264" viewBox="0 0 264 112" class="diagram" text-anchor="middle" fon <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version=
t-family="monospace" font-size="13px" stroke-linecap="round"> "1.1" height="112" width="264" viewBox="0 0 264 112" class="diagram" text-anchor
<path d="M 8,64 L 8,96" fill="none" stroke="black"/> ="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 120,64 L 120,96" fill="none" stroke="black"/> <path d="M 8,64 L 8,96" fill="none" stroke="black"/>
<path d="M 192,64 L 192,96" fill="none" stroke="black"/> <path d="M 120,64 L 120,96" fill="none" stroke="black"/>
<path d="M 256,64 L 256,96" fill="none" stroke="black"/> <path d="M 192,64 L 192,96" fill="none" stroke="black"/>
<path d="M 16,48 L 112,48" fill="none" stroke="black"/> <path d="M 256,64 L 256,96" fill="none" stroke="black"/>
<path d="M 128,48 L 184,48" fill="none" stroke="black"/> <path d="M 16,48 L 112,48" fill="none" stroke="black"/>
<path d="M 200,48 L 256,48" fill="none" stroke="black"/> <path d="M 128,48 L 184,48" fill="none" stroke="black"/>
<path d="M 8,64 L 256,64" fill="none" stroke="black"/> <path d="M 200,48 L 256,48" fill="none" stroke="black"/>
<path d="M 8,96 L 256,96" fill="none" stroke="black"/> <path d="M 8,64 L 256,64" fill="none" stroke="black"/>
<polygon class="arrowhead" points="264,48 252,42.4 252,53.6" fill="black" transf <path d="M 8,96 L 256,96" fill="none" stroke="black"/>
orm="rotate(0,256,48)"/> <polygon class="arrowhead" points="264,48 252,42.4 252,53.6" fil
<polygon class="arrowhead" points="208,48 196,42.4 196,53.6" fill="black" transf l="black" transform="rotate(0,256,48)"/>
orm="rotate(180,200,48)"/> <polygon class="arrowhead" points="208,48 196,42.4 196,53.6" fil
<polygon class="arrowhead" points="192,48 180,42.4 180,53.6" fill="black" transf l="black" transform="rotate(180,200,48)"/>
orm="rotate(0,184,48)"/> <polygon class="arrowhead" points="192,48 180,42.4 180,53.6" fil
<polygon class="arrowhead" points="136,48 124,42.4 124,53.6" fill="black" transf l="black" transform="rotate(0,184,48)"/>
orm="rotate(180,128,48)"/> <polygon class="arrowhead" points="136,48 124,42.4 124,53.6" fil
<polygon class="arrowhead" points="120,48 108,42.4 108,53.6" fill="black" transf l="black" transform="rotate(180,128,48)"/>
orm="rotate(0,112,48)"/> <polygon class="arrowhead" points="120,48 108,42.4 108,53.6" fil
<polygon class="arrowhead" points="24,48 12,42.4 12,53.6" fill="black" transform l="black" transform="rotate(0,112,48)"/>
="rotate(180,16,48)"/> <polygon class="arrowhead" points="24,48 12,42.4 12,53.6" fill="
<g class="text"> black" transform="rotate(180,16,48)"/>
<text x="44" y="36">64-S-E</text> <g class="text">
<text x="92" y="36">bits</text> <text x="44" y="36">64-S-E</text>
<text x="136" y="36">S</text> <text x="92" y="36">bits</text>
<text x="164" y="36">bits</text> <text x="136" y="36">S</text>
<text x="208" y="36">E</text> <text x="164" y="36">bits</text>
<text x="236" y="36">bits</text> <text x="208" y="36">E</text>
<text x="48" y="84">Context</text> <text x="236" y="36">bits</text>
<text x="92" y="84">ID</text> <text x="48" y="84">Context</text>
<text x="152" y="84">Index</text> <text x="92" y="84">ID</text>
<text x="224" y="84">Epoch</text> <text x="152" y="84">Index</text>
</g> <text x="224" y="84">Epoch</text>
</svg> </g>
</artwork><artwork type="ascii-art"><![CDATA[ </svg>
</artwork>
<artwork type="ascii-art"><![CDATA[
64-S-E bits S bits E bits 64-S-E bits S bits E bits
<-----------> <------> <------> <-----------> <------> <------>
+-------------+--------+-------+ +-------------+--------+-------+
| Context ID | Index | Epoch | | Context ID | Index | Epoch |
+-------------+--------+-------+ +-------------+--------+-------+
]]></artwork></artset></figure> ]]></artwork>
</artset>
<t>Once an SFrame stack has been provisioned with the <spanx style="verb">sframe </figure>
_epoch_secret</spanx> for an <t>Once an SFrame stack has been provisioned with the <tt>sframe_epoch_s
ecret</tt> for an
epoch, it can compute the required KID values on demand (as well as the epoch, it can compute the required KID values on demand (as well as the
resulting SFrame keys/nonces derived from the <spanx style="verb">base_key</span x> and KID) as it needs resulting SFrame keys/nonces derived from the <tt>base_key</tt> and KID) as it n eeds
to encrypt or decrypt for a given member.</t> to encrypt or decrypt for a given member.</t>
<figure anchor="mls-evolution">
<figure title="An Example Sequence of KIDs for an MLS-based SFrame <name>An Example Sequence of KIDs for an MLS-based SFrame Session (E=4
Session (E=4; S=6, Allowing for 64 Group Members)" anchor="mls-evolution"><artse ; S=6, Allowing for 64 Group Members)</name>
t><artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" hei <artset>
ght="448" width="472" viewBox="0 0 472 448" class="diagram" text-anchor="middle" <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version=
font-family="monospace" font-size="13px" stroke-linecap="round"> "1.1" height="448" width="472" viewBox="0 0 472 448" class="diagram" text-anchor
<path d="M 80,48 L 80,416" fill="none" stroke="black"/> ="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 104,80 L 104,144" fill="none" stroke="black"/> <path d="M 80,48 L 80,416" fill="none" stroke="black"/>
<path d="M 104,192 L 104,224" fill="none" stroke="black"/> <path d="M 104,80 L 104,144" fill="none" stroke="black"/>
<path d="M 104,352 L 104,384" fill="none" stroke="black"/> <path d="M 104,192 L 104,224" fill="none" stroke="black"/>
<path d="M 216,272 L 216,304" fill="none" stroke="black"/> <path d="M 104,352 L 104,384" fill="none" stroke="black"/>
<path d="M 80,80 L 120,80" fill="none" stroke="black"/> <path d="M 216,272 L 216,304" fill="none" stroke="black"/>
<path d="M 200,80 L 224,80" fill="none" stroke="black"/> <path d="M 80,80 L 120,80" fill="none" stroke="black"/>
<path d="M 104,112 L 120,112" fill="none" stroke="black"/> <path d="M 200,80 L 224,80" fill="none" stroke="black"/>
<path d="M 200,112 L 224,112" fill="none" stroke="black"/> <path d="M 104,112 L 120,112" fill="none" stroke="black"/>
<path d="M 104,144 L 120,144" fill="none" stroke="black"/> <path d="M 200,112 L 224,112" fill="none" stroke="black"/>
<path d="M 208,144 L 224,144" fill="none" stroke="black"/> <path d="M 104,144 L 120,144" fill="none" stroke="black"/>
<path d="M 80,192 L 120,192" fill="none" stroke="black"/> <path d="M 208,144 L 224,144" fill="none" stroke="black"/>
<path d="M 200,192 L 224,192" fill="none" stroke="black"/> <path d="M 80,192 L 120,192" fill="none" stroke="black"/>
<path d="M 104,224 L 120,224" fill="none" stroke="black"/> <path d="M 200,192 L 224,192" fill="none" stroke="black"/>
<path d="M 200,224 L 224,224" fill="none" stroke="black"/> <path d="M 104,224 L 120,224" fill="none" stroke="black"/>
<path d="M 80,272 L 120,272" fill="none" stroke="black"/> <path d="M 200,224 L 224,224" fill="none" stroke="black"/>
<path d="M 200,272 L 240,272" fill="none" stroke="black"/> <path d="M 80,272 L 120,272" fill="none" stroke="black"/>
<path d="M 352,272 L 368,272" fill="none" stroke="black"/> <path d="M 200,272 L 240,272" fill="none" stroke="black"/>
<path d="M 216,304 L 240,304" fill="none" stroke="black"/> <path d="M 352,272 L 368,272" fill="none" stroke="black"/>
<path d="M 352,304 L 368,304" fill="none" stroke="black"/> <path d="M 216,304 L 240,304" fill="none" stroke="black"/>
<path d="M 80,352 L 120,352" fill="none" stroke="black"/> <path d="M 352,304 L 368,304" fill="none" stroke="black"/>
<path d="M 208,352 L 224,352" fill="none" stroke="black"/> <path d="M 80,352 L 120,352" fill="none" stroke="black"/>
<path d="M 104,384 L 120,384" fill="none" stroke="black"/> <path d="M 208,352 L 224,352" fill="none" stroke="black"/>
<path d="M 208,384 L 224,384" fill="none" stroke="black"/> <path d="M 104,384 L 120,384" fill="none" stroke="black"/>
<polygon class="arrowhead" points="376,304 364,298.4 364,309.6" fill="black" tra <path d="M 208,384 L 224,384" fill="none" stroke="black"/>
nsform="rotate(0,368,304)"/> <polygon class="arrowhead" points="376,304 364,298.4 364,309.6"
<polygon class="arrowhead" points="376,272 364,266.4 364,277.6" fill="black" tra fill="black" transform="rotate(0,368,304)"/>
nsform="rotate(0,368,272)"/> <polygon class="arrowhead" points="376,272 364,266.4 364,277.6"
<polygon class="arrowhead" points="248,304 236,298.4 236,309.6" fill="black" tra fill="black" transform="rotate(0,368,272)"/>
nsform="rotate(0,240,304)"/> <polygon class="arrowhead" points="248,304 236,298.4 236,309.6"
<polygon class="arrowhead" points="248,272 236,266.4 236,277.6" fill="black" tra fill="black" transform="rotate(0,240,304)"/>
nsform="rotate(0,240,272)"/> <polygon class="arrowhead" points="248,272 236,266.4 236,277.6"
<polygon class="arrowhead" points="232,384 220,378.4 220,389.6" fill="black" tra fill="black" transform="rotate(0,240,272)"/>
nsform="rotate(0,224,384)"/> <polygon class="arrowhead" points="232,384 220,378.4 220,389.6"
<polygon class="arrowhead" points="232,352 220,346.4 220,357.6" fill="black" tra fill="black" transform="rotate(0,224,384)"/>
nsform="rotate(0,224,352)"/> <polygon class="arrowhead" points="232,352 220,346.4 220,357.6"
<polygon class="arrowhead" points="232,224 220,218.4 220,229.6" fill="black" tra fill="black" transform="rotate(0,224,352)"/>
nsform="rotate(0,224,224)"/> <polygon class="arrowhead" points="232,224 220,218.4 220,229.6"
<polygon class="arrowhead" points="232,192 220,186.4 220,197.6" fill="black" tra fill="black" transform="rotate(0,224,224)"/>
nsform="rotate(0,224,192)"/> <polygon class="arrowhead" points="232,192 220,186.4 220,197.6"
<polygon class="arrowhead" points="232,144 220,138.4 220,149.6" fill="black" tra fill="black" transform="rotate(0,224,192)"/>
nsform="rotate(0,224,144)"/> <polygon class="arrowhead" points="232,144 220,138.4 220,149.6"
<polygon class="arrowhead" points="232,112 220,106.4 220,117.6" fill="black" tra fill="black" transform="rotate(0,224,144)"/>
nsform="rotate(0,224,112)"/> <polygon class="arrowhead" points="232,112 220,106.4 220,117.6"
<polygon class="arrowhead" points="232,80 220,74.4 220,85.6" fill="black" transf fill="black" transform="rotate(0,224,112)"/>
orm="rotate(0,224,80)"/> <polygon class="arrowhead" points="232,80 220,74.4 220,85.6" fil
<g class="text"> l="black" transform="rotate(0,224,80)"/>
<text x="32" y="36">...</text> <g class="text">
<text x="24" y="84">Epoch</text> <text x="32" y="36">...</text>
<text x="60" y="84">14</text> <text x="24" y="84">Epoch</text>
<text x="160" y="84">index=3</text> <text x="60" y="84">14</text>
<text x="248" y="84">KID</text> <text x="160" y="84">index=3</text>
<text x="272" y="84">=</text> <text x="248" y="84">KID</text>
<text x="300" y="84">0x3e</text> <text x="272" y="84">=</text>
<text x="160" y="116">index=7</text> <text x="300" y="84">0x3e</text>
<text x="248" y="116">KID</text> <text x="160" y="116">index=7</text>
<text x="272" y="116">=</text> <text x="248" y="116">KID</text>
<text x="300" y="116">0x7e</text> <text x="272" y="116">=</text>
<text x="164" y="148">index=20</text> <text x="300" y="116">0x7e</text>
<text x="248" y="148">KID</text> <text x="164" y="148">index=20</text>
<text x="272" y="148">=</text> <text x="248" y="148">KID</text>
<text x="304" y="148">0x14e</text> <text x="272" y="148">=</text>
<text x="24" y="196">Epoch</text> <text x="304" y="148">0x14e</text>
<text x="60" y="196">15</text> <text x="24" y="196">Epoch</text>
<text x="160" y="196">index=3</text> <text x="60" y="196">15</text>
<text x="248" y="196">KID</text> <text x="160" y="196">index=3</text>
<text x="272" y="196">=</text> <text x="248" y="196">KID</text>
<text x="300" y="196">0x3f</text> <text x="272" y="196">=</text>
<text x="160" y="228">index=5</text> <text x="300" y="196">0x3f</text>
<text x="248" y="228">KID</text> <text x="160" y="228">index=5</text>
<text x="272" y="228">=</text> <text x="248" y="228">KID</text>
<text x="300" y="228">0x5f</text> <text x="272" y="228">=</text>
<text x="24" y="276">Epoch</text> <text x="300" y="228">0x5f</text>
<text x="60" y="276">16</text> <text x="24" y="276">Epoch</text>
<text x="160" y="276">index=2</text> <text x="60" y="276">16</text>
<text x="280" y="276">context</text> <text x="160" y="276">index=2</text>
<text x="320" y="276">=</text> <text x="280" y="276">context</text>
<text x="336" y="276">2</text> <text x="320" y="276">=</text>
<text x="392" y="276">KID</text> <text x="336" y="276">2</text>
<text x="416" y="276">=</text> <text x="392" y="276">KID</text>
<text x="448" y="276">0x820</text> <text x="416" y="276">=</text>
<text x="280" y="308">context</text> <text x="448" y="276">0x820</text>
<text x="320" y="308">=</text> <text x="280" y="308">context</text>
<text x="336" y="308">3</text> <text x="320" y="308">=</text>
<text x="392" y="308">KID</text> <text x="336" y="308">3</text>
<text x="416" y="308">=</text> <text x="392" y="308">KID</text>
<text x="448" y="308">0xc20</text> <text x="416" y="308">=</text>
<text x="24" y="356">Epoch</text> <text x="448" y="308">0xc20</text>
<text x="60" y="356">17</text> <text x="24" y="356">Epoch</text>
<text x="164" y="356">index=33</text> <text x="60" y="356">17</text>
<text x="248" y="356">KID</text> <text x="164" y="356">index=33</text>
<text x="272" y="356">=</text> <text x="248" y="356">KID</text>
<text x="304" y="356">0x211</text> <text x="272" y="356">=</text>
<text x="164" y="388">index=51</text> <text x="304" y="356">0x211</text>
<text x="248" y="388">KID</text> <text x="164" y="388">index=51</text>
<text x="272" y="388">=</text> <text x="248" y="388">KID</text>
<text x="304" y="388">0x331</text> <text x="272" y="388">=</text>
<text x="32" y="436">...</text> <text x="304" y="388">0x331</text>
</g> <text x="32" y="436">...</text>
</svg> </g>
</artwork><artwork type="ascii-art"><![CDATA[ </svg>
</artwork>
<artwork type="ascii-art"><![CDATA[
... ...
| |
| |
Epoch 14 +--+-- index=3 ---> KID = 0x3e Epoch 14 +--+-- index=3 ---> KID = 0x3e
| | | |
| +-- index=7 ---> KID = 0x7e | +-- index=7 ---> KID = 0x7e
| | | |
| +-- index=20 --> KID = 0x14e | +-- index=20 --> KID = 0x14e
| |
| |
skipping to change at line 1465 skipping to change at line 1485
| | | |
| +--> context = 3 --> KID = 0xc20 | +--> context = 3 --> KID = 0xc20
| |
| |
Epoch 17 +--+-- index=33 --> KID = 0x211 Epoch 17 +--+-- index=33 --> KID = 0x211
| | | |
| +-- index=51 --> KID = 0x331 | +-- index=51 --> KID = 0x331
| |
| |
... ...
]]></artwork></artset></figure> ]]></artwork>
</artset>
</section> </figure>
</section> </section>
<section anchor="media-considerations"><name>Media Considerations</name> </section>
<section anchor="media-considerations">
<section anchor="selective-forwarding-units"><name>Selective Forwarding Units</n <name>Media Considerations</name>
ame> <section anchor="selective-forwarding-units">
<name>Selective Forwarding Units</name>
<t>SFUs (e.g., those described in <xref section="3.7" sectionFormat="of" target= <t>SFUs (e.g., those described in <xref section="3.7" sectionFormat="of"
"RFC7667"/>) receive the media streams from each participant and select which target="RFC7667"/>) receive the media streams from each participant and select
which
ones should be forwarded to each of the other participants. There are several ones should be forwarded to each of the other participants. There are several
approaches for stream selection, but in general, the SFU needs to access approaches for stream selection, but in general, the SFU needs to access
metadata associated with each frame and modify the RTP information of the incomi ng metadata associated with each frame and modify the RTP information of the incomi ng
packets when they are transmitted to the received participants.</t> packets when they are transmitted to the received participants.</t>
<t>This section describes how these normal SFU modes of operation intera
<t>This section describes how these normal SFU modes of operation interact with ct with the
the
E2EE provided by SFrame.</t> E2EE provided by SFrame.</t>
<section anchor="rtp-stream-reuse">
<section anchor="rtp-stream-reuse"><name>RTP Stream Reuse</name> <name>RTP Stream Reuse</name>
<t>The SFU may choose to send only a certain number of streams based o
<t>The SFU may choose to send only a certain number of streams based on the voic n the voice
e
activity of the participants. To avoid the overhead involved in establishing new activity of the participants. To avoid the overhead involved in establishing new
transport streams, the SFU may decide to reuse previously existing streams or transport streams, the SFU may decide to reuse previously existing streams or
even pre-allocate a predefined number of streams and choose in each moment in even pre-allocate a predefined number of streams and choose in each moment in
time which participant media will be sent through it.</t> time which participant media will be sent through it.</t>
<t>This means that the same transport-level stream (e.g., an RTP strea
<t>This means that the same transport-level stream (e.g., an RTP stream defined m defined
by either SSRC or Media Identification (MID)) may carry media from different by either SSRC or Media Identification (MID)) may carry media from different
streams of different participants. Because each participant uses a different key streams of different participants. Because each participant uses a different key
to encrypt their media, the receiver will be able to verify the sender of the to encrypt their media, the receiver will be able to verify the sender of the
media within the RTP stream at any given point in time. Thus the receiver will media within the RTP stream at any given point in time. Thus the receiver will
correctly associate the media with the sender indicated by the authenticated correctly associate the media with the sender indicated by the authenticated
SFrame KID value, irrespective of how the SFU transmits the media to the client. </t> SFrame KID value, irrespective of how the SFU transmits the media to the client. </t>
<t>Note that in order to prevent impersonation by a malicious particip
<t>Note that in order to prevent impersonation by a malicious participant (not t ant (not the
he
SFU), a mechanism based on digital signature would be required. SFrame does not SFU), a mechanism based on digital signature would be required. SFrame does not
protect against such attacks.</t> protect against such attacks.</t>
</section>
</section> <section anchor="simulcast">
<section anchor="simulcast"><name>Simulcast</name> <name>Simulcast</name>
<t>When using simulcast, the same input image will produce N different
<t>When using simulcast, the same input image will produce N different encoded encoded
frames (one per simulcast layer), which would be processed independently by the frames (one per simulcast layer), which would be processed independently by the
frame encryptor and assigned an unique CTR value for each.</t> frame encryptor and assigned an unique CTR value for each.</t>
</section>
</section> <section anchor="scalable-video-coding-svc">
<section anchor="scalable-video-coding-svc"><name>Scalable Video Coding (SVC)</n <name>Scalable Video Coding (SVC)</name>
ame> <t>In both temporal and spatial scalability, the SFU may choose to dro
p layers in
<t>In both temporal and spatial scalability, the SFU may choose to drop layers i
n
order to match a certain bitrate or to forward specific media sizes or frames pe r order to match a certain bitrate or to forward specific media sizes or frames pe r
second. In order to support the SFU selectively removing layers, the sender <bcp 14>MUST</bcp14> second. In order to support the SFU selectively removing layers, the sender <bcp 14>MUST</bcp14>
encapsulate each layer in a different SFrame ciphertext.</t> encapsulate each layer in a different SFrame ciphertext.</t>
</section>
</section> </section>
</section> <section anchor="video-key-frames">
<section anchor="video-key-frames"><name>Video Key Frames</name> <name>Video Key Frames</name>
<t>Forward security and post-compromise security require that the E2EE k
<t>Forward security and post-compromise security require that the E2EE keys (bas eys (base keys)
e keys)
are updated any time a participant joins or leaves the call.</t> are updated any time a participant joins or leaves the call.</t>
<t>The key exchange happens asynchronously and on a different path than
<t>The key exchange happens asynchronously and on a different path than the SFU the SFU signaling
signaling
and media. So it may happen that when a new participant joins the call and the and media. So it may happen that when a new participant joins the call and the
SFU side requests a key frame, the sender generates the E2EE frame SFU side requests a key frame, the sender generates the E2EE frame
with a key that is not known by the receiver, so it will be discarded. When the sender with a key that is not known by the receiver, so it will be discarded. When the sender
updates his sending key with the new key, it will send it in a non-key frame, so updates his sending key with the new key, it will send it in a non-key frame, so
the receiver will be able to decrypt it, but not decode it.</t> the receiver will be able to decrypt it, but not decode it.</t>
<t>The new receiver will then re-request a key frame, but due to sender
<t>The new receiver will then re-request a key frame, but due to sender and SFU and SFU
policies, that new key frame could take some time to be generated.</t> policies, that new key frame could take some time to be generated.</t>
<t>If the sender sends a key frame after the new E2EE key is in use, the
<t>If the sender sends a key frame after the new E2EE key is in use, the time time
required for the new participant to display the video is minimized.</t> required for the new participant to display the video is minimized.</t>
<t>Note that this issue does not arise for media streams that do not hav
<t>Note that this issue does not arise for media streams that do not have e
dependencies among frames, e.g., audio streams. In these streams, each frame is dependencies among frames, e.g., audio streams. In these streams, each frame is
independently decodable, so a frame never depends on another frame that might be independently decodable, so a frame never depends on another frame that might be
on the other side of a key rotation.</t> on the other side of a key rotation.</t>
</section>
</section> <section anchor="partial-decoding">
<section anchor="partial-decoding"><name>Partial Decoding</name> <name>Partial Decoding</name>
<t>Some codecs support partial decoding, where individual packets can be
<t>Some codecs support partial decoding, where individual packets can be decoded decoded
without waiting for the full frame to arrive. When SFrame is applied per frame, without waiting for the full frame to arrive. When SFrame is applied per frame,
partial decoding is not possible because the decoder cannot access data until an entire partial decoding is not possible because the decoder cannot access data until an entire
frame has arrived and has been decrypted.</t> frame has arrived and has been decrypted.</t>
</section>
</section> </section>
</section> <section anchor="security-considerations">
<section anchor="security-considerations"><name>Security Considerations</name> <name>Security Considerations</name>
<section anchor="no-header-confidentiality">
<section anchor="no-header-confidentiality"><name>No Header Confidentiality</nam <name>No Header Confidentiality</name>
e> <t>SFrame provides integrity protection to the SFrame header (the KID an
d
<t>SFrame provides integrity protection to the SFrame header (the KID and
CTR values), but it does not provide confidentiality protection. Parties that CTR values), but it does not provide confidentiality protection. Parties that
can observe the SFrame header may learn, for example, which parties are sending can observe the SFrame header may learn, for example, which parties are sending
SFrame payloads (from KID values) and at what rates (from CTR values). In cases SFrame payloads (from KID values) and at what rates (from CTR values). In cases
where SFrame is used for end-to-end security on top of hop-by-hop protections where SFrame is used for end-to-end security on top of hop-by-hop protections
(e.g., running over SRTP as described in <xref target="sframe-over-rtp"/>), the hop-by-hop security (e.g., running over SRTP as described in <xref target="sframe-over-rtp"/>), the hop-by-hop security
mechanisms provide confidentiality protection of the SFrame header between hops. </t> mechanisms provide confidentiality protection of the SFrame header between hops. </t>
</section>
</section> <section anchor="no-per-sender-authentication">
<section anchor="no-per-sender-authentication"><name>No Per-Sender Authenticatio <name>No Per-Sender Authentication</name>
n</name> <t>SFrame does not provide per-sender authentication of media data. Any
sender in
<t>SFrame does not provide per-sender authentication of media data. Any sender
in
a session can send media that will be associated with any other sender. This is a session can send media that will be associated with any other sender. This is
because SFrame uses symmetric encryption to protect media data, so that any because SFrame uses symmetric encryption to protect media data, so that any
receiver also has the keys required to encrypt packets for the sender.</t> receiver also has the keys required to encrypt packets for the sender.</t>
</section>
</section> <section anchor="key-management-1">
<section anchor="key-management-1"><name>Key Management</name> <name>Key Management</name>
<t>The specifics of key management are beyond the scope of this document
<t>The specifics of key management are beyond the scope of this document. Howeve . However, every client
r, every client
<bcp14>SHOULD</bcp14> change their keys when new clients join or leave the call for forward <bcp14>SHOULD</bcp14> change their keys when new clients join or leave the call for forward
secrecy and post-compromise security.</t> secrecy and post-compromise security.</t>
</section>
</section> <section anchor="replay">
<section anchor="replay"><name>Replay</name> <name>Replay</name>
<t>The handling of replay is out of the scope of this document. However,
<t>The handling of replay is out of the scope of this document. However, senders senders
<bcp14>MUST</bcp14> reject requests to encrypt multiple times with the same key and nonce <bcp14>MUST</bcp14> reject requests to encrypt multiple times with the same key and nonce
since several AEAD algorithms fail badly in such cases (see, e.g., <xref section ="5.1.1" sectionFormat="of" target="RFC5116"/>).</t> since several AEAD algorithms fail badly in such cases (see, e.g., <xref section ="5.1.1" sectionFormat="of" target="RFC5116"/>).</t>
</section>
</section> <section anchor="risks-due-to-short-tags">
<section anchor="risks-due-to-short-tags"><name>Risks Due to Short Tags</name> <name>Risks Due to Short Tags</name>
<t>The SFrame cipher suites based on AES-CTR allow for the use of short
<t>The SFrame cipher suites based on AES-CTR allow for the use of short
authentication tags, which bring a higher risk that an attacker will be authentication tags, which bring a higher risk that an attacker will be
able to cause an SFrame receiver to accept an SFrame ciphertext of the able to cause an SFrame receiver to accept an SFrame ciphertext of the
attacker's choosing.</t> attacker's choosing.</t>
<t>Assuming that the authentication properties of the cipher suite are r
<t>Assuming that the authentication properties of the cipher suite are robust, t obust, the
he
only attack that an attacker can mount is an attempt to find an acceptable only attack that an attacker can mount is an attempt to find an acceptable
(ciphertext, tag) combination through brute force. Such a brute-force attack (ciphertext, tag) combination through brute force. Such a brute-force attack
will have an expected success rate of the following form:</t> will have an expected success rate of the following form:</t>
<t><tt>
<t><spanx style="verb">
attacker_success_rate = attempts_per_second / 2^(8*Nt) attacker_success_rate = attempts_per_second / 2^(8*Nt)
</spanx></t> </tt></t>
<t>For example, a gigabit Ethernet connection is able to transmit roughl
<t>For example, a gigabit Ethernet connection is able to transmit roughly 2<sup> y 2<sup>20</sup>
20</sup>
packets per second. If an attacker saturated such a link with guesses against a packets per second. If an attacker saturated such a link with guesses against a
32-bit authentication tag (<spanx style="verb">Nt=4</spanx>), then the attacker would succeed on average 32-bit authentication tag (<tt>Nt=4</tt>), then the attacker would succeed on av erage
roughly once every 2<sup>12</sup> seconds, or about once an hour.</t> roughly once every 2<sup>12</sup> seconds, or about once an hour.</t>
<t>In a typical SFrame usage in a real-time media application, there are
<t>In a typical SFrame usage in a real-time media application, there are a few a few
approaches to mitigating this risk:</t> approaches to mitigating this risk:</t>
<ul spacing="normal">
<t><list style="symbols"> <li>
<t>Receivers only accept SFrame ciphertexts over HBH-secure channels (e.g., SR <t>Receivers only accept SFrame ciphertexts over HBH-secure channels
TP (e.g., SRTP
security associations or QUIC connections). If this is the case, only an security associations or QUIC connections). If this is the case, only an
entity that is part of such a channel can mount the above attack.</t> entity that is part of such a channel can mount the above attack.</t>
<t>The expected packet rate for a media stream is very predictable (and typica </li>
lly <li>
<t>The expected packet rate for a media stream is very predictable (
and typically
far lower than the above example). On the one hand, attacks at this rate will far lower than the above example). On the one hand, attacks at this rate will
succeed even less often than the high-rate attack described above. On the succeed even less often than the high-rate attack described above. On the
other hand, the application may use an elevated packet arrival rate as a other hand, the application may use an elevated packet arrival rate as a
signal of a brute-force attack. This latter approach is common in other signal of a brute-force attack. This latter approach is common in other
settings, e.g., mitigating brute-force attacks on passwords.</t> settings, e.g., mitigating brute-force attacks on passwords.</t>
<t>Media applications typically do not provide feedback to media senders as to </li>
<li>
<t>Media applications typically do not provide feedback to media sen
ders as to
which media packets failed to decrypt. When media-quality feedback which media packets failed to decrypt. When media-quality feedback
mechanisms are used, decryption failures will typically appear as packet mechanisms are used, decryption failures will typically appear as packet
losses, but only at an aggregate level.</t> losses, but only at an aggregate level.</t>
<t>Anti-replay mechanisms (see <xref target="replay"/>) prevent the attacker f </li>
rom reusing <li>
<t>Anti-replay mechanisms (see <xref target="replay"/>) prevent the
attacker from reusing
valid ciphertexts (either observed or guessed by the attacker). A receiver valid ciphertexts (either observed or guessed by the attacker). A receiver
applying anti-replay controls will only accept one valid plaintext per CTR applying anti-replay controls will only accept one valid plaintext per CTR
value. Since the CTR value is covered by SFrame authentication, an attacker value. Since the CTR value is covered by SFrame authentication, an attacker
has to do a fresh search for a valid tag for every forged ciphertext, even if has to do a fresh search for a valid tag for every forged ciphertext, even if
the encrypted content is unchanged. In other words, when the above brute-force the encrypted content is unchanged. In other words, when the above brute-force
attack succeeds, it only allows the attacker to send a single SFrame attack succeeds, it only allows the attacker to send a single SFrame
ciphertext; the ciphertext cannot be reused because either it will have the ciphertext; the ciphertext cannot be reused because either it will have the
same CTR value and be discarded as a replay, or else it will have a different same CTR value and be discarded as a replay, or else it will have a different
CTR value and its tag will no longer be valid.</t> CTR value and its tag will no longer be valid.</t>
</list></t> </li>
</ul>
<t>Nonetheless, without these mitigations, an application that makes use of shor <t>Nonetheless, without these mitigations, an application that makes use
t of short
tags will be at heightened risk of forgery attacks. In many cases, it is tags will be at heightened risk of forgery attacks. In many cases, it is
simpler to use full-size tags and tolerate slightly higher bandwidth usage simpler to use full-size tags and tolerate slightly higher bandwidth usage
rather than to add the additional defenses necessary to safely use short tags.</ t> rather than to add the additional defenses necessary to safely use short tags.</ t>
</section>
</section> </section>
</section> <section anchor="iana-considerations">
<section anchor="iana-considerations"><name>IANA Considerations</name> <name>IANA Considerations</name>
<t>IANA has created a new registry called "SFrame Cipher Suites" (<xref ta
<t>IANA has created a new registry called "SFrame Cipher Suites" (<xref target=" rget="sframe-cipher-suites"/>)
sframe-cipher-suites"/>)
under the "SFrame" group registry heading.</t> under the "SFrame" group registry heading.</t>
<section anchor="sframe-cipher-suites">
<section anchor="sframe-cipher-suites"><name>SFrame Cipher Suites</name> <name>SFrame Cipher Suites</name>
<t>The "SFrame Cipher Suites" registry lists identifiers for SFrame ciph
<t>The "SFrame Cipher Suites" registry lists identifiers for SFrame cipher suite er suites as defined in
s as defined in
<xref target="cipher-suites"/>. The cipher suite field is two bytes wide, so th e valid cipher <xref target="cipher-suites"/>. The cipher suite field is two bytes wide, so th e valid cipher
suites are in the range 0x0000 to 0xFFFF. Except as noted below, assignments ar e made suites are in the range 0x0000 to 0xFFFF. Except as noted below, assignments ar e made
via the Specification Required policy <xref target="RFC8126"/>.</t> via the Specification Required policy <xref target="RFC8126"/>.</t>
<t>The registration template is as follows:</t>
<t>The registration template is as follows:</t> <ul spacing="normal">
<li>
<t><list style="symbols"> <t>Value: The numeric value of the cipher suite</t>
<t>Value: The numeric value of the cipher suite</t> </li>
<t>Name: The name of the cipher suite</t> <li>
<t>Recommended: Whether support for this cipher suite is recommended by the IE <t>Name: The name of the cipher suite</t>
TF. </li>
Valid values are "Y", "N", and "D" as described in <xref section="17.1" sectionF <li>
ormat="of" target="MLS-PROTO"/>. The default value of the "Recommended" column i <t>Recommended: Whether support for this cipher suite is recommended
s "N". Setting the by the IETF.
Valid values are "Y", "N", and "D" as described in <xref section="17.1" sectionF
ormat="of" target="RFC9420"/>. The default value of the "Recommended" column is
"N". Setting the
Recommended item to "Y" or "D", or changing an item whose current value is "Y" Recommended item to "Y" or "D", or changing an item whose current value is "Y"
or "D", requires Standards Action <xref target="RFC8126"/>.</t> or "D", requires Standards Action <xref target="RFC8126"/>.</t>
<t>Reference: The document where this cipher suite is defined</t> </li>
<t>Change Controller: Who is authorized to update the row in the registry</t> <li>
</list></t> <t>Reference: The document where this cipher suite is defined</t>
</li>
<t>Initial contents:</t> <li>
<t>Change Controller: Who is authorized to update the row in the reg
<texttable title="SFrame Cipher Suites" anchor="iana-cipher-suites"> istry</t>
<ttcol align='left'>Value</ttcol> </li>
<ttcol align='left'>Name</ttcol> </ul>
<ttcol align='left'>R</ttcol> <t>Initial contents:</t>
<ttcol align='left'>Reference</ttcol> <table anchor="iana-cipher-suites">
<ttcol align='left'>Change Controller</ttcol> <name>SFrame Cipher Suites</name>
<c>0x0000</c> <thead>
<c>Reserved</c> <tr>
<c>-</c> <th align="left">Value</th>
<c>RFC 9605</c> <th align="left">Name</th>
<c>IETF</c> <th align="left">R</th>
<c>0x0001</c> <th align="left">Reference</th>
<c><spanx style="verb">AES_128_CTR_HMAC_SHA256_80</spanx></c> <th align="left">Change Controller</th>
<c>Y</c> </tr>
<c>RFC 9605</c> </thead>
<c>IETF</c> <tbody>
<c>0x0002</c> <tr>
<c><spanx style="verb">AES_128_CTR_HMAC_SHA256_64</spanx></c> <td align="left">0x0000</td>
<c>Y</c> <td align="left">Reserved</td>
<c>RFC 9605</c> <td align="left">-</td>
<c>IETF</c> <td align="left">RFC 9605</td>
<c>0x0003</c> <td align="left">IETF</td>
<c><spanx style="verb">AES_128_CTR_HMAC_SHA256_32</spanx></c> </tr>
<c>Y</c> <tr>
<c>RFC 9605</c> <td align="left">0x0001</td>
<c>IETF</c> <td align="left">
<c>0x0004</c> <tt>AES_128_CTR_HMAC_SHA256_80</tt></td>
<c><spanx style="verb">AES_128_GCM_SHA256_128</spanx></c> <td align="left">Y</td>
<c>Y</c> <td align="left">RFC 9605</td>
<c>RFC 9605</c> <td align="left">IETF</td>
<c>IETF</c> </tr>
<c>0x0005</c> <tr>
<c><spanx style="verb">AES_256_GCM_SHA512_128</spanx></c> <td align="left">0x0002</td>
<c>Y</c> <td align="left">
<c>RFC 9605</c> <tt>AES_128_CTR_HMAC_SHA256_64</tt></td>
<c>IETF</c> <td align="left">Y</td>
<c>0xF000 - 0xFFFF</c> <td align="left">RFC 9605</td>
<c>Reserved for Private Use</c> <td align="left">IETF</td>
<c>-</c> </tr>
<c>RFC 9605</c> <tr>
<c>IETF</c> <td align="left">0x0003</td>
</texttable> <td align="left">
<tt>AES_128_CTR_HMAC_SHA256_32</tt></td>
</section> <td align="left">Y</td>
</section> <td align="left">RFC 9605</td>
<section anchor="application-responsibilities"><name>Application Responsibilitie <td align="left">IETF</td>
s</name> </tr>
<tr>
<t>To use SFrame, an application needs to define the inputs to the SFrame <td align="left">0x0004</td>
<td align="left">
<tt>AES_128_GCM_SHA256_128</tt></td>
<td align="left">Y</td>
<td align="left">RFC 9605</td>
<td align="left">IETF</td>
</tr>
<tr>
<td align="left">0x0005</td>
<td align="left">
<tt>AES_256_GCM_SHA512_128</tt></td>
<td align="left">Y</td>
<td align="left">RFC 9605</td>
<td align="left">IETF</td>
</tr>
<tr>
<td align="left">0xF000 - 0xFFFF</td>
<td align="left">Reserved for Private Use</td>
<td align="left">-</td>
<td align="left">RFC 9605</td>
<td align="left">IETF</td>
</tr>
</tbody>
</table>
</section>
</section>
<section anchor="application-responsibilities">
<name>Application Responsibilities</name>
<t>To use SFrame, an application needs to define the inputs to the SFrame
encryption and decryption operations, and how SFrame ciphertexts are delivered encryption and decryption operations, and how SFrame ciphertexts are delivered
from sender to receiver (including any fragmentation and reassembly). In this from sender to receiver (including any fragmentation and reassembly). In this
section, we lay out additional requirements that an application must meet in section, we lay out additional requirements that an application must meet in
order for SFrame to operate securely.</t> order for SFrame to operate securely.</t>
<t>In general, an application using SFrame is responsible for configuring
<t>In general, an application using SFrame is responsible for configuring SFrame SFrame.
.
The application must first define when SFrame is applied at all. When SFrame is The application must first define when SFrame is applied at all. When SFrame is
applied, the application must define which cipher suite is to be used. If new applied, the application must define which cipher suite is to be used. If new
versions of SFrame are defined in the future, it will be the application's respo nsibility versions of SFrame are defined in the future, it will be the application's respo nsibility
to determine which version should be used.</t> to determine which version should be used.</t>
<t>This division of responsibilities is similar to the way other media par
<t>This division of responsibilities is similar to the way other media parameter ameters
s
(e.g., codecs) are typically handled in media applications, in the sense that (e.g., codecs) are typically handled in media applications, in the sense that
they are set up in some signaling protocol and not described in the media. they are set up in some signaling protocol and not described in the media.
Applications might find it useful to extend the protocols used for negotiating Applications might find it useful to extend the protocols used for negotiating
other media parameters (e.g., Session Description Protocol (SDP) <xref target="R FC8866"/>) to also negotiate parameters for other media parameters (e.g., Session Description Protocol (SDP) <xref target="R FC8866"/>) to also negotiate parameters for
SFrame.</t> SFrame.</t>
<section anchor="header-value-uniqueness">
<section anchor="header-value-uniqueness"><name>Header Value Uniqueness</name> <name>Header Value Uniqueness</name>
<t>Applications <bcp14>MUST</bcp14> ensure that each (<tt>base_key</tt>,
<t>Applications <bcp14>MUST</bcp14> ensure that each (<spanx style="verb">base_k KID, CTR) combination is used
ey</spanx>, KID, CTR) combination is used
for at most one SFrame encryption operation. This ensures that the (key, nonce) for at most one SFrame encryption operation. This ensures that the (key, nonce)
pairs used by the underlying AEAD algorithm are never reused. Typically this is pairs used by the underlying AEAD algorithm are never reused. Typically this is
done by assigning each sender a KID or set of KIDs, then having each sender use done by assigning each sender a KID or set of KIDs, then having each sender use
the CTR field as a monotonic counter, incrementing for each plaintext that is the CTR field as a monotonic counter, incrementing for each plaintext that is
encrypted. In addition to its simplicity, this scheme minimizes overhead by encrypted. In addition to its simplicity, this scheme minimizes overhead by
keeping CTR values as small as possible.</t> keeping CTR values as small as possible.</t>
<t>In applications where an SFrame context might be written to persisten
<t>In applications where an SFrame context might be written to persistent storag t storage,
e,
this context needs to include the last-used CTR value. When the context is used this context needs to include the last-used CTR value. When the context is used
later, the application should use the stored CTR value to determine the next CTR later, the application should use the stored CTR value to determine the next CTR
value to be used in an encryption operation, and then write the next CTR value value to be used in an encryption operation, and then write the next CTR value
back to storage before using the CTR value for encryption. Storing the CTR back to storage before using the CTR value for encryption. Storing the CTR
value before usage (vs. after) helps ensure that a storage failure will not value before usage (vs. after) helps ensure that a storage failure will not
cause reuse of the same (<spanx style="verb">base_key</spanx>, KID, CTR) combina cause reuse of the same (<tt>base_key</tt>, KID, CTR) combination.</t>
tion.</t> </section>
<section anchor="key-management-framework">
</section> <name>Key Management Framework</name>
<section anchor="key-management-framework"><name>Key Management Framework</name> <t>The application is responsible for provisioning SFrame with a mapping
of KID values to
<t>The application is responsible for provisioning SFrame with a mapping of KID <tt>base_key</tt> values and the resulting keys and salts. More importantly, th
values to e
<spanx style="verb">base_key</spanx> values and the resulting keys and salts. M
ore importantly, the
application specifies which KID values are used for which purposes (e.g., by application specifies which KID values are used for which purposes (e.g., by
which senders). An application's KID assignment strategy <bcp14>MUST</bcp14> be structured to which senders). An application's KID assignment strategy <bcp14>MUST</bcp14> be structured to
assure the non-reuse properties discussed in <xref target="header-value-uniquene ss"/>.</t> assure the non-reuse properties discussed in <xref target="header-value-uniquene ss"/>.</t>
<t>The application is also responsible for defining a rotation schedule
<t>The application is also responsible for defining a rotation schedule for keys for keys. For
. For
example, one application might have an ephemeral group for every call and keep example, one application might have an ephemeral group for every call and keep
rotating keys when endpoints join or leave the call, while another application rotating keys when endpoints join or leave the call, while another application
could have a persistent group that can be used for multiple calls and simply could have a persistent group that can be used for multiple calls and simply
derives ephemeral symmetric keys for a specific call.</t> derives ephemeral symmetric keys for a specific call.</t>
<t>It should be noted that KID values are not encrypted by SFrame and ar
<t>It should be noted that KID values are not encrypted by SFrame and are thus e thus
visible to any application-layer intermediaries that might handle an SFrame visible to any application-layer intermediaries that might handle an SFrame
ciphertext. If there are application semantics included in KID values, then ciphertext. If there are application semantics included in KID values, then
this information would be exposed to intermediaries. For example, in the scheme this information would be exposed to intermediaries. For example, in the scheme
of <xref target="sender-keys"/>, the number of ratchet steps per sender is expos ed, and in of <xref target="sender-keys"/>, the number of ratchet steps per sender is expos ed, and in
the scheme of <xref target="mls"/>, the number of epochs and the MLS sender ID o f the SFrame the scheme of <xref target="mls"/>, the number of epochs and the MLS sender ID o f the SFrame
sender are exposed.</t> sender are exposed.</t>
</section>
</section> <section anchor="anti-replay">
<section anchor="anti-replay"><name>Anti-Replay</name> <name>Anti-Replay</name>
<t>It is the responsibility of the application to handle anti-replay. Re
<t>It is the responsibility of the application to handle anti-replay. Replay by play by network
network
attackers is assumed to be prevented by network-layer facilities (e.g., TLS, SRT P). attackers is assumed to be prevented by network-layer facilities (e.g., TLS, SRT P).
As mentioned in <xref target="replay"/>, senders <bcp14>MUST</bcp14> reject requ ests to encrypt multiple times As mentioned in <xref target="replay"/>, senders <bcp14>MUST</bcp14> reject requ ests to encrypt multiple times
with the same key and nonce.</t> with the same key and nonce.</t>
<t>It is not mandatory to implement anti-replay on the receiver side. Re
<t>It is not mandatory to implement anti-replay on the receiver side. Receivers ceivers <bcp14>MAY</bcp14>
<bcp14>MAY</bcp14>
apply time- or counter-based anti-replay mitigations. For example, <xref sectio n="3.3.2" sectionFormat="of" target="RFC3711"/> specifies a counter-based anti-r eplay mitigation, which apply time- or counter-based anti-replay mitigations. For example, <xref sectio n="3.3.2" sectionFormat="of" target="RFC3711"/> specifies a counter-based anti-r eplay mitigation, which
could be adapted to use with SFrame, using the CTR field as the counter.</t> could be adapted to use with SFrame, using the CTR field as the counter.</t>
</section>
</section> <section anchor="metadata">
<section anchor="metadata"><name>Metadata</name> <name>Metadata</name>
<t>The <tt>metadata</tt> input to SFrame operations is an opaque byte st
<t>The <spanx style="verb">metadata</spanx> input to SFrame operations is an opa ring specified by the application. As
que byte string specified by the application. As
such, the application needs to define what information should go in the such, the application needs to define what information should go in the
<spanx style="verb">metadata</spanx> input and ensure that it is provided to the encryption and decryption <tt>metadata</tt> input and ensure that it is provided to the encryption and dec ryption
functions at the appropriate points. A receiver <bcp14>MUST NOT</bcp14> use SFr ame-authenticated functions at the appropriate points. A receiver <bcp14>MUST NOT</bcp14> use SFr ame-authenticated
metadata until after the SFrame decrypt function has authenticated it, unless metadata until after the SFrame decrypt function has authenticated it, unless
the purpose of such usage is to prepare an SFrame ciphertext for SFrame the purpose of such usage is to prepare an SFrame ciphertext for SFrame
decryption. Essentially, metadata may be used "upstream of SFrame" in a decryption. Essentially, metadata may be used "upstream of SFrame" in a
processing pipeline, but only to prepare for SFrame decryption.</t> processing pipeline, but only to prepare for SFrame decryption.</t>
<t>For example, consider an application where SFrame is used to encrypt
<t>For example, consider an application where SFrame is used to encrypt audio audio
frames that are sent over SRTP, with some application data included in the RTP frames that are sent over SRTP, with some application data included in the RTP
header extension. Suppose the application also includes this application data in header extension. Suppose the application also includes this application data in
the SFrame metadata, so that the SFU is allowed to read, but not modify, the the SFrame metadata, so that the SFU is allowed to read, but not modify, the
application data. A receiver can use the application data in the RTP header application data. A receiver can use the application data in the RTP header
extension as part of the standard SRTP decryption process since this is extension as part of the standard SRTP decryption process since this is
required to recover the SFrame ciphertext carried in the SRTP payload. However, required to recover the SFrame ciphertext carried in the SRTP payload. However,
the receiver <bcp14>MUST NOT</bcp14> use the application data for other purposes before SFrame the receiver <bcp14>MUST NOT</bcp14> use the application data for other purposes before SFrame
decryption has authenticated the application data.</t> decryption has authenticated the application data.</t>
</section>
</section> </section>
</section>
</middle> </middle>
<back> <back>
<displayreference target="RFC9420" to="MLS-PROTO"/>
<references title='Normative References' anchor="sec-normative-references"> <displayreference target="I-D.ietf-webtrans-overview" to="WEBTRANSPORT"/>
<displayreference target="I-D.ietf-moq-transport" to="MOQ-TRANSPORT"/>
<reference anchor="RFC2119"> <displayreference target="I-D.ietf-mls-architecture" to="MLS-ARCH"/>
<front> <displayreference target="I-D.gouaillard-avtcore-codec-agn-rtp-payload" to="
<title>Key words for use in RFCs to Indicate Requirement Levels</title> RTP-PAYLOAD"/>
<author fullname="S. Bradner" initials="S." surname="Bradner"/> <references>
<date month="March" year="1997"/> <name>References</name>
<abstract> <references anchor="sec-normative-references">
<t>In many standards track documents several words are used to signify the <name>Normative References</name>
requirements in the specification. These words are often capitalized. This docu <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2
ment defines these words as they should be interpreted in IETF documents. This d 119.xml"/>
ocument specifies an Internet Best Current Practices for the Internet Community, <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8
and requests discussion and suggestions for improvements.</t> 174.xml"/>
</abstract> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5
</front> 116.xml"/>
<seriesInfo name="BCP" value="14"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5
<seriesInfo name="RFC" value="2119"/> 869.xml"/>
<seriesInfo name="DOI" value="10.17487/RFC2119"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9
</reference> 420.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8
<reference anchor="RFC8174"> 126.xml"/>
<front> </references>
<title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title> <references anchor="sec-informative-references">
<author fullname="B. Leiba" initials="B." surname="Leiba"/> <name>Informative References</name>
<date month="May" year="2017"/> <reference anchor="TestVectors" target="https://github.com/sframe-wg/sfr
<abstract> ame/blob/025d568/test-vectors/test-vectors.json">
<t>RFC 2119 specifies common key words that may be used in protocol specif <front>
ications. This document aims to reduce the ambiguity by clarifying that only UPP <title>SFrame Test Vectors</title>
ERCASE usage of the key words have the defined special meanings.</t> <author>
</abstract> <organization/>
</front> </author>
<seriesInfo name="BCP" value="14"/> <date year="2023" month="September"/>
<seriesInfo name="RFC" value="8174"/> </front>
<seriesInfo name="DOI" value="10.17487/RFC8174"/> <refcontent>commit 025d568</refcontent>
</reference> </reference>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3
<reference anchor="RFC5116"> 711.xml"/>
<front> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8
<title>An Interface and Algorithms for Authenticated Encryption</title> 723.xml"/>
<author fullname="D. McGrew" initials="D." surname="McGrew"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7
<date month="January" year="2008"/> 656.xml"/>
<abstract> <xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.
<t>This document defines algorithms for Authenticated Encryption with Asso ietf-webtrans-overview.xml"/>
ciated Data (AEAD), and defines a uniform interface and a registry for such algo <reference anchor="I-D.ietf-moq-transport" target="https://datatracker.i
rithms. The interface and registry can be used as an application-independent set etf.org/doc/html/draft-ietf-moq-transport-05">
of cryptoalgorithm suites. This approach provides advantages in efficiency and <front>
security, and promotes the reuse of crypto implementations. [STANDARDS-TRACK]</t <title>Media over QUIC Transport</title>
> <author fullname="Luke Curley" initials="L." surname="Curley">
</abstract> <organization>Discord</organization>
</front> </author>
<seriesInfo name="RFC" value="5116"/> <author fullname="Kirill Pugin" initials="K." surname="Pugin">
<seriesInfo name="DOI" value="10.17487/RFC5116"/> <organization>Meta</organization>
</reference> </author>
<author fullname="Suhas Nandakumar" initials="S." surname="Nandakuma
<reference anchor="RFC5869"> r">
<front> <organization>Cisco</organization>
<title>HMAC-based Extract-and-Expand Key Derivation Function (HKDF)</title> </author>
<author fullname="H. Krawczyk" initials="H." surname="Krawczyk"/> <author fullname="Victor Vasiliev" initials="V." surname="Vasiliev">
<author fullname="P. Eronen" initials="P." surname="Eronen"/> <organization>Google</organization>
<date month="May" year="2010"/> </author>
<abstract> <author fullname="Ian Swett" initials="I." surname="Swett" role="edi
<t>This document specifies a simple Hashed Message Authentication Code (HM tor">
AC)-based key derivation function (HKDF), which can be used as a building block <organization>Google</organization>
in various protocols and applications. The key derivation function (KDF) is inte </author>
nded to support a wide range of applications and requirements, and is conservati <date day="8" month="July" year="2024"/>
ve in its use of cryptographic hash functions. This document is not an Internet </front>
Standards Track specification; it is published for informational purposes.</t> <seriesInfo name="Internet-Draft" value="draft-ietf-moq-transport-05"/
</abstract> >
</front> </reference>
<seriesInfo name="RFC" value="5869"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.
<seriesInfo name="DOI" value="10.17487/RFC5869"/> ietf-mls-architecture.xml"/>
</reference> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7
667.xml"/>
<reference anchor="MLS-PROTO"> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8
<front> 866.xml"/>
<title>The Messaging Layer Security (MLS) Protocol</title> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6
<author fullname="R. Barnes" initials="R." surname="Barnes"/> 716.xml"/>
<author fullname="B. Beurdouche" initials="B." surname="Beurdouche"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.
<author fullname="R. Robert" initials="R." surname="Robert"/> gouaillard-avtcore-codec-agn-rtp-payload.xml"/>
<author fullname="J. Millican" initials="J." surname="Millican"/> </references>
<author fullname="E. Omara" initials="E." surname="Omara"/>
<author fullname="K. Cohn-Gordon" initials="K." surname="Cohn-Gordon"/>
<date month="July" year="2023"/>
<abstract>
<t>Messaging applications are increasingly making use of end-to-end securi
ty mechanisms to ensure that messages are only accessible to the communicating e
ndpoints, and not to any servers involved in delivering messages. Establishing k
eys to provide such protections is challenging for group chat settings, in which
more than two clients need to agree on a key but may not be online at the same
time. In this document, we specify a key establishment protocol that provides ef
ficient asynchronous group key establishment with forward secrecy (FS) and post-
compromise security (PCS) for groups in size ranging from two to thousands.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="9420"/>
<seriesInfo name="DOI" value="10.17487/RFC9420"/>
</reference>
<reference anchor="RFC8126">
<front>
<title>Guidelines for Writing an IANA Considerations Section in RFCs</title>
<author fullname="M. Cotton" initials="M." surname="Cotton"/>
<author fullname="B. Leiba" initials="B." surname="Leiba"/>
<author fullname="T. Narten" initials="T." surname="Narten"/>
<date month="June" year="2017"/>
<abstract>
<t>Many protocols make use of points of extensibility that use constants t
o identify various protocol parameters. To ensure that the values in these field
s do not have conflicting uses and to promote interoperability, their allocation
s are often coordinated by a central record keeper. For IETF protocols, that rol
e is filled by the Internet Assigned Numbers Authority (IANA).</t>
<t>To make assignments in a given registry prudently, guidance describing
the conditions under which new values should be assigned, as well as when and ho
w modifications to existing values can be made, is needed. This document defines
a framework for the documentation of these guidelines by specification authors,
in order to assure that the provided guidance for the IANA Considerations is cl
ear and addresses the various issues that are likely in the operation of a regis
try.</t>
<t>This is the third edition of this document; it obsoletes RFC 5226.</t>
</abstract>
</front>
<seriesInfo name="BCP" value="26"/>
<seriesInfo name="RFC" value="8126"/>
<seriesInfo name="DOI" value="10.17487/RFC8126"/>
</reference>
</references>
<references title='Informative References' anchor="sec-informative-reference
s">
<reference anchor="TestVectors" target="https://github.com/sframe-wg/sframe/blob
/025d568/test-vectors/test-vectors.json">
<front>
<title>SFrame Test Vectors</title>
<author >
<organization></organization>
</author>
<date year="2023" month="September"/>
</front>
<refcontent>commit 025d568</refcontent></reference>
<reference anchor="RFC3711">
<front>
<title>The Secure Real-time Transport Protocol (SRTP)</title>
<author fullname="M. Baugher" initials="M." surname="Baugher"/>
<author fullname="D. McGrew" initials="D." surname="McGrew"/>
<author fullname="M. Naslund" initials="M." surname="Naslund"/>
<author fullname="E. Carrara" initials="E." surname="Carrara"/>
<author fullname="K. Norrman" initials="K." surname="Norrman"/>
<date month="March" year="2004"/>
<abstract>
<t>This document describes the Secure Real-time Transport Protocol (SRTP),
a profile of the Real-time Transport Protocol (RTP), which can provide confiden
tiality, message authentication, and replay protection to the RTP traffic and to
the control traffic for RTP, the Real-time Transport Control Protocol (RTCP). [
STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="3711"/>
<seriesInfo name="DOI" value="10.17487/RFC3711"/>
</reference>
<reference anchor="RFC8723">
<front>
<title>Double Encryption Procedures for the Secure Real-Time Transport Proto
col (SRTP)</title>
<author fullname="C. Jennings" initials="C." surname="Jennings"/>
<author fullname="P. Jones" initials="P." surname="Jones"/>
<author fullname="R. Barnes" initials="R." surname="Barnes"/>
<author fullname="A.B. Roach" initials="A.B." surname="Roach"/>
<date month="April" year="2020"/>
<abstract>
<t>In some conferencing scenarios, it is desirable for an intermediary to
be able to manipulate some parameters in Real-time Transport Protocol (RTP) pack
ets, while still providing strong end-to-end security guarantees. This document
defines a cryptographic transform for the Secure Real-time Transport Protocol (S
RTP) that uses two separate but related cryptographic operations to provide hop-
by-hop and end-to-end security guarantees. Both the end-to-end and hop-by-hop cr
yptographic algorithms can utilize an authenticated encryption with associated d
ata (AEAD) algorithm or take advantage of future SRTP transforms with different
properties.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="8723"/>
<seriesInfo name="DOI" value="10.17487/RFC8723"/>
</reference>
<reference anchor="RFC7656">
<front>
<title>A Taxonomy of Semantics and Mechanisms for Real-Time Transport Protoc
ol (RTP) Sources</title>
<author fullname="J. Lennox" initials="J." surname="Lennox"/>
<author fullname="K. Gross" initials="K." surname="Gross"/>
<author fullname="S. Nandakumar" initials="S." surname="Nandakumar"/>
<author fullname="G. Salgueiro" initials="G." surname="Salgueiro"/>
<author fullname="B. Burman" initials="B." role="editor" surname="Burman"/>
<date month="November" year="2015"/>
<abstract>
<t>The terminology about, and associations among, Real-time Transport Prot
ocol (RTP) sources can be complex and somewhat opaque. This document describes a
number of existing and proposed properties and relationships among RTP sources
and defines common terminology for discussing protocol entities and their relati
onships.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="7656"/>
<seriesInfo name="DOI" value="10.17487/RFC7656"/>
</reference>
<reference anchor="I-D.ietf-webtrans-overview">
<front>
<title>The WebTransport Protocol Framework</title>
<author fullname="Victor Vasiliev" initials="V." surname="Vasiliev">
<organization>Google</organization>
</author>
<date day="4" month="March" year="2024"/>
<abstract>
<t> The WebTransport Protocol Framework enables clients constrained by
the Web security model to communicate with a remote server using a
secure multiplexed transport. It consists of a set of individual
protocols that are safe to expose to untrusted applications, combined
with an abstract model that allows them to be used interchangeably.
This document defines the overall requirements on the protocols used
in WebTransport, as well as the common features of the protocols,
support for some of which may be optional.
</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-ietf-webtrans-overview-07"/>
</reference>
<reference anchor="I-D.ietf-moq-transport">
<front>
<title>Media over QUIC Transport</title>
<author fullname="Luke Curley" initials="L." surname="Curley">
<organization>Discord</organization>
</author>
<author fullname="Kirill Pugin" initials="K." surname="Pugin">
<organization>Meta</organization>
</author>
<author fullname="Suhas Nandakumar" initials="S." surname="Nandakumar">
<organization>Cisco</organization>
</author>
<author fullname="Victor Vasiliev" initials="V." surname="Vasiliev">
<organization>Google</organization>
</author>
<author fullname="Ian Swett" initials="I." surname="Swett">
<organization>Google</organization>
</author>
<date day="8" month="July" year="2024"/>
<abstract>
<t> This document defines the core behavior for Media over QUIC Transp
ort
(MOQT), a media transport protocol designed to operate over QUIC and
WebTransport, which have similar functionality. MOQT allows a
producer of media to publish data and have it consumed via
subscription by a multiplicity of endpoints. It supports
intermediate content distribution networks and is designed for high
scale and low latency distribution.
</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-ietf-moq-transport-05"/>
</reference>
<reference anchor="MLS-ARCH">
<front>
<title>The Messaging Layer Security (MLS) Architecture</title>
<author fullname="Benjamin Beurdouche" initials="B." surname="Beurdouche">
<organization>Inria &amp; Mozilla</organization>
</author>
<author fullname="Eric Rescorla" initials="E." surname="Rescorla">
<organization>Windy Hill Systems, LLC</organization>
</author>
<author fullname="Emad Omara" initials="E." surname="Omara">
</author>
<author fullname="Srinivas Inguva" initials="S." surname="Inguva">
</author>
<author fullname="Alan Duric" initials="A." surname="Duric">
<organization>Wire</organization>
</author>
<date day="8" month="July" year="2024"/>
<abstract>
<t> The Messaging Layer Security (MLS) protocol (I-D.ietf-mls-protocol
)
provides a Group Key Agreement protocol for messaging applications.
MLS is meant to protect against eavesdropping, tampering, message
forgery, and provide Forward Secrecy (FS) and Post-Compromise
Security (PCS).
This document describes the architecture for using MLS in a general
secure group messaging infrastructure and defines the security goals
for MLS. It provides guidance on building a group messaging system
and discusses security and privacy tradeoffs offered by multiple
security mechanisms that are part of the MLS protocol (e.g.,
frequency of public encryption key rotation). The document also
provides guidance for parts of the infrastructure that are not
standardized by MLS and are instead left to the application.
While the recommendations of this document are not mandatory to
follow in order to interoperate at the protocol level, they affect
the overall security guarantees that are achieved by a messaging
application. This is especially true in the case of active
adversaries that are able to compromise clients, the delivery
service, or the authentication service.
</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-ietf-mls-architecture-14"/>
</reference>
<reference anchor="RFC7667">
<front>
<title>RTP Topologies</title>
<author fullname="M. Westerlund" initials="M." surname="Westerlund"/>
<author fullname="S. Wenger" initials="S." surname="Wenger"/>
<date month="November" year="2015"/>
<abstract>
<t>This document discusses point-to-point and multi-endpoint topologies us
ed in environments based on the Real-time Transport Protocol (RTP). In particula
r, centralized topologies commonly employed in the video conferencing industry a
re mapped to the RTP terminology.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="7667"/>
<seriesInfo name="DOI" value="10.17487/RFC7667"/>
</reference>
<reference anchor="RFC8866">
<front>
<title>SDP: Session Description Protocol</title>
<author fullname="A. Begen" initials="A." surname="Begen"/>
<author fullname="P. Kyzivat" initials="P." surname="Kyzivat"/>
<author fullname="C. Perkins" initials="C." surname="Perkins"/>
<author fullname="M. Handley" initials="M." surname="Handley"/>
<date month="January" year="2021"/>
<abstract>
<t>This memo defines the Session Description Protocol (SDP). SDP is intend
ed for describing multimedia sessions for the purposes of session announcement,
session invitation, and other forms of multimedia session initiation. This docum
ent obsoletes RFC 4566.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="8866"/>
<seriesInfo name="DOI" value="10.17487/RFC8866"/>
</reference>
<reference anchor="RFC6716">
<front>
<title>Definition of the Opus Audio Codec</title>
<author fullname="JM. Valin" initials="JM." surname="Valin"/>
<author fullname="K. Vos" initials="K." surname="Vos"/>
<author fullname="T. Terriberry" initials="T." surname="Terriberry"/>
<date month="September" year="2012"/>
<abstract>
<t>This document defines the Opus interactive speech and audio codec. Opus
is designed to handle a wide range of interactive audio applications, including
Voice over IP, videoconferencing, in-game chat, and even live, distributed musi
c performances. It scales from low bitrate narrowband speech at 6 kbit/s to very
high quality stereo music at 510 kbit/s. Opus uses both Linear Prediction (LP)
and the Modified Discrete Cosine Transform (MDCT) to achieve good compression of
both speech and music. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="6716"/>
<seriesInfo name="DOI" value="10.17487/RFC6716"/>
</reference>
<reference anchor="I-D.gouaillard-avtcore-codec-agn-rtp-payload">
<front>
<title>Codec agnostic RTP payload format for video</title>
<author fullname="Sergio Garcia Murillo" initials="S. G." surname="Murillo
">
<organization>CoSMo Software</organization>
</author>
<author fullname="Youenn Fablet" initials="Y." surname="Fablet">
<organization>Apple Inc.</organization>
</author>
<author fullname="Dr. Alex Gouaillard" initials="A." surname="Gouaillard">
<organization>CoSMo Software</organization>
</author>
<date day="9" month="March" year="2021"/>
<abstract>
<t> RTP Media Chains usually rely on piping encoder output directly to
packetizers. Media packetization formats often support a specific
codec format and optimize RTP packets generation accordingly.
With the development of Selective Forward Unit (SFU) solutions, that
do not process media content server side, the need for media content
processing at the origin and at the destination has arised.
RTP Media Chains used e.g. in WebRTC solutions are increasingly
relying on application-specific transforms that sit in-between
encoder and packetizer on one end and in-between depacketizer and
decoder on the other end. This use case has become so important,
that the W3C is standardizing the capacity to access encoded content
with the [WebRTCInsertableStreams] API proposal. An extremely
popular use case is application level end-to-end encryption of media
content, using for instance [SFrame].
Whatever the modification applied to the media content, RTP
packetizers can no longer expect to use packetization formats that
mandate media content to be in a specific codec format.
In the extreme cases like encryption, where the RTP Payload is made
completely opaque to the SFUs, some extra mechanism must also be
added for them to be able to route the packets without depending on
RTP payload or payload headers.
The traditionnal process of creating a new RTP Payload specification
per content would not be practical as we would need to make a new one
for each codec-transform pair.
This document describes a solution, which provides the following
features in the case the encoded content has been modified before
reaching the packetizer: - a paylaod agnostic RTP packetization
format that can be used on any media content, - a negotiation
mechanism for the above format and the inner payload, Both of the
above mechanism are backward compatible with most of (S)RTP/RTCP
mechanisms used for bandwidth estimation and congestion control in
RTP/SRTP/webrtc, including but not limited to SSRC, RED, FEC, RTX,
NACK, SR/RR, REMB, transport-wide-CC, TMBR, .... It as illustrated by
existing implementations in chrome, safari, and Medooze.
This document also describes a solution to allow SFUs to continue
performing packet routing on top of this generic RTP packetization
format.
This document complements the SFrame (media encryption), and
Dependency Descriptor (AV1 payload annex) documents to provide an
End-to-End-Encryption solution that would sit on top of SRTP/Webrtc,
use SFUs on the media back-end, and leverage W3C APIs in the browser.
A high level description of such system will be provided as an
informational I-D in the SFrame WG and then cited here.
</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-gouaillard-avtcore-codec-agn-r
tp-payload-01"/>
</reference>
</references> </references>
<?line 1180?> <section anchor="example-api">
<name>Example API</name>
<section anchor="example-api"><name>Example API</name> <t><strong>This section is not normative.</strong></t>
<t>This section describes a notional API that an SFrame implementation mig
<t><strong>This section is not normative.</strong></t> ht
<t>This section describes a notional API that an SFrame implementation might
expose. The core concept is an "SFrame context", within which KID values are expose. The core concept is an "SFrame context", within which KID values are
meaningful. In the key management scheme described in <xref target="sender-keys "/>, each meaningful. In the key management scheme described in <xref target="sender-keys "/>, each
sender has a different context; in the scheme described in <xref target="mls"/>, all senders sender has a different context; in the scheme described in <xref target="mls"/>, all senders
share the same context.</t> share the same context.</t>
<t>An SFrame context stores mappings from KID values to "key contexts", wh
<t>An SFrame context stores mappings from KID values to "key contexts", which ar ich are
e
different depending on whether the KID is to be used for sending or receiving different depending on whether the KID is to be used for sending or receiving
(an SFrame key should never be used for both operations). A key context tracks (an SFrame key should never be used for both operations). A key context tracks
the key and salt associated to the KID, and the current CTR value. A key the key and salt associated to the KID, and the current CTR value. A key
context to be used for sending also tracks the next CTR value to be used.</t> context to be used for sending also tracks the next CTR value to be used.</t>
<t>The primary operations on an SFrame context are as follows:</t>
<t>The primary operations on an SFrame context are as follows:</t> <ul spacing="normal">
<li>
<t><list style="symbols"> <t><strong>Create an SFrame context:</strong> The context is initializ
<t><strong>Create an SFrame context:</strong> The context is initialized with ed with a cipher suite and
a cipher suite and
no KID mappings.</t> no KID mappings.</t>
<t><strong>Add a key for sending:</strong> The key and salt are derived from t </li>
he base key and <li>
<t><strong>Add a key for sending:</strong> The key and salt are derive
d from the base key and
used to initialize a send context, together with a zero CTR value.</t> used to initialize a send context, together with a zero CTR value.</t>
<t><strong>Add a key for receiving:</strong> The key and salt are derived from </li>
the base key and <li>
<t><strong>Add a key for receiving:</strong> The key and salt are deri
ved from the base key and
used to initialize a send context.</t> used to initialize a send context.</t>
<t><strong>Encrypt a plaintext:</strong> Encrypt a given plaintext using the k </li>
ey for a given KID, <li>
<t><strong>Encrypt a plaintext:</strong> Encrypt a given plaintext usi
ng the key for a given KID,
including the specified metadata.</t> including the specified metadata.</t>
<t><strong>Decrypt an SFrame ciphertext:</strong> Decrypt an SFrame ciphertext </li>
with the KID <li>
<t><strong>Decrypt an SFrame ciphertext:</strong> Decrypt an SFrame ci
phertext with the KID
and CTR values specified in the SFrame header, and the provided metadata.</t> and CTR values specified in the SFrame header, and the provided metadata.</t>
</list></t> </li>
</ul>
<t><xref target="rust-api"/> shows an example of the types of structures and met <t><xref target="rust-api"/> shows an example of the types of structures a
hods that could nd methods that could
be used to create an SFrame API in Rust.</t> be used to create an SFrame API in Rust.</t>
<figure anchor="rust-api">
<figure title="An Example SFrame API" anchor="rust-api"><sourcecode type="rust"> <name>An Example SFrame API</name>
<![CDATA[ <sourcecode type="rust"><![CDATA[
type KeyId = u64; type KeyId = u64;
type Counter = u64; type Counter = u64;
type CipherSuite = u16; type CipherSuite = u16;
struct SendKeyContext { struct SendKeyContext {
key: Vec<u8>, key: Vec<u8>,
salt: Vec<u8>, salt: Vec<u8>,
next_counter: Counter, next_counter: Counter,
} }
skipping to change at line 2269 skipping to change at line 1971
} }
trait SFrameContextMethods { trait SFrameContextMethods {
fn create(cipher_suite: CipherSuite) -> Self; fn create(cipher_suite: CipherSuite) -> Self;
fn add_send_key(&self, kid: KeyId, base_key: &[u8]); fn add_send_key(&self, kid: KeyId, base_key: &[u8]);
fn add_recv_key(&self, kid: KeyId, base_key: &[u8]); fn add_recv_key(&self, kid: KeyId, base_key: &[u8]);
fn encrypt(&mut self, kid: KeyId, metadata: &[u8], fn encrypt(&mut self, kid: KeyId, metadata: &[u8],
plaintext: &[u8]) -> Vec<u8>; plaintext: &[u8]) -> Vec<u8>;
fn decrypt(&self, metadata: &[u8], ciphertext: &[u8]) -> Vec<u8>; fn decrypt(&self, metadata: &[u8], ciphertext: &[u8]) -> Vec<u8>;
} }
]]></sourcecode></figure> ]]></sourcecode>
</figure>
</section> </section>
<section anchor="overhead-analysis"><name>Overhead Analysis</name> <section anchor="overhead-analysis">
<name>Overhead Analysis</name>
<t>Any use of SFrame will impose overhead in terms of the amount of bandwidth <t>Any use of SFrame will impose overhead in terms of the amount of bandwi
dth
necessary to transmit a given media stream. Exactly how much overhead will be a dded necessary to transmit a given media stream. Exactly how much overhead will be a dded
depends on several factors:</t> depends on several factors:</t>
<ul spacing="normal">
<t><list style="symbols"> <li>
<t>The number of senders involved in a conference (length of KID)</t> <t>The number of senders involved in a conference (length of KID)</t>
<t>The duration of the conference (length of CTR)</t> </li>
<t>The cipher suite in use (length of authentication tag)</t> <li>
<t>Whether SFrame is used to encrypt packets, whole frames, or some other unit <t>The duration of the conference (length of CTR)</t>
</t> </li>
</list></t> <li>
<t>The cipher suite in use (length of authentication tag)</t>
<t>Overall, the overhead rate in kilobits per second can be estimated as:</t> </li>
<li>
<t><spanx style="verb"> <t>Whether SFrame is used to encrypt packets, whole frames, or some ot
her unit</t>
</li>
</ul>
<t>Overall, the overhead rate in kilobits per second can be estimated as:<
/t>
<t><tt>
OverheadKbps = (1 + |CTR| + |KID| + |TAG|) * 8 * CTPerSecond / 1024 OverheadKbps = (1 + |CTR| + |KID| + |TAG|) * 8 * CTPerSecond / 1024
</spanx></t> </tt></t>
<t>Here the constant value <tt>1</tt> reflects the fixed SFrame header; <t
<t>Here the constant value <spanx style="verb">1</spanx> reflects the fixed SFra t>|CTR|</tt> and
me header; <spanx style="verb">|CTR|</spanx> and <tt>|KID|</tt> reflect the lengths of those fields; <tt>|TAG|</tt> reflects the
<spanx style="verb">|KID|</spanx> reflect the lengths of those fields; <spanx st cipher
yle="verb">|TAG|</spanx> reflects the cipher overhead; and <tt>CTPerSecond</tt> reflects the number of SFrame ciphertexts
overhead; and <spanx style="verb">CTPerSecond</spanx> reflects the number of SFr
ame ciphertexts
sent per second (e.g., packets or frames per second).</t> sent per second (e.g., packets or frames per second).</t>
<t>In the remainder of this section, we compute overhead estimates for a c
<t>In the remainder of this section, we compute overhead estimates for a collect ollection
ion
of common scenarios.</t> of common scenarios.</t>
<section anchor="assumptions">
<section anchor="assumptions"><name>Assumptions</name> <name>Assumptions</name>
<t>In the below calculations, we make conservative assumptions about SFr
<t>In the below calculations, we make conservative assumptions about SFrame ame
overhead so that the overhead amounts we compute here are likely to be an upper overhead so that the overhead amounts we compute here are likely to be an upper
bound of those seen in practice.</t> bound of those seen in practice.</t>
<table anchor="analysis-assumptions">
<texttable title="Overhead Analysis Assumptions" anchor="analysis-assumptions"> <name>Overhead Analysis Assumptions</name>
<ttcol align='left'>Field</ttcol> <thead>
<ttcol align='right'>Bytes</ttcol> <tr>
<ttcol align='left'>Explanation</ttcol> <th align="left">Field</th>
<c>Config byte</c> <th align="right">Bytes</th>
<c>1</c> <th align="left">Explanation</th>
<c>Fixed</c> </tr>
<c>Key ID (KID)</c> </thead>
<c>2</c> <tbody>
<c>&gt;255 senders; or MLS epoch (E=4) and &gt;16 senders</c> <tr>
<c>Counter (CTR)</c> <td align="left">Config byte</td>
<c>3</c> <td align="right">1</td>
<c>More than 24 hours of media in common cases</c> <td align="left">Fixed</td>
<c>Cipher overhead</c> </tr>
<c>16</c> <tr>
<c>Full authentication tag (longest defined here)</c> <td align="left">Key ID (KID)</td>
</texttable> <td align="right">2</td>
<td align="left">&gt;255 senders; or MLS epoch (E=4) and &gt;16 se
<t>In total, then, we assume that each SFrame encryption will add 22 bytes of nders</td>
</tr>
<tr>
<td align="left">Counter (CTR)</td>
<td align="right">3</td>
<td align="left">More than 24 hours of media in common cases</td>
</tr>
<tr>
<td align="left">Cipher overhead</td>
<td align="right">16</td>
<td align="left">Full authentication tag (longest defined here)</t
d>
</tr>
</tbody>
</table>
<t>In total, then, we assume that each SFrame encryption will add 22 byt
es of
overhead.</t> overhead.</t>
<t>We consider two scenarios: applying SFrame per frame and per packet.
<t>We consider two scenarios: applying SFrame per frame and per packet. In each In each
scenario, we compute the SFrame overhead in absolute terms (kbps) and as a scenario, we compute the SFrame overhead in absolute terms (kbps) and as a
percentage of the base bandwidth.</t> percentage of the base bandwidth.</t>
</section>
</section> <section anchor="audio">
<section anchor="audio"><name>Audio</name> <name>Audio</name>
<t>In audio streams, there is typically a one-to-one relationship betwee
<t>In audio streams, there is typically a one-to-one relationship between frames n frames
and packets, so the overhead is the same whether one uses SFrame at a per-packet and packets, so the overhead is the same whether one uses SFrame at a per-packet
or per-frame level.</t> or per-frame level.</t>
<t><xref target="audio-overhead"/> considers three scenarios that are ba
<t><xref target="audio-overhead"/> considers three scenarios that are based on r sed on recommended configurations
ecommended configurations
of the Opus codec <xref target="RFC6716"/> (where "fps" stands for "frames per s econd"):</t> of the Opus codec <xref target="RFC6716"/> (where "fps" stands for "frames per s econd"):</t>
<table anchor="audio-overhead">
<texttable title="SFrame Overhead for Audio Streams" anchor="audio-overhead"> <name>SFrame Overhead for Audio Streams</name>
<ttcol align='left'>Scenario</ttcol> <thead>
<ttcol align='center'>Frame length</ttcol> <tr>
<ttcol align='center'>fps</ttcol> <th align="left">Scenario</th>
<ttcol align='center'>Base kbps</ttcol> <th align="center">Frame length</th>
<ttcol align='center'>Overhead kbps</ttcol> <th align="center">fps</th>
<ttcol align='center'>Overhead %</ttcol> <th align="center">Base kbps</th>
<c>Narrow-band speech</c> <th align="center">Overhead kbps</th>
<c>120 ms</c> <th align="center">Overhead %</th>
<c>8.3</c> </tr>
<c>8</c> </thead>
<c>1.4</c> <tbody>
<c>17.9%</c> <tr>
<c>Full-band speech</c> <td align="left">Narrow-band speech</td>
<c>20 ms</c> <td align="center">120 ms</td>
<c>50</c> <td align="center">8.3</td>
<c>32</c> <td align="center">8</td>
<c>8.6</c> <td align="center">1.4</td>
<c>26.9%</c> <td align="center">17.9%</td>
<c>Full-band stereo music</c> </tr>
<c>10 ms</c> <tr>
<c>100</c> <td align="left">Full-band speech</td>
<c>128</c> <td align="center">20 ms</td>
<c>17.2</c> <td align="center">50</td>
<c>13.4%</c> <td align="center">32</td>
</texttable> <td align="center">8.6</td>
<td align="center">26.9%</td>
</section> </tr>
<section anchor="video"><name>Video</name> <tr>
<td align="left">Full-band stereo music</td>
<t>Video frames can be larger than an MTU and thus are commonly split across <td align="center">10 ms</td>
multiple frames. <xref target="video-overhead-per-frame"/> and <xref target="vi <td align="center">100</td>
deo-overhead-per-packet"/> <td align="center">128</td>
<td align="center">17.2</td>
<td align="center">13.4%</td>
</tr>
</tbody>
</table>
</section>
<section anchor="video">
<name>Video</name>
<t>Video frames can be larger than an MTU and thus are commonly split ac
ross
multiple frames. Tables <xref target="video-overhead-per-frame" format="counter
"/>
and <xref target="video-overhead-per-packet" format="counter"/>
show the estimated overhead of encrypting a video stream, where SFrame is show the estimated overhead of encrypting a video stream, where SFrame is
applied per frame and per packet, respectively. The choices of resolution, applied per frame and per packet, respectively. The choices of resolution,
frames per second, and bandwidth roughly reflect the capabilities of frames per second, and bandwidth roughly reflect the capabilities of
modern video codecs across a range from very low to very high quality.</t> modern video codecs across a range from very low to very high quality.</t>
<table anchor="video-overhead-per-frame">
<texttable title="SFrame Overhead for a Video Stream Encrypted per Frame" anchor <name>SFrame Overhead for a Video Stream Encrypted per Frame</name>
="video-overhead-per-frame"> <thead>
<ttcol align='left'>Scenario</ttcol> <tr>
<ttcol align='center'>fps</ttcol> <th align="left">Scenario</th>
<ttcol align='center'>Base kbps</ttcol> <th align="center">fps</th>
<ttcol align='center'>Overhead kbps</ttcol> <th align="center">Base kbps</th>
<ttcol align='center'>Overhead %</ttcol> <th align="center">Overhead kbps</th>
<c>426 x 240</c> <th align="center">Overhead %</th>
<c>7.5</c> </tr>
<c>45</c> </thead>
<c>1.3</c> <tbody>
<c>2.9%</c> <tr>
<c>640 x 360</c> <td align="left">426 x 240</td>
<c>15</c> <td align="center">7.5</td>
<c>200</c> <td align="center">45</td>
<c>2.6</c> <td align="center">1.3</td>
<c>1.3%</c> <td align="center">2.9%</td>
<c>640 x 360</c> </tr>
<c>30</c> <tr>
<c>400</c> <td align="left">640 x 360</td>
<c>5.2</c> <td align="center">15</td>
<c>1.3%</c> <td align="center">200</td>
<c>1280 x 720</c> <td align="center">2.6</td>
<c>30</c> <td align="center">1.3%</td>
<c>1500</c> </tr>
<c>5.2</c> <tr>
<c>0.3%</c> <td align="left">640 x 360</td>
<c>1920 x 1080</c> <td align="center">30</td>
<c>60</c> <td align="center">400</td>
<c>7200</c> <td align="center">5.2</td>
<c>10.3</c> <td align="center">1.3%</td>
<c>0.1%</c> </tr>
</texttable> <tr>
<td align="left">1280 x 720</td>
<texttable title="SFrame Overhead for a Video Stream Encrypted per Packet" ancho <td align="center">30</td>
r="video-overhead-per-packet"> <td align="center">1500</td>
<ttcol align='left'>Scenario</ttcol> <td align="center">5.2</td>
<ttcol align='center'>fps</ttcol> <td align="center">0.3%</td>
<ttcol align='center'>Packets per Second (pps)</ttcol> </tr>
<ttcol align='center'>Base kbps</ttcol> <tr>
<ttcol align='center'>Overhead kbps</ttcol> <td align="left">1920 x 1080</td>
<ttcol align='center'>Overhead %</ttcol> <td align="center">60</td>
<c>426 x 240</c> <td align="center">7200</td>
<c>7.5</c> <td align="center">10.3</td>
<c>7.5</c> <td align="center">0.1%</td>
<c>45</c> </tr>
<c>1.3</c> </tbody>
<c>2.9%</c> </table>
<c>640 x 360</c> <table anchor="video-overhead-per-packet">
<c>15</c> <name>SFrame Overhead for a Video Stream Encrypted per Packet</name>
<c>30</c> <thead>
<c>200</c> <tr>
<c>5.2</c> <th align="left">Scenario</th>
<c>2.6%</c> <th align="center">fps</th>
<c>640 x 360</c> <th align="center">Packets per Second (pps)</th>
<c>30</c> <th align="center">Base kbps</th>
<c>60</c> <th align="center">Overhead kbps</th>
<c>400</c> <th align="center">Overhead %</th>
<c>10.3</c> </tr>
<c>2.6%</c> </thead>
<c>1280 x 720</c> <tbody>
<c>30</c> <tr>
<c>180</c> <td align="left">426 x 240</td>
<c>1500</c> <td align="center">7.5</td>
<c>30.9</c> <td align="center">7.5</td>
<c>2.1%</c> <td align="center">45</td>
<c>1920 x 1080</c> <td align="center">1.3</td>
<c>60</c> <td align="center">2.9%</td>
<c>780</c> </tr>
<c>7200</c> <tr>
<c>134.1</c> <td align="left">640 x 360</td>
<c>1.9%</c> <td align="center">15</td>
</texttable> <td align="center">30</td>
<td align="center">200</td>
<t>In the per-frame case, the SFrame percentage overhead approaches zero as the <td align="center">5.2</td>
<td align="center">2.6%</td>
</tr>
<tr>
<td align="left">640 x 360</td>
<td align="center">30</td>
<td align="center">60</td>
<td align="center">400</td>
<td align="center">10.3</td>
<td align="center">2.6%</td>
</tr>
<tr>
<td align="left">1280 x 720</td>
<td align="center">30</td>
<td align="center">180</td>
<td align="center">1500</td>
<td align="center">30.9</td>
<td align="center">2.1%</td>
</tr>
<tr>
<td align="left">1920 x 1080</td>
<td align="center">60</td>
<td align="center">780</td>
<td align="center">7200</td>
<td align="center">134.1</td>
<td align="center">1.9%</td>
</tr>
</tbody>
</table>
<t>In the per-frame case, the SFrame percentage overhead approaches zero
as the
quality of the video improves since bandwidth is driven more by picture size quality of the video improves since bandwidth is driven more by picture size
than frame rate. In the per-packet case, the SFrame percentage overhead than frame rate. In the per-packet case, the SFrame percentage overhead
approaches the ratio between the SFrame overhead per packet and the MTU (here 22 approaches the ratio between the SFrame overhead per packet and the MTU (here 22
bytes of SFrame overhead divided by an assumed 1200-byte MTU, or about 1.8%).</t > bytes of SFrame overhead divided by an assumed 1200-byte MTU, or about 1.8%).</t >
</section>
</section> <section anchor="conferences">
<section anchor="conferences"><name>Conferences</name> <name>Conferences</name>
<t>Real conferences usually involve several audio and video streams. Th
<t>Real conferences usually involve several audio and video streams. The overhe e overhead
ad
of SFrame in such a conference is the aggregate of the overhead across all the of SFrame in such a conference is the aggregate of the overhead across all the
individual streams. Thus, while SFrame incurs a large percentage overhead on an individual streams. Thus, while SFrame incurs a large percentage overhead on an
audio stream, if the conference also involves a video stream, then the audio audio stream, if the conference also involves a video stream, then the audio
overhead is likely negligible relative to the overall bandwidth of the overhead is likely negligible relative to the overall bandwidth of the
conference.</t> conference.</t>
<t>For example, <xref target="conference-overhead"/> shows the overhead
<t>For example, <xref target="conference-overhead"/> shows the overhead estimate estimates for a two-person
s for a two-person
conference where one person is sending low-quality media and the other is conference where one person is sending low-quality media and the other is
sending high-quality media. (And we assume that SFrame is applied per frame.) The sending high-quality media. (And we assume that SFrame is applied per frame.) The
video streams dominate the bandwidth at the SFU, so the total bandwidth overhead video streams dominate the bandwidth at the SFU, so the total bandwidth overhead
is only around 1%.</t> is only around 1%.</t>
<table anchor="conference-overhead">
<texttable title="SFrame Overhead for a Two-Person Conference" anchor="conferenc <name>SFrame Overhead for a Two-Person Conference</name>
e-overhead"> <thead>
<ttcol align='left'>Stream</ttcol> <tr>
<ttcol align='center'>Base Kbps</ttcol> <th align="left">Stream</th>
<ttcol align='center'>Overhead Kbps</ttcol> <th align="center">Base Kbps</th>
<ttcol align='center'>Overhead %</ttcol> <th align="center">Overhead Kbps</th>
<c>Participant 1 audio</c> <th align="center">Overhead %</th>
<c>8</c> </tr>
<c>1.4</c> </thead>
<c>17.9%</c> <tbody>
<c>Participant 1 video</c> <tr>
<c>45</c> <td align="left">Participant 1 audio</td>
<c>1.3</c> <td align="center">8</td>
<c>2.9%</c> <td align="center">1.4</td>
<c>Participant 2 audio</c> <td align="center">17.9%</td>
<c>32</c> </tr>
<c>9</c> <tr>
<c>26.9%</c> <td align="left">Participant 1 video</td>
<c>Participant 2 video</c> <td align="center">45</td>
<c>1500</c> <td align="center">1.3</td>
<c>5</c> <td align="center">2.9%</td>
<c>0.3%</c> </tr>
<c>Total at SFU</c> <tr>
<c>1585</c> <td align="left">Participant 2 audio</td>
<c>16.5</c> <td align="center">32</td>
<c>1.0%</c> <td align="center">9</td>
</texttable> <td align="center">26.9%</td>
</tr>
</section> <tr>
<section anchor="sframe-over-rtp"><name>SFrame over RTP</name> <td align="left">Participant 2 video</td>
<td align="center">1500</td>
<t>SFrame is a generic encapsulation format, but many of the applications in whi <td align="center">5</td>
ch <td align="center">0.3%</td>
</tr>
<tr>
<td align="left">Total at SFU</td>
<td align="center">1585</td>
<td align="center">16.5</td>
<td align="center">1.0%</td>
</tr>
</tbody>
</table>
</section>
<section anchor="sframe-over-rtp">
<name>SFrame over RTP</name>
<t>SFrame is a generic encapsulation format, but many of the application
s in which
it is likely to be integrated are based on RTP. This section discusses how an it is likely to be integrated are based on RTP. This section discusses how an
integration between SFrame and RTP could be done, and some of the challenges integration between SFrame and RTP could be done, and some of the challenges
that would need to be overcome.</t> that would need to be overcome.</t>
<t>As discussed in <xref target="application-context"/>, there are two n
<t>As discussed in <xref target="application-context"/>, there are two natural p atural patterns for
atterns for
integrating SFrame into an application: applying SFrame per frame or per packet. integrating SFrame into an application: applying SFrame per frame or per packet.
In RTP-based applications, applying SFrame per packet means that the payload of In RTP-based applications, applying SFrame per packet means that the payload of
each RTP packet will be an SFrame ciphertext, starting with an SFrame header, as each RTP packet will be an SFrame ciphertext, starting with an SFrame header, as
shown in <xref target="sframe-packet"/>. Applying SFrame per frame means that d ifferent shown in <xref target="sframe-packet"/>. Applying SFrame per frame means that d ifferent
RTP payloads will have different formats: The first payload of a frame will RTP payloads will have different formats: The first payload of a frame will
contain the SFrame headers, and subsequent payloads will contain further chunks contain the SFrame headers, and subsequent payloads will contain further chunks
of the ciphertext, as shown in <xref target="sframe-multi-packet"/>.</t> of the ciphertext, as shown in <xref target="sframe-multi-packet"/>.</t>
<t>In order for these media payloads to be properly interpreted by recei
<t>In order for these media payloads to be properly interpreted by receivers, vers,
receivers will need to be configured to know which of the above schemes the receivers will need to be configured to know which of the above schemes the
sender has applied to a given sequence of RTP packets. SFrame does not provide sender has applied to a given sequence of RTP packets. SFrame does not provide
a mechanism for distributing this configuration information. In applications a mechanism for distributing this configuration information. In applications
that use SDP for negotiating RTP media streams <xref target="RFC8866"/>, an appr opriate that use SDP for negotiating RTP media streams <xref target="RFC8866"/>, an appr opriate
extension to SDP could provide this function.</t> extension to SDP could provide this function.</t>
<t>Applying SFrame per frame also requires that packetization and depack
<t>Applying SFrame per frame also requires that packetization and depacketizatio etization
n
be done in a generic manner that does not depend on the media content of the be done in a generic manner that does not depend on the media content of the
packets, since the content being packetized or depacketized will be opaque packets, since the content being packetized or depacketized will be opaque
ciphertext (except for the SFrame header). In order for such a generic ciphertext (except for the SFrame header). In order for such a generic
packetization scheme to work interoperably, one would have to be defined, e.g., packetization scheme to work interoperably, one would have to be defined, e.g.,
as proposed in <xref target="I-D.gouaillard-avtcore-codec-agn-rtp-payload"/>.</t > as proposed in <xref target="I-D.gouaillard-avtcore-codec-agn-rtp-payload"/>.</t >
<figure anchor="sframe-packet">
<figure title="SRTP Packet with SFrame-Protected Payload" anchor="sframe-packet" <name>SRTP Packet with SFrame-Protected Payload</name>
><artset><artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version="1 <artset>
.1" height="384" width="576" viewBox="0 0 576 384" class="diagram" text-anchor=" <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version=
middle" font-family="monospace" font-size="13px" stroke-linecap="round"> "1.1" height="384" width="552" viewBox="0 0 552 384" class="diagram" text-anchor
<path d="M 8,208 L 8,368" fill="none" stroke="black"/> ="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 32,32 L 32,336" fill="none" stroke="black"/> <path d="M 8,208 L 8,368" fill="none" stroke="black"/>
<path d="M 64,32 L 64,64" fill="none" stroke="black"/> <path d="M 32,32 L 32,336" fill="none" stroke="black"/>
<path d="M 80,32 L 80,64" fill="none" stroke="black"/> <path d="M 64,32 L 64,64" fill="none" stroke="black"/>
<path d="M 96,32 L 96,64" fill="none" stroke="black"/> <path d="M 80,32 L 80,64" fill="none" stroke="black"/>
<path d="M 160,32 L 160,64" fill="none" stroke="black"/> <path d="M 96,32 L 96,64" fill="none" stroke="black"/>
<path d="M 176,32 L 176,64" fill="none" stroke="black"/> <path d="M 160,32 L 160,64" fill="none" stroke="black"/>
<path d="M 200,208 L 200,240" fill="none" stroke="black"/> <path d="M 176,32 L 176,64" fill="none" stroke="black"/>
<path d="M 288,32 L 288,64" fill="none" stroke="black"/> <path d="M 192,208 L 192,240" fill="none" stroke="black"/>
<path d="M 544,32 L 544,336" fill="none" stroke="black"/> <path d="M 272,32 L 272,64" fill="none" stroke="black"/>
<path d="M 568,32 L 568,368" fill="none" stroke="black"/> <path d="M 520,32 L 520,336" fill="none" stroke="black"/>
<path d="M 32,32 L 568,32" fill="none" stroke="black"/> <path d="M 544,32 L 544,368" fill="none" stroke="black"/>
<path d="M 32,64 L 544,64" fill="none" stroke="black"/> <path d="M 32,32 L 544,32" fill="none" stroke="black"/>
<path d="M 32,96 L 544,96" fill="none" stroke="black"/> <path d="M 32,64 L 520,64" fill="none" stroke="black"/>
<path d="M 32,126 L 544,126" fill="none" stroke="black"/><path d="M 32,130 L 544 <path d="M 32,96 L 520,96" fill="none" stroke="black"/>
,130" fill="none" stroke="black"/> <path d="M 32,126 L 520,126" fill="none" stroke="black"/>
<path d="M 32,176 L 544,176" fill="none" stroke="black"/> <path d="M 32,130 L 520,130" fill="none" stroke="black"/>
<path d="M 8,208 L 544,208" fill="none" stroke="black"/> <path d="M 32,176 L 520,176" fill="none" stroke="black"/>
<path d="M 32,240 L 200,240" fill="none" stroke="black"/> <path d="M 8,208 L 520,208" fill="none" stroke="black"/>
<path d="M 8,304 L 568,304" fill="none" stroke="black"/> <path d="M 32,240 L 192,240" fill="none" stroke="black"/>
<path d="M 32,336 L 544,336" fill="none" stroke="black"/> <path d="M 8,304 L 544,304" fill="none" stroke="black"/>
<path d="M 8,368 L 32,368" fill="none" stroke="black"/> <path d="M 32,336 L 520,336" fill="none" stroke="black"/>
<path d="M 544,368 L 568,368" fill="none" stroke="black"/> <path d="M 8,368 L 32,368" fill="none" stroke="black"/>
<polygon class="arrowhead" points="560,304 548,298.4 548,309.6" fill="black" tra <path d="M 520,368 L 544,368" fill="none" stroke="black"/>
nsform="rotate(180,552,304)"/> <polygon class="arrowhead" points="536,304 524,298.4 524,309.6"
<polygon class="arrowhead" points="560,32 548,26.4 548,37.6" fill="black" transf fill="black" transform="rotate(180,528,304)"/>
orm="rotate(180,552,32)"/> <polygon class="arrowhead" points="536,32 524,26.4 524,37.6" fil
<polygon class="arrowhead" points="32,304 20,298.4 20,309.6" fill="black" transf l="black" transform="rotate(180,528,32)"/>
orm="rotate(0,24,304)"/> <polygon class="arrowhead" points="32,304 20,298.4 20,309.6" fil
<polygon class="arrowhead" points="32,208 20,202.4 20,213.6" fill="black" transf l="black" transform="rotate(0,24,304)"/>
orm="rotate(0,24,208)"/> <polygon class="arrowhead" points="32,208 20,202.4 20,213.6" fil
<g class="text"> l="black" transform="rotate(0,24,208)"/>
<text x="48" y="52">V=2</text> <g class="text">
<text x="72" y="52">P</text> <text x="48" y="52">V=2</text>
<text x="88" y="52">X</text> <text x="72" y="52">P</text>
<text x="124" y="52">CC</text> <text x="88" y="52">X</text>
<text x="168" y="52">M</text> <text x="124" y="52">CC</text>
<text x="228" y="52">PT</text> <text x="168" y="52">M</text>
<text x="380" y="52">sequence</text> <text x="228" y="52">PT</text>
<text x="444" y="52">number</text> <text x="364" y="52">sequence</text>
<text x="288" y="84">timestamp</text> <text x="428" y="52">number</text>
<text x="184" y="116">synchronization</text> <text x="280" y="84">timestamp</text>
<text x="276" y="116">source</text> <text x="176" y="116">synchronization</text>
<text x="332" y="116">(SSRC)</text> <text x="268" y="116">source</text>
<text x="404" y="116">identifier</text> <text x="324" y="116">(SSRC)</text>
<text x="180" y="148">contributing</text> <text x="396" y="116">identifier</text>
<text x="260" y="148">source</text> <text x="172" y="148">contributing</text>
<text x="316" y="148">(CSRC)</text> <text x="252" y="148">source</text>
<text x="392" y="148">identifiers</text> <text x="308" y="148">(CSRC)</text>
<text x="300" y="164">....</text> <text x="384" y="148">identifiers</text>
<text x="200" y="196">RTP</text> <text x="292" y="164">....</text>
<text x="268" y="196">extension(s)</text> <text x="192" y="196">RTP</text>
<text x="364" y="196">(OPTIONAL)</text> <text x="260" y="196">extension(s)</text>
<text x="84" y="228">SFrame</text> <text x="356" y="196">(OPTIONAL)</text>
<text x="140" y="228">header</text> <text x="76" y="228">SFrame</text>
<text x="140" y="276">SFrame</text> <text x="132" y="228">header</text>
<text x="208" y="276">encrypted</text> <text x="132" y="276">SFrame</text>
<text x="264" y="276">and</text> <text x="200" y="276">encrypted</text>
<text x="336" y="276">authenticated</text> <text x="256" y="276">and</text>
<text x="424" y="276">payload</text> <text x="328" y="276">authenticated</text>
<text x="212" y="324">SRTP</text> <text x="416" y="276">payload</text>
<text x="292" y="324">authentication</text> <text x="204" y="324">SRTP</text>
<text x="368" y="324">tag</text> <text x="284" y="324">authentication</text>
<text x="60" y="372">SRTP</text> <text x="360" y="324">tag</text>
<text x="120" y="372">Encrypted</text> <text x="60" y="372">SRTP</text>
<text x="192" y="372">Portion</text> <text x="120" y="372">Encrypted</text>
<text x="340" y="372">SRTP</text> <text x="192" y="372">Portion</text>
<text x="416" y="372">Authenticated</text> <text x="316" y="372">SRTP</text>
<text x="504" y="372">Portion</text> <text x="392" y="372">Authenticated</text>
</g> <text x="480" y="372">Portion</text>
</svg> </g>
</artwork><artwork type="ascii-art"><![CDATA[ </svg>
+---+-+-+-------+-+-------------+-------------------------------+<-+ </artwork>
|V=2|P|X| CC |M| PT | sequence number | | <artwork type="ascii-art"><![CDATA[
+---+-+-+-------+-+-------------+-------------------------------+ | +---+-+-+-------+-+-----------+------------------------------+<-+
| timestamp | | |V=2|P|X| CC |M| PT | sequence number | |
+---------------------------------------------------------------+ | +---+-+-+-------+-+-----------+------------------------------+ |
| synchronization source (SSRC) identifier | | | timestamp | |
+===============================================================+ | +------------------------------------------------------------+ |
| contributing source (CSRC) identifiers | | | synchronization source (SSRC) identifier | |
| .... | | +============================================================+ |
+---------------------------------------------------------------+ | | contributing source (CSRC) identifiers | |
| RTP extension(s) (OPTIONAL) | | | .... | |
+->+--------------------+------------------------------------------+ | +------------------------------------------------------------+ |
| | SFrame header | | | | RTP extension(s) (OPTIONAL) | |
| +--------------------+ | | +->+-------------------+----------------------------------------+ |
| | | | | | SFrame header | | |
| | SFrame encrypted and authenticated payload | | | +-------------------+ | |
| | | | | | | |
+->+---------------------------------------------------------------+<-+ | | SFrame encrypted and authenticated payload | |
| | SRTP authentication tag | | | | | |
| +---------------------------------------------------------------+ | +->+------------------------------------------------------------+<-+
| | | | SRTP authentication tag | |
+--- SRTP Encrypted Portion SRTP Authenticated Portion ---+ | +------------------------------------------------------------+ |
]]></artwork></artset></figure> | |
+--- SRTP Encrypted Portion SRTP Authenticated Portion ---+
<figure title="Encryption Flow with per-Frame Encryption for RTP" anchor="sframe ]]></artwork>
-multi-packet"><artset><artwork type="svg"><svg xmlns="http://www.w3.org/2000/s </artset>
vg" version="1.1" height="624" width="504" viewBox="0 0 504 624" class="diagram" </figure>
text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="r <figure anchor="sframe-multi-packet">
ound"> <name>Encryption Flow with per-Frame Encryption for RTP</name>
<path d="M 8,192 L 8,224" fill="none" stroke="black"/> <artset>
<path d="M 8,512 L 8,608" fill="none" stroke="black"/> <artwork type="svg"><svg xmlns="http://www.w3.org/2000/svg" version=
<path d="M 32,32 L 32,64" fill="none" stroke="black"/> "1.1" height="624" width="504" viewBox="0 0 504 624" class="diagram" text-anchor
<path d="M 32,232 L 32,504" fill="none" stroke="black"/> ="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
<path d="M 72,464 L 72,504" fill="none" stroke="black"/> <path d="M 8,192 L 8,224" fill="none" stroke="black"/>
<path d="M 96,64 L 96,184" fill="none" stroke="black"/> <path d="M 8,512 L 8,608" fill="none" stroke="black"/>
<path d="M 136,512 L 136,608" fill="none" stroke="black"/> <path d="M 32,32 L 32,64" fill="none" stroke="black"/>
<path d="M 168,32 L 168,64" fill="none" stroke="black"/> <path d="M 32,232 L 32,504" fill="none" stroke="black"/>
<path d="M 192,32 L 192,128" fill="none" stroke="black"/> <path d="M 72,464 L 72,504" fill="none" stroke="black"/>
<path d="M 192,288 L 192,400" fill="none" stroke="black"/> <path d="M 96,64 L 96,184" fill="none" stroke="black"/>
<path d="M 192,512 L 192,608" fill="none" stroke="black"/> <path d="M 136,512 L 136,608" fill="none" stroke="black"/>
<path d="M 256,128 L 256,184" fill="none" stroke="black"/> <path d="M 168,32 L 168,64" fill="none" stroke="black"/>
<path d="M 256,232 L 256,280" fill="none" stroke="black"/> <path d="M 192,32 L 192,128" fill="none" stroke="black"/>
<path d="M 256,400 L 256,416" fill="none" stroke="black"/> <path d="M 192,288 L 192,400" fill="none" stroke="black"/>
<path d="M 256,448 L 256,504" fill="none" stroke="black"/> <path d="M 192,512 L 192,608" fill="none" stroke="black"/>
<path d="M 320,32 L 320,128" fill="none" stroke="black"/> <path d="M 256,128 L 256,184" fill="none" stroke="black"/>
<path d="M 320,192 L 320,224" fill="none" stroke="black"/> <path d="M 256,232 L 256,280" fill="none" stroke="black"/>
<path d="M 320,288 L 320,400" fill="none" stroke="black"/> <path d="M 256,400 L 256,416" fill="none" stroke="black"/>
<path d="M 320,512 L 320,608" fill="none" stroke="black"/> <path d="M 256,448 L 256,504" fill="none" stroke="black"/>
<path d="M 368,512 L 368,608" fill="none" stroke="black"/> <path d="M 320,32 L 320,128" fill="none" stroke="black"/>
<path d="M 432,464 L 432,504" fill="none" stroke="black"/> <path d="M 320,192 L 320,224" fill="none" stroke="black"/>
<path d="M 496,512 L 496,608" fill="none" stroke="black"/> <path d="M 320,288 L 320,400" fill="none" stroke="black"/>
<path d="M 32,32 L 168,32" fill="none" stroke="black"/> <path d="M 320,512 L 320,608" fill="none" stroke="black"/>
<path d="M 192,32 L 320,32" fill="none" stroke="black"/> <path d="M 368,512 L 368,608" fill="none" stroke="black"/>
<path d="M 32,64 L 168,64" fill="none" stroke="black"/> <path d="M 432,464 L 432,504" fill="none" stroke="black"/>
<path d="M 192,128 L 320,128" fill="none" stroke="black"/> <path d="M 496,512 L 496,608" fill="none" stroke="black"/>
<path d="M 8,192 L 320,192" fill="none" stroke="black"/> <path d="M 32,32 L 168,32" fill="none" stroke="black"/>
<path d="M 8,224 L 320,224" fill="none" stroke="black"/> <path d="M 192,32 L 320,32" fill="none" stroke="black"/>
<path d="M 192,288 L 320,288" fill="none" stroke="black"/> <path d="M 32,64 L 168,64" fill="none" stroke="black"/>
<path d="M 192,400 L 320,400" fill="none" stroke="black"/> <path d="M 192,128 L 320,128" fill="none" stroke="black"/>
<path d="M 72,464 L 328,464" fill="none" stroke="black"/> <path d="M 8,192 L 320,192" fill="none" stroke="black"/>
<path d="M 360,464 L 432,464" fill="none" stroke="black"/> <path d="M 8,224 L 320,224" fill="none" stroke="black"/>
<path d="M 8,512 L 136,512" fill="none" stroke="black"/> <path d="M 192,288 L 320,288" fill="none" stroke="black"/>
<path d="M 192,512 L 320,512" fill="none" stroke="black"/> <path d="M 192,400 L 320,400" fill="none" stroke="black"/>
<path d="M 368,512 L 496,512" fill="none" stroke="black"/> <path d="M 72,464 L 328,464" fill="none" stroke="black"/>
<path d="M 8,544 L 136,544" fill="none" stroke="black"/> <path d="M 360,464 L 432,464" fill="none" stroke="black"/>
<path d="M 8,608 L 136,608" fill="none" stroke="black"/> <path d="M 8,512 L 136,512" fill="none" stroke="black"/>
<path d="M 192,608 L 320,608" fill="none" stroke="black"/> <path d="M 192,512 L 320,512" fill="none" stroke="black"/>
<path d="M 368,608 L 496,608" fill="none" stroke="black"/> <path d="M 368,512 L 496,512" fill="none" stroke="black"/>
<polygon class="arrowhead" points="440,504 428,498.4 428,509.6" fill="black" tra <path d="M 8,544 L 136,544" fill="none" stroke="black"/>
nsform="rotate(90,432,504)"/> <path d="M 8,608 L 136,608" fill="none" stroke="black"/>
<polygon class="arrowhead" points="264,504 252,498.4 252,509.6" fill="black" tra <path d="M 192,608 L 320,608" fill="none" stroke="black"/>
nsform="rotate(90,256,504)"/> <path d="M 368,608 L 496,608" fill="none" stroke="black"/>
<polygon class="arrowhead" points="264,280 252,274.4 252,285.6" fill="black" tra <polygon class="arrowhead" points="440,504 428,498.4 428,509.6"
nsform="rotate(90,256,280)"/> fill="black" transform="rotate(90,432,504)"/>
<polygon class="arrowhead" points="264,184 252,178.4 252,189.6" fill="black" tra <polygon class="arrowhead" points="264,504 252,498.4 252,509.6"
nsform="rotate(90,256,184)"/> fill="black" transform="rotate(90,256,504)"/>
<polygon class="arrowhead" points="104,184 92,178.4 92,189.6" fill="black" trans <polygon class="arrowhead" points="264,280 252,274.4 252,285.6"
form="rotate(90,96,184)"/> fill="black" transform="rotate(90,256,280)"/>
<polygon class="arrowhead" points="80,504 68,498.4 68,509.6" fill="black" transf <polygon class="arrowhead" points="264,184 252,178.4 252,189.6"
orm="rotate(90,72,504)"/> fill="black" transform="rotate(90,256,184)"/>
<polygon class="arrowhead" points="40,504 28,498.4 28,509.6" fill="black" transf <polygon class="arrowhead" points="104,184 92,178.4 92,189.6" fi
orm="rotate(90,32,504)"/> ll="black" transform="rotate(90,96,184)"/>
<g class="text"> <polygon class="arrowhead" points="80,504 68,498.4 68,509.6" fil
<text x="64" y="52">frame</text> l="black" transform="rotate(90,72,504)"/>
<text x="124" y="52">metadata</text> <polygon class="arrowhead" points="40,504 28,498.4 28,509.6" fil
<text x="256" y="84">frame</text> l="black" transform="rotate(90,32,504)"/>
<text x="132" y="212">SFrame</text> <g class="text">
<text x="192" y="212">Encrypt</text> <text x="64" y="52">frame</text>
<text x="256" y="340">encrypted</text> <text x="124" y="52">metadata</text>
<text x="256" y="356">frame</text> <text x="256" y="84">frame</text>
<text x="208" y="436">generic</text> <text x="132" y="212">SFrame</text>
<text x="256" y="436">RTP</text> <text x="192" y="212">Encrypt</text>
<text x="312" y="436">packetize</text> <text x="256" y="340">encrypted</text>
<text x="344" y="468">...</text> <text x="256" y="356">frame</text>
<text x="44" y="532">SFrame</text> <text x="208" y="436">generic</text>
<text x="100" y="532">header</text> <text x="256" y="436">RTP</text>
<text x="240" y="564">payload</text> <text x="312" y="436">packetize</text>
<text x="288" y="564">2/N</text> <text x="344" y="468">...</text>
<text x="344" y="564">...</text> <text x="44" y="532">SFrame</text>
<text x="416" y="564">payload</text> <text x="100" y="532">header</text>
<text x="464" y="564">N/N</text> <text x="240" y="564">payload</text>
<text x="56" y="580">payload</text> <text x="288" y="564">2/N</text>
<text x="104" y="580">1/N</text> <text x="344" y="564">...</text>
</g> <text x="416" y="564">payload</text>
</svg> <text x="464" y="564">N/N</text>
</artwork><artwork type="ascii-art"><![CDATA[ <text x="56" y="580">payload</text>
<text x="104" y="580">1/N</text>
</g>
</svg>
</artwork>
<artwork type="ascii-art"><![CDATA[
+----------------+ +---------------+ +----------------+ +---------------+
| frame metadata | | | | frame metadata | | |
+-------+--------+ | | +-------+--------+ | |
| | frame | | | frame |
| | | | | |
| | | | | |
| +-------+-------+ | +-------+-------+
| | | |
| | | |
V V V V
skipping to change at line 2729 skipping to change at line 2505
| +----------------------+--------.....--------+ | +----------------------+--------.....--------+
| | | | | | | |
V V V V V V V V
+---------------+ +---------------+ +---------------+ +---------------+ +---------------+ +---------------+
| SFrame header | | | | | | SFrame header | | | | |
+---------------+ | | | | +---------------+ | | | |
| | | payload 2/N | ... | payload N/N | | | | payload 2/N | ... | payload N/N |
| payload 1/N | | | | | | payload 1/N | | | | |
| | | | | | | | | | | |
+---------------+ +---------------+ +---------------+ +---------------+ +---------------+ +---------------+
]]></artwork></artset></figure> ]]></artwork>
</artset>
</section> </figure>
</section> </section>
<section anchor="test-vectors"><name>Test Vectors</name> </section>
<section anchor="test-vectors">
<t>This section provides a set of test vectors that implementations can use to <name>Test Vectors</name>
<t>This section provides a set of test vectors that implementations can us
e to
verify that they correctly implement SFrame encryption and decryption. In verify that they correctly implement SFrame encryption and decryption. In
addition to test vectors for the overall process of SFrame addition to test vectors for the overall process of SFrame
encryption/decryption, we also provide test vectors for header encryption/decryption, we also provide test vectors for header
encoding/decoding, and for AEAD encryption/decryption using the AES-CTR encoding/decoding, and for AEAD encryption/decryption using the AES-CTR
construction defined in <xref target="aes-ctr-with-sha2"/>.</t> construction defined in <xref target="aes-ctr-with-sha2"/>.</t>
<t>All values are either numeric or byte strings. Numeric values are repr
<t>All values are either numeric or byte strings. Numeric values are represente esented
d as hex values, prefixed with <tt>0x</tt>. Byte strings are represented in hex
as hex values, prefixed with <spanx style="verb">0x</spanx>. Byte strings are r
epresented in hex
encoding.</t> encoding.</t>
<t>Line breaks and whitespace within values are inserted to conform to the
<t>Line breaks and whitespace within values are inserted to conform to the width width
requirements of the RFC format. They should be removed before use.</t> requirements of the RFC format. They should be removed before use.</t>
<t>These test vectors are also available in JSON format at <xref target="T
<t>These test vectors are also available in JSON format at <xref target="TestVec estVectors"/>. In the
tors"/>. In the
JSON test vectors, numeric values are JSON numbers and byte string values are JSON test vectors, numeric values are JSON numbers and byte string values are
JSON strings containing the hex encoding of the byte strings.</t> JSON strings containing the hex encoding of the byte strings.</t>
<section anchor="header-encodingdecoding">
<section anchor="header-encodingdecoding"><name>Header Encoding/Decoding</name> <name>Header Encoding/Decoding</name>
<t>For each case, we provide:</t>
<t>For each case, we provide:</t> <ul spacing="normal">
<li>
<t><list style="symbols"> <t><tt>kid</tt>: A KID value</t>
<t><spanx style="verb">kid</spanx>: A KID value</t> </li>
<t><spanx style="verb">ctr</spanx>: A CTR value</t> <li>
<t><spanx style="verb">header</spanx>: An encoded SFrame header</t> <t><tt>ctr</tt>: A CTR value</t>
</list></t> </li>
<li>
<t>An implementation should verify that:</t> <t><tt>header</tt>: An encoded SFrame header</t>
</li>
<t><list style="symbols"> </ul>
<t>Encoding a header with the KID and CTR results in the provided header value <t>An implementation should verify that:</t>
</t> <ul spacing="normal">
<t>Decoding the provided header value results in the provided KID and CTR valu <li>
es</t> <t>Encoding a header with the KID and CTR results in the provided he
</list></t> ader value</t>
</li>
<figure><sourcecode type="test-vectors"><![CDATA[ <li>
<t>Decoding the provided header value results in the provided KID an
d CTR values</t>
</li>
</ul>
<sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000000 kid: 0x0000000000000000
ctr: 0x0000000000000000 ctr: 0x0000000000000000
header: 00 header: 00
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000000 kid: 0x0000000000000000
ctr: 0x0000000000000001 ctr: 0x0000000000000001
header: 01 header: 01
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000000 kid: 0x0000000000000000
ctr: 0x00000000000000ff ctr: 0x00000000000000ff
header: 08ff header: 08ff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000000 kid: 0x0000000000000000
ctr: 0x0000000000000100 ctr: 0x0000000000000100
header: 090100 header: 090100
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000000 kid: 0x0000000000000000
ctr: 0x000000000000ffff ctr: 0x000000000000ffff
header: 09ffff header: 09ffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000000 kid: 0x0000000000000000
ctr: 0x0000000000010000 ctr: 0x0000000000010000
header: 0a010000 header: 0a010000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000000 kid: 0x0000000000000000
ctr: 0x0000000000ffffff ctr: 0x0000000000ffffff
header: 0affffff header: 0affffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000000 kid: 0x0000000000000000
ctr: 0x0000000001000000 ctr: 0x0000000001000000
header: 0b01000000 header: 0b01000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000000 kid: 0x0000000000000000
ctr: 0x00000000ffffffff ctr: 0x00000000ffffffff
header: 0bffffffff header: 0bffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000000 kid: 0x0000000000000000
ctr: 0x0000000100000000 ctr: 0x0000000100000000
header: 0c0100000000 header: 0c0100000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000000 kid: 0x0000000000000000
ctr: 0x000000ffffffffff ctr: 0x000000ffffffffff
header: 0cffffffffff header: 0cffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000000 kid: 0x0000000000000000
ctr: 0x0000010000000000 ctr: 0x0000010000000000
header: 0d010000000000 header: 0d010000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000000 kid: 0x0000000000000000
ctr: 0x0000ffffffffffff ctr: 0x0000ffffffffffff
header: 0dffffffffffff header: 0dffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000000 kid: 0x0000000000000000
ctr: 0x0001000000000000 ctr: 0x0001000000000000
header: 0e01000000000000 header: 0e01000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000000 kid: 0x0000000000000000
ctr: 0x00ffffffffffffff ctr: 0x00ffffffffffffff
header: 0effffffffffffff header: 0effffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000000 kid: 0x0000000000000000
ctr: 0x0100000000000000 ctr: 0x0100000000000000
header: 0f0100000000000000 header: 0f0100000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000000 kid: 0x0000000000000000
ctr: 0xffffffffffffffff ctr: 0xffffffffffffffff
header: 0fffffffffffffffff header: 0fffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000001 kid: 0x0000000000000001
ctr: 0x0000000000000000 ctr: 0x0000000000000000
header: 10 header: 10
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000001 kid: 0x0000000000000001
ctr: 0x0000000000000001 ctr: 0x0000000000000001
header: 11 header: 11
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000001 kid: 0x0000000000000001
ctr: 0x00000000000000ff ctr: 0x00000000000000ff
header: 18ff header: 18ff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000001 kid: 0x0000000000000001
ctr: 0x0000000000000100 ctr: 0x0000000000000100
header: 190100 header: 190100
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000001 kid: 0x0000000000000001
ctr: 0x000000000000ffff ctr: 0x000000000000ffff
header: 19ffff header: 19ffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000001 kid: 0x0000000000000001
ctr: 0x0000000000010000 ctr: 0x0000000000010000
header: 1a010000 header: 1a010000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000001 kid: 0x0000000000000001
ctr: 0x0000000000ffffff ctr: 0x0000000000ffffff
header: 1affffff header: 1affffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000001 kid: 0x0000000000000001
ctr: 0x0000000001000000 ctr: 0x0000000001000000
header: 1b01000000 header: 1b01000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000001 kid: 0x0000000000000001
ctr: 0x00000000ffffffff ctr: 0x00000000ffffffff
header: 1bffffffff header: 1bffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000001 kid: 0x0000000000000001
ctr: 0x0000000100000000 ctr: 0x0000000100000000
header: 1c0100000000 header: 1c0100000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000001 kid: 0x0000000000000001
ctr: 0x000000ffffffffff ctr: 0x000000ffffffffff
header: 1cffffffffff header: 1cffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000001 kid: 0x0000000000000001
ctr: 0x0000010000000000 ctr: 0x0000010000000000
header: 1d010000000000 header: 1d010000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000001 kid: 0x0000000000000001
ctr: 0x0000ffffffffffff ctr: 0x0000ffffffffffff
header: 1dffffffffffff header: 1dffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000001 kid: 0x0000000000000001
ctr: 0x0001000000000000 ctr: 0x0001000000000000
header: 1e01000000000000 header: 1e01000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000001 kid: 0x0000000000000001
ctr: 0x00ffffffffffffff ctr: 0x00ffffffffffffff
header: 1effffffffffffff header: 1effffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000001 kid: 0x0000000000000001
ctr: 0x0100000000000000 ctr: 0x0100000000000000
header: 1f0100000000000000 header: 1f0100000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000001 kid: 0x0000000000000001
ctr: 0xffffffffffffffff ctr: 0xffffffffffffffff
header: 1fffffffffffffffff header: 1fffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000000000ff kid: 0x00000000000000ff
ctr: 0x0000000000000000 ctr: 0x0000000000000000
header: 80ff header: 80ff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000000000ff kid: 0x00000000000000ff
ctr: 0x0000000000000001 ctr: 0x0000000000000001
header: 81ff header: 81ff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000000000ff kid: 0x00000000000000ff
ctr: 0x00000000000000ff ctr: 0x00000000000000ff
header: 88ffff header: 88ffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000000000ff kid: 0x00000000000000ff
ctr: 0x0000000000000100 ctr: 0x0000000000000100
header: 89ff0100 header: 89ff0100
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000000000ff kid: 0x00000000000000ff
ctr: 0x000000000000ffff ctr: 0x000000000000ffff
header: 89ffffff header: 89ffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000000000ff kid: 0x00000000000000ff
ctr: 0x0000000000010000 ctr: 0x0000000000010000
header: 8aff010000 header: 8aff010000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000000000ff kid: 0x00000000000000ff
ctr: 0x0000000000ffffff ctr: 0x0000000000ffffff
header: 8affffffff header: 8affffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000000000ff kid: 0x00000000000000ff
ctr: 0x0000000001000000 ctr: 0x0000000001000000
header: 8bff01000000 header: 8bff01000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000000000ff kid: 0x00000000000000ff
ctr: 0x00000000ffffffff ctr: 0x00000000ffffffff
header: 8bffffffffff header: 8bffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000000000ff kid: 0x00000000000000ff
ctr: 0x0000000100000000 ctr: 0x0000000100000000
header: 8cff0100000000 header: 8cff0100000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000000000ff kid: 0x00000000000000ff
ctr: 0x000000ffffffffff ctr: 0x000000ffffffffff
header: 8cffffffffffff header: 8cffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000000000ff kid: 0x00000000000000ff
ctr: 0x0000010000000000 ctr: 0x0000010000000000
header: 8dff010000000000 header: 8dff010000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000000000ff kid: 0x00000000000000ff
ctr: 0x0000ffffffffffff ctr: 0x0000ffffffffffff
header: 8dffffffffffffff header: 8dffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000000000ff kid: 0x00000000000000ff
ctr: 0x0001000000000000 ctr: 0x0001000000000000
header: 8eff01000000000000 header: 8eff01000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000000000ff kid: 0x00000000000000ff
ctr: 0x00ffffffffffffff ctr: 0x00ffffffffffffff
header: 8effffffffffffffff header: 8effffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000000000ff kid: 0x00000000000000ff
ctr: 0x0100000000000000 ctr: 0x0100000000000000
header: 8fff0100000000000000 header: 8fff0100000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000000000ff kid: 0x00000000000000ff
ctr: 0xffffffffffffffff ctr: 0xffffffffffffffff
header: 8fffffffffffffffffff header: 8fffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000100 kid: 0x0000000000000100
ctr: 0x0000000000000000 ctr: 0x0000000000000000
header: 900100 header: 900100
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000100 kid: 0x0000000000000100
ctr: 0x0000000000000001 ctr: 0x0000000000000001
header: 910100 header: 910100
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000100 kid: 0x0000000000000100
ctr: 0x00000000000000ff ctr: 0x00000000000000ff
header: 980100ff header: 980100ff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000100 kid: 0x0000000000000100
ctr: 0x0000000000000100 ctr: 0x0000000000000100
header: 9901000100 header: 9901000100
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000100 kid: 0x0000000000000100
ctr: 0x000000000000ffff ctr: 0x000000000000ffff
header: 990100ffff header: 990100ffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000100 kid: 0x0000000000000100
ctr: 0x0000000000010000 ctr: 0x0000000000010000
header: 9a0100010000 header: 9a0100010000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000100 kid: 0x0000000000000100
ctr: 0x0000000000ffffff ctr: 0x0000000000ffffff
header: 9a0100ffffff header: 9a0100ffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000100 kid: 0x0000000000000100
ctr: 0x0000000001000000 ctr: 0x0000000001000000
header: 9b010001000000 header: 9b010001000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000100 kid: 0x0000000000000100
ctr: 0x00000000ffffffff ctr: 0x00000000ffffffff
header: 9b0100ffffffff header: 9b0100ffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000100 kid: 0x0000000000000100
ctr: 0x0000000100000000 ctr: 0x0000000100000000
header: 9c01000100000000 header: 9c01000100000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000100 kid: 0x0000000000000100
ctr: 0x000000ffffffffff ctr: 0x000000ffffffffff
header: 9c0100ffffffffff header: 9c0100ffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000100 kid: 0x0000000000000100
ctr: 0x0000010000000000 ctr: 0x0000010000000000
header: 9d0100010000000000 header: 9d0100010000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000100 kid: 0x0000000000000100
ctr: 0x0000ffffffffffff ctr: 0x0000ffffffffffff
header: 9d0100ffffffffffff header: 9d0100ffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000100 kid: 0x0000000000000100
ctr: 0x0001000000000000 ctr: 0x0001000000000000
header: 9e010001000000000000 header: 9e010001000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000100 kid: 0x0000000000000100
ctr: 0x00ffffffffffffff ctr: 0x00ffffffffffffff
header: 9e0100ffffffffffffff header: 9e0100ffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000100 kid: 0x0000000000000100
ctr: 0x0100000000000000 ctr: 0x0100000000000000
header: 9f01000100000000000000 header: 9f01000100000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000000100 kid: 0x0000000000000100
ctr: 0xffffffffffffffff ctr: 0xffffffffffffffff
header: 9f0100ffffffffffffffff header: 9f0100ffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000000000ffff kid: 0x000000000000ffff
ctr: 0x0000000000000000 ctr: 0x0000000000000000
header: 90ffff header: 90ffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000000000ffff kid: 0x000000000000ffff
ctr: 0x0000000000000001 ctr: 0x0000000000000001
header: 91ffff header: 91ffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000000000ffff kid: 0x000000000000ffff
ctr: 0x00000000000000ff ctr: 0x00000000000000ff
header: 98ffffff header: 98ffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000000000ffff kid: 0x000000000000ffff
ctr: 0x0000000000000100 ctr: 0x0000000000000100
header: 99ffff0100 header: 99ffff0100
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000000000ffff kid: 0x000000000000ffff
ctr: 0x000000000000ffff ctr: 0x000000000000ffff
header: 99ffffffff header: 99ffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000000000ffff kid: 0x000000000000ffff
ctr: 0x0000000000010000 ctr: 0x0000000000010000
header: 9affff010000 header: 9affff010000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000000000ffff kid: 0x000000000000ffff
ctr: 0x0000000000ffffff ctr: 0x0000000000ffffff
header: 9affffffffff header: 9affffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000000000ffff kid: 0x000000000000ffff
ctr: 0x0000000001000000 ctr: 0x0000000001000000
header: 9bffff01000000 header: 9bffff01000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000000000ffff kid: 0x000000000000ffff
ctr: 0x00000000ffffffff ctr: 0x00000000ffffffff
header: 9bffffffffffff header: 9bffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000000000ffff kid: 0x000000000000ffff
ctr: 0x0000000100000000 ctr: 0x0000000100000000
header: 9cffff0100000000 header: 9cffff0100000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000000000ffff kid: 0x000000000000ffff
ctr: 0x000000ffffffffff ctr: 0x000000ffffffffff
header: 9cffffffffffffff header: 9cffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000000000ffff kid: 0x000000000000ffff
ctr: 0x0000010000000000 ctr: 0x0000010000000000
header: 9dffff010000000000 header: 9dffff010000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000000000ffff kid: 0x000000000000ffff
ctr: 0x0000ffffffffffff ctr: 0x0000ffffffffffff
header: 9dffffffffffffffff header: 9dffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000000000ffff kid: 0x000000000000ffff
ctr: 0x0001000000000000 ctr: 0x0001000000000000
header: 9effff01000000000000 header: 9effff01000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000000000ffff kid: 0x000000000000ffff
ctr: 0x00ffffffffffffff ctr: 0x00ffffffffffffff
header: 9effffffffffffffffff header: 9effffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000000000ffff kid: 0x000000000000ffff
ctr: 0x0100000000000000 ctr: 0x0100000000000000
header: 9fffff0100000000000000 header: 9fffff0100000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000000000ffff kid: 0x000000000000ffff
ctr: 0xffffffffffffffff ctr: 0xffffffffffffffff
header: 9fffffffffffffffffffff header: 9fffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000010000 kid: 0x0000000000010000
ctr: 0x0000000000000000 ctr: 0x0000000000000000
header: a0010000 header: a0010000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000010000 kid: 0x0000000000010000
ctr: 0x0000000000000001 ctr: 0x0000000000000001
header: a1010000 header: a1010000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000010000 kid: 0x0000000000010000
ctr: 0x00000000000000ff ctr: 0x00000000000000ff
header: a8010000ff header: a8010000ff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000010000 kid: 0x0000000000010000
ctr: 0x0000000000000100 ctr: 0x0000000000000100
header: a90100000100 header: a90100000100
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000010000 kid: 0x0000000000010000
ctr: 0x000000000000ffff ctr: 0x000000000000ffff
header: a9010000ffff header: a9010000ffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000010000 kid: 0x0000000000010000
ctr: 0x0000000000010000 ctr: 0x0000000000010000
header: aa010000010000 header: aa010000010000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000010000 kid: 0x0000000000010000
ctr: 0x0000000000ffffff ctr: 0x0000000000ffffff
header: aa010000ffffff header: aa010000ffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000010000 kid: 0x0000000000010000
ctr: 0x0000000001000000 ctr: 0x0000000001000000
header: ab01000001000000 header: ab01000001000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000010000 kid: 0x0000000000010000
ctr: 0x00000000ffffffff ctr: 0x00000000ffffffff
header: ab010000ffffffff header: ab010000ffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000010000 kid: 0x0000000000010000
ctr: 0x0000000100000000 ctr: 0x0000000100000000
header: ac0100000100000000 header: ac0100000100000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000010000 kid: 0x0000000000010000
ctr: 0x000000ffffffffff ctr: 0x000000ffffffffff
header: ac010000ffffffffff header: ac010000ffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000010000 kid: 0x0000000000010000
ctr: 0x0000010000000000 ctr: 0x0000010000000000
header: ad010000010000000000 header: ad010000010000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000010000 kid: 0x0000000000010000
ctr: 0x0000ffffffffffff ctr: 0x0000ffffffffffff
header: ad010000ffffffffffff header: ad010000ffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000010000 kid: 0x0000000000010000
ctr: 0x0001000000000000 ctr: 0x0001000000000000
header: ae01000001000000000000 header: ae01000001000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000010000 kid: 0x0000000000010000
ctr: 0x00ffffffffffffff ctr: 0x00ffffffffffffff
header: ae010000ffffffffffffff header: ae010000ffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000010000 kid: 0x0000000000010000
ctr: 0x0100000000000000 ctr: 0x0100000000000000
header: af0100000100000000000000 header: af0100000100000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000010000 kid: 0x0000000000010000
ctr: 0xffffffffffffffff ctr: 0xffffffffffffffff
header: af010000ffffffffffffffff header: af010000ffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000ffffff kid: 0x0000000000ffffff
ctr: 0x0000000000000000 ctr: 0x0000000000000000
header: a0ffffff header: a0ffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000ffffff kid: 0x0000000000ffffff
ctr: 0x0000000000000001 ctr: 0x0000000000000001
header: a1ffffff header: a1ffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000ffffff kid: 0x0000000000ffffff
ctr: 0x00000000000000ff ctr: 0x00000000000000ff
header: a8ffffffff header: a8ffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000ffffff kid: 0x0000000000ffffff
ctr: 0x0000000000000100 ctr: 0x0000000000000100
header: a9ffffff0100 header: a9ffffff0100
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000ffffff kid: 0x0000000000ffffff
ctr: 0x000000000000ffff ctr: 0x000000000000ffff
header: a9ffffffffff header: a9ffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000ffffff kid: 0x0000000000ffffff
ctr: 0x0000000000010000 ctr: 0x0000000000010000
header: aaffffff010000 header: aaffffff010000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000ffffff kid: 0x0000000000ffffff
ctr: 0x0000000000ffffff ctr: 0x0000000000ffffff
header: aaffffffffffff header: aaffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000ffffff kid: 0x0000000000ffffff
ctr: 0x0000000001000000 ctr: 0x0000000001000000
header: abffffff01000000 header: abffffff01000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000ffffff kid: 0x0000000000ffffff
ctr: 0x00000000ffffffff ctr: 0x00000000ffffffff
header: abffffffffffffff header: abffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000ffffff kid: 0x0000000000ffffff
ctr: 0x0000000100000000 ctr: 0x0000000100000000
header: acffffff0100000000 header: acffffff0100000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000ffffff kid: 0x0000000000ffffff
ctr: 0x000000ffffffffff ctr: 0x000000ffffffffff
header: acffffffffffffffff header: acffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000ffffff kid: 0x0000000000ffffff
ctr: 0x0000010000000000 ctr: 0x0000010000000000
header: adffffff010000000000 header: adffffff010000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000ffffff kid: 0x0000000000ffffff
ctr: 0x0000ffffffffffff ctr: 0x0000ffffffffffff
header: adffffffffffffffffff header: adffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000ffffff kid: 0x0000000000ffffff
ctr: 0x0001000000000000 ctr: 0x0001000000000000
header: aeffffff01000000000000 header: aeffffff01000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000ffffff kid: 0x0000000000ffffff
ctr: 0x00ffffffffffffff ctr: 0x00ffffffffffffff
header: aeffffffffffffffffffff header: aeffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000ffffff kid: 0x0000000000ffffff
ctr: 0x0100000000000000 ctr: 0x0100000000000000
header: afffffff0100000000000000 header: afffffff0100000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000000ffffff kid: 0x0000000000ffffff
ctr: 0xffffffffffffffff ctr: 0xffffffffffffffff
header: afffffffffffffffffffffff header: afffffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000001000000 kid: 0x0000000001000000
ctr: 0x0000000000000000 ctr: 0x0000000000000000
header: b001000000 header: b001000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000001000000 kid: 0x0000000001000000
ctr: 0x0000000000000001 ctr: 0x0000000000000001
header: b101000000 header: b101000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000001000000 kid: 0x0000000001000000
ctr: 0x00000000000000ff ctr: 0x00000000000000ff
header: b801000000ff header: b801000000ff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000001000000 kid: 0x0000000001000000
ctr: 0x0000000000000100 ctr: 0x0000000000000100
header: b9010000000100 header: b9010000000100
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000001000000 kid: 0x0000000001000000
ctr: 0x000000000000ffff ctr: 0x000000000000ffff
header: b901000000ffff header: b901000000ffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000001000000 kid: 0x0000000001000000
ctr: 0x0000000000010000 ctr: 0x0000000000010000
header: ba01000000010000 header: ba01000000010000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000001000000 kid: 0x0000000001000000
ctr: 0x0000000000ffffff ctr: 0x0000000000ffffff
header: ba01000000ffffff header: ba01000000ffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000001000000 kid: 0x0000000001000000
ctr: 0x0000000001000000 ctr: 0x0000000001000000
header: bb0100000001000000 header: bb0100000001000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000001000000 kid: 0x0000000001000000
ctr: 0x00000000ffffffff ctr: 0x00000000ffffffff
header: bb01000000ffffffff header: bb01000000ffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000001000000 kid: 0x0000000001000000
ctr: 0x0000000100000000 ctr: 0x0000000100000000
header: bc010000000100000000 header: bc010000000100000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000001000000 kid: 0x0000000001000000
ctr: 0x000000ffffffffff ctr: 0x000000ffffffffff
header: bc01000000ffffffffff header: bc01000000ffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000001000000 kid: 0x0000000001000000
ctr: 0x0000010000000000 ctr: 0x0000010000000000
header: bd01000000010000000000 header: bd01000000010000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000001000000 kid: 0x0000000001000000
ctr: 0x0000ffffffffffff ctr: 0x0000ffffffffffff
header: bd01000000ffffffffffff header: bd01000000ffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000001000000 kid: 0x0000000001000000
ctr: 0x0001000000000000 ctr: 0x0001000000000000
header: be0100000001000000000000 header: be0100000001000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000001000000 kid: 0x0000000001000000
ctr: 0x00ffffffffffffff ctr: 0x00ffffffffffffff
header: be01000000ffffffffffffff header: be01000000ffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000001000000 kid: 0x0000000001000000
ctr: 0x0100000000000000 ctr: 0x0100000000000000
header: bf010000000100000000000000 header: bf010000000100000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000001000000 kid: 0x0000000001000000
ctr: 0xffffffffffffffff ctr: 0xffffffffffffffff
header: bf01000000ffffffffffffffff header: bf01000000ffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000ffffffff kid: 0x00000000ffffffff
ctr: 0x0000000000000000 ctr: 0x0000000000000000
header: b0ffffffff header: b0ffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000ffffffff kid: 0x00000000ffffffff
ctr: 0x0000000000000001 ctr: 0x0000000000000001
header: b1ffffffff header: b1ffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000ffffffff kid: 0x00000000ffffffff
ctr: 0x00000000000000ff ctr: 0x00000000000000ff
header: b8ffffffffff header: b8ffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000ffffffff kid: 0x00000000ffffffff
ctr: 0x0000000000000100 ctr: 0x0000000000000100
header: b9ffffffff0100 header: b9ffffffff0100
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000ffffffff kid: 0x00000000ffffffff
ctr: 0x000000000000ffff ctr: 0x000000000000ffff
header: b9ffffffffffff header: b9ffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000ffffffff kid: 0x00000000ffffffff
ctr: 0x0000000000010000 ctr: 0x0000000000010000
header: baffffffff010000 header: baffffffff010000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000ffffffff kid: 0x00000000ffffffff
ctr: 0x0000000000ffffff ctr: 0x0000000000ffffff
header: baffffffffffffff header: baffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000ffffffff kid: 0x00000000ffffffff
ctr: 0x0000000001000000 ctr: 0x0000000001000000
header: bbffffffff01000000 header: bbffffffff01000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000ffffffff kid: 0x00000000ffffffff
ctr: 0x00000000ffffffff ctr: 0x00000000ffffffff
header: bbffffffffffffffff header: bbffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000ffffffff kid: 0x00000000ffffffff
ctr: 0x0000000100000000 ctr: 0x0000000100000000
header: bcffffffff0100000000 header: bcffffffff0100000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000ffffffff kid: 0x00000000ffffffff
ctr: 0x000000ffffffffff ctr: 0x000000ffffffffff
header: bcffffffffffffffffff header: bcffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000ffffffff kid: 0x00000000ffffffff
ctr: 0x0000010000000000 ctr: 0x0000010000000000
header: bdffffffff010000000000 header: bdffffffff010000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000ffffffff kid: 0x00000000ffffffff
ctr: 0x0000ffffffffffff ctr: 0x0000ffffffffffff
header: bdffffffffffffffffffff header: bdffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000ffffffff kid: 0x00000000ffffffff
ctr: 0x0001000000000000 ctr: 0x0001000000000000
header: beffffffff01000000000000 header: beffffffff01000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000ffffffff kid: 0x00000000ffffffff
ctr: 0x00ffffffffffffff ctr: 0x00ffffffffffffff
header: beffffffffffffffffffffff header: beffffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000ffffffff kid: 0x00000000ffffffff
ctr: 0x0100000000000000 ctr: 0x0100000000000000
header: bfffffffff0100000000000000 header: bfffffffff0100000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00000000ffffffff kid: 0x00000000ffffffff
ctr: 0xffffffffffffffff ctr: 0xffffffffffffffff
header: bfffffffffffffffffffffffff header: bfffffffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000100000000 kid: 0x0000000100000000
ctr: 0x0000000000000000 ctr: 0x0000000000000000
header: c00100000000 header: c00100000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000100000000 kid: 0x0000000100000000
ctr: 0x0000000000000001 ctr: 0x0000000000000001
header: c10100000000 header: c10100000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000100000000 kid: 0x0000000100000000
ctr: 0x00000000000000ff ctr: 0x00000000000000ff
header: c80100000000ff header: c80100000000ff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000100000000 kid: 0x0000000100000000
ctr: 0x0000000000000100 ctr: 0x0000000000000100
header: c901000000000100 header: c901000000000100
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000100000000 kid: 0x0000000100000000
ctr: 0x000000000000ffff ctr: 0x000000000000ffff
header: c90100000000ffff header: c90100000000ffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000100000000 kid: 0x0000000100000000
ctr: 0x0000000000010000 ctr: 0x0000000000010000
header: ca0100000000010000 header: ca0100000000010000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000100000000 kid: 0x0000000100000000
ctr: 0x0000000000ffffff ctr: 0x0000000000ffffff
header: ca0100000000ffffff header: ca0100000000ffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000100000000 kid: 0x0000000100000000
ctr: 0x0000000001000000 ctr: 0x0000000001000000
header: cb010000000001000000 header: cb010000000001000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000100000000 kid: 0x0000000100000000
ctr: 0x00000000ffffffff ctr: 0x00000000ffffffff
header: cb0100000000ffffffff header: cb0100000000ffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000100000000 kid: 0x0000000100000000
ctr: 0x0000000100000000 ctr: 0x0000000100000000
header: cc01000000000100000000 header: cc01000000000100000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000100000000 kid: 0x0000000100000000
ctr: 0x000000ffffffffff ctr: 0x000000ffffffffff
header: cc0100000000ffffffffff header: cc0100000000ffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000100000000 kid: 0x0000000100000000
ctr: 0x0000010000000000 ctr: 0x0000010000000000
header: cd0100000000010000000000 header: cd0100000000010000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000100000000 kid: 0x0000000100000000
ctr: 0x0000ffffffffffff ctr: 0x0000ffffffffffff
header: cd0100000000ffffffffffff header: cd0100000000ffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000100000000 kid: 0x0000000100000000
ctr: 0x0001000000000000 ctr: 0x0001000000000000
header: ce010000000001000000000000 header: ce010000000001000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000100000000 kid: 0x0000000100000000
ctr: 0x00ffffffffffffff ctr: 0x00ffffffffffffff
header: ce0100000000ffffffffffffff header: ce0100000000ffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000100000000 kid: 0x0000000100000000
ctr: 0x0100000000000000 ctr: 0x0100000000000000
header: cf01000000000100000000000000 header: cf01000000000100000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000000100000000 kid: 0x0000000100000000
ctr: 0xffffffffffffffff ctr: 0xffffffffffffffff
header: cf0100000000ffffffffffffffff header: cf0100000000ffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000ffffffffff kid: 0x000000ffffffffff
ctr: 0x0000000000000000 ctr: 0x0000000000000000
header: c0ffffffffff header: c0ffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000ffffffffff kid: 0x000000ffffffffff
ctr: 0x0000000000000001 ctr: 0x0000000000000001
header: c1ffffffffff header: c1ffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000ffffffffff kid: 0x000000ffffffffff
ctr: 0x00000000000000ff ctr: 0x00000000000000ff
header: c8ffffffffffff header: c8ffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000ffffffffff kid: 0x000000ffffffffff
ctr: 0x0000000000000100 ctr: 0x0000000000000100
header: c9ffffffffff0100 header: c9ffffffffff0100
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000ffffffffff kid: 0x000000ffffffffff
ctr: 0x000000000000ffff ctr: 0x000000000000ffff
header: c9ffffffffffffff header: c9ffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000ffffffffff kid: 0x000000ffffffffff
ctr: 0x0000000000010000 ctr: 0x0000000000010000
header: caffffffffff010000 header: caffffffffff010000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000ffffffffff kid: 0x000000ffffffffff
ctr: 0x0000000000ffffff ctr: 0x0000000000ffffff
header: caffffffffffffffff header: caffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000ffffffffff kid: 0x000000ffffffffff
ctr: 0x0000000001000000 ctr: 0x0000000001000000
header: cbffffffffff01000000 header: cbffffffffff01000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000ffffffffff kid: 0x000000ffffffffff
ctr: 0x00000000ffffffff ctr: 0x00000000ffffffff
header: cbffffffffffffffffff header: cbffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000ffffffffff kid: 0x000000ffffffffff
ctr: 0x0000000100000000 ctr: 0x0000000100000000
header: ccffffffffff0100000000 header: ccffffffffff0100000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000ffffffffff kid: 0x000000ffffffffff
ctr: 0x000000ffffffffff ctr: 0x000000ffffffffff
header: ccffffffffffffffffffff header: ccffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000ffffffffff kid: 0x000000ffffffffff
ctr: 0x0000010000000000 ctr: 0x0000010000000000
header: cdffffffffff010000000000 header: cdffffffffff010000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000ffffffffff kid: 0x000000ffffffffff
ctr: 0x0000ffffffffffff ctr: 0x0000ffffffffffff
header: cdffffffffffffffffffffff header: cdffffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000ffffffffff kid: 0x000000ffffffffff
ctr: 0x0001000000000000 ctr: 0x0001000000000000
header: ceffffffffff01000000000000 header: ceffffffffff01000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000ffffffffff kid: 0x000000ffffffffff
ctr: 0x00ffffffffffffff ctr: 0x00ffffffffffffff
header: ceffffffffffffffffffffffff header: ceffffffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000ffffffffff kid: 0x000000ffffffffff
ctr: 0x0100000000000000 ctr: 0x0100000000000000
header: cfffffffffff0100000000000000 header: cfffffffffff0100000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x000000ffffffffff kid: 0x000000ffffffffff
ctr: 0xffffffffffffffff ctr: 0xffffffffffffffff
header: cfffffffffffffffffffffffffff header: cfffffffffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000010000000000 kid: 0x0000010000000000
ctr: 0x0000000000000000 ctr: 0x0000000000000000
header: d0010000000000 header: d0010000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000010000000000 kid: 0x0000010000000000
ctr: 0x0000000000000001 ctr: 0x0000000000000001
header: d1010000000000 header: d1010000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000010000000000 kid: 0x0000010000000000
ctr: 0x00000000000000ff ctr: 0x00000000000000ff
header: d8010000000000ff header: d8010000000000ff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000010000000000 kid: 0x0000010000000000
ctr: 0x0000000000000100 ctr: 0x0000000000000100
header: d90100000000000100 header: d90100000000000100
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000010000000000 kid: 0x0000010000000000
ctr: 0x000000000000ffff ctr: 0x000000000000ffff
header: d9010000000000ffff header: d9010000000000ffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000010000000000 kid: 0x0000010000000000
ctr: 0x0000000000010000 ctr: 0x0000000000010000
header: da010000000000010000 header: da010000000000010000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000010000000000 kid: 0x0000010000000000
ctr: 0x0000000000ffffff ctr: 0x0000000000ffffff
header: da010000000000ffffff header: da010000000000ffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000010000000000 kid: 0x0000010000000000
ctr: 0x0000000001000000 ctr: 0x0000000001000000
header: db01000000000001000000 header: db01000000000001000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000010000000000 kid: 0x0000010000000000
ctr: 0x00000000ffffffff ctr: 0x00000000ffffffff
header: db010000000000ffffffff header: db010000000000ffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000010000000000 kid: 0x0000010000000000
ctr: 0x0000000100000000 ctr: 0x0000000100000000
header: dc0100000000000100000000 header: dc0100000000000100000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000010000000000 kid: 0x0000010000000000
ctr: 0x000000ffffffffff ctr: 0x000000ffffffffff
header: dc010000000000ffffffffff header: dc010000000000ffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000010000000000 kid: 0x0000010000000000
ctr: 0x0000010000000000 ctr: 0x0000010000000000
header: dd010000000000010000000000 header: dd010000000000010000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000010000000000 kid: 0x0000010000000000
ctr: 0x0000ffffffffffff ctr: 0x0000ffffffffffff
header: dd010000000000ffffffffffff header: dd010000000000ffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000010000000000 kid: 0x0000010000000000
ctr: 0x0001000000000000 ctr: 0x0001000000000000
header: de01000000000001000000000000 header: de01000000000001000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000010000000000 kid: 0x0000010000000000
ctr: 0x00ffffffffffffff ctr: 0x00ffffffffffffff
header: de010000000000ffffffffffffff header: de010000000000ffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000010000000000 kid: 0x0000010000000000
ctr: 0x0100000000000000 ctr: 0x0100000000000000
header: df0100000000000100000000000000 header: df0100000000000100000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000010000000000 kid: 0x0000010000000000
ctr: 0xffffffffffffffff ctr: 0xffffffffffffffff
header: df010000000000ffffffffffffffff header: df010000000000ffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000ffffffffffff kid: 0x0000ffffffffffff
ctr: 0x0000000000000000 ctr: 0x0000000000000000
header: d0ffffffffffff header: d0ffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000ffffffffffff kid: 0x0000ffffffffffff
ctr: 0x0000000000000001 ctr: 0x0000000000000001
header: d1ffffffffffff header: d1ffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000ffffffffffff kid: 0x0000ffffffffffff
ctr: 0x00000000000000ff ctr: 0x00000000000000ff
header: d8ffffffffffffff header: d8ffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000ffffffffffff kid: 0x0000ffffffffffff
ctr: 0x0000000000000100 ctr: 0x0000000000000100
header: d9ffffffffffff0100 header: d9ffffffffffff0100
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000ffffffffffff kid: 0x0000ffffffffffff
ctr: 0x000000000000ffff ctr: 0x000000000000ffff
header: d9ffffffffffffffff header: d9ffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000ffffffffffff kid: 0x0000ffffffffffff
ctr: 0x0000000000010000 ctr: 0x0000000000010000
header: daffffffffffff010000 header: daffffffffffff010000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000ffffffffffff kid: 0x0000ffffffffffff
ctr: 0x0000000000ffffff ctr: 0x0000000000ffffff
header: daffffffffffffffffff header: daffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000ffffffffffff kid: 0x0000ffffffffffff
ctr: 0x0000000001000000 ctr: 0x0000000001000000
header: dbffffffffffff01000000 header: dbffffffffffff01000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000ffffffffffff kid: 0x0000ffffffffffff
ctr: 0x00000000ffffffff ctr: 0x00000000ffffffff
header: dbffffffffffffffffffff header: dbffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000ffffffffffff kid: 0x0000ffffffffffff
ctr: 0x0000000100000000 ctr: 0x0000000100000000
header: dcffffffffffff0100000000 header: dcffffffffffff0100000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000ffffffffffff kid: 0x0000ffffffffffff
ctr: 0x000000ffffffffff ctr: 0x000000ffffffffff
header: dcffffffffffffffffffffff header: dcffffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000ffffffffffff kid: 0x0000ffffffffffff
ctr: 0x0000010000000000 ctr: 0x0000010000000000
header: ddffffffffffff010000000000 header: ddffffffffffff010000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000ffffffffffff kid: 0x0000ffffffffffff
ctr: 0x0000ffffffffffff ctr: 0x0000ffffffffffff
header: ddffffffffffffffffffffffff header: ddffffffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000ffffffffffff kid: 0x0000ffffffffffff
ctr: 0x0001000000000000 ctr: 0x0001000000000000
header: deffffffffffff01000000000000 header: deffffffffffff01000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000ffffffffffff kid: 0x0000ffffffffffff
ctr: 0x00ffffffffffffff ctr: 0x00ffffffffffffff
header: deffffffffffffffffffffffffff header: deffffffffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000ffffffffffff kid: 0x0000ffffffffffff
ctr: 0x0100000000000000 ctr: 0x0100000000000000
header: dfffffffffffff0100000000000000 header: dfffffffffffff0100000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0000ffffffffffff kid: 0x0000ffffffffffff
ctr: 0xffffffffffffffff ctr: 0xffffffffffffffff
header: dfffffffffffffffffffffffffffff header: dfffffffffffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0001000000000000 kid: 0x0001000000000000
ctr: 0x0000000000000000 ctr: 0x0000000000000000
header: e001000000000000 header: e001000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0001000000000000 kid: 0x0001000000000000
ctr: 0x0000000000000001 ctr: 0x0000000000000001
header: e101000000000000 header: e101000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0001000000000000 kid: 0x0001000000000000
ctr: 0x00000000000000ff ctr: 0x00000000000000ff
header: e801000000000000ff header: e801000000000000ff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0001000000000000 kid: 0x0001000000000000
ctr: 0x0000000000000100 ctr: 0x0000000000000100
header: e9010000000000000100 header: e9010000000000000100
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0001000000000000 kid: 0x0001000000000000
ctr: 0x000000000000ffff ctr: 0x000000000000ffff
header: e901000000000000ffff header: e901000000000000ffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0001000000000000 kid: 0x0001000000000000
ctr: 0x0000000000010000 ctr: 0x0000000000010000
header: ea01000000000000010000 header: ea01000000000000010000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0001000000000000 kid: 0x0001000000000000
ctr: 0x0000000000ffffff ctr: 0x0000000000ffffff
header: ea01000000000000ffffff header: ea01000000000000ffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0001000000000000 kid: 0x0001000000000000
ctr: 0x0000000001000000 ctr: 0x0000000001000000
header: eb0100000000000001000000 header: eb0100000000000001000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0001000000000000 kid: 0x0001000000000000
ctr: 0x00000000ffffffff ctr: 0x00000000ffffffff
header: eb01000000000000ffffffff header: eb01000000000000ffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0001000000000000 kid: 0x0001000000000000
ctr: 0x0000000100000000 ctr: 0x0000000100000000
header: ec010000000000000100000000 header: ec010000000000000100000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0001000000000000 kid: 0x0001000000000000
ctr: 0x000000ffffffffff ctr: 0x000000ffffffffff
header: ec01000000000000ffffffffff header: ec01000000000000ffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0001000000000000 kid: 0x0001000000000000
ctr: 0x0000010000000000 ctr: 0x0000010000000000
header: ed01000000000000010000000000 header: ed01000000000000010000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0001000000000000 kid: 0x0001000000000000
ctr: 0x0000ffffffffffff ctr: 0x0000ffffffffffff
header: ed01000000000000ffffffffffff header: ed01000000000000ffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0001000000000000 kid: 0x0001000000000000
ctr: 0x0001000000000000 ctr: 0x0001000000000000
header: ee0100000000000001000000000000 header: ee0100000000000001000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0001000000000000 kid: 0x0001000000000000
ctr: 0x00ffffffffffffff ctr: 0x00ffffffffffffff
header: ee01000000000000ffffffffffffff header: ee01000000000000ffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0001000000000000 kid: 0x0001000000000000
ctr: 0x0100000000000000 ctr: 0x0100000000000000
header: ef010000000000000100000000000000 header: ef010000000000000100000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0001000000000000 kid: 0x0001000000000000
ctr: 0xffffffffffffffff ctr: 0xffffffffffffffff
header: ef01000000000000ffffffffffffffff header: ef01000000000000ffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00ffffffffffffff kid: 0x00ffffffffffffff
ctr: 0x0000000000000000 ctr: 0x0000000000000000
header: e0ffffffffffffff header: e0ffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00ffffffffffffff kid: 0x00ffffffffffffff
ctr: 0x0000000000000001 ctr: 0x0000000000000001
header: e1ffffffffffffff header: e1ffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00ffffffffffffff kid: 0x00ffffffffffffff
ctr: 0x00000000000000ff ctr: 0x00000000000000ff
header: e8ffffffffffffffff header: e8ffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00ffffffffffffff kid: 0x00ffffffffffffff
ctr: 0x0000000000000100 ctr: 0x0000000000000100
header: e9ffffffffffffff0100 header: e9ffffffffffffff0100
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00ffffffffffffff kid: 0x00ffffffffffffff
ctr: 0x000000000000ffff ctr: 0x000000000000ffff
header: e9ffffffffffffffffff header: e9ffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00ffffffffffffff kid: 0x00ffffffffffffff
ctr: 0x0000000000010000 ctr: 0x0000000000010000
header: eaffffffffffffff010000 header: eaffffffffffffff010000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00ffffffffffffff kid: 0x00ffffffffffffff
ctr: 0x0000000000ffffff ctr: 0x0000000000ffffff
header: eaffffffffffffffffffff header: eaffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00ffffffffffffff kid: 0x00ffffffffffffff
ctr: 0x0000000001000000 ctr: 0x0000000001000000
header: ebffffffffffffff01000000 header: ebffffffffffffff01000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00ffffffffffffff kid: 0x00ffffffffffffff
ctr: 0x00000000ffffffff ctr: 0x00000000ffffffff
header: ebffffffffffffffffffffff header: ebffffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00ffffffffffffff kid: 0x00ffffffffffffff
ctr: 0x0000000100000000 ctr: 0x0000000100000000
header: ecffffffffffffff0100000000 header: ecffffffffffffff0100000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00ffffffffffffff kid: 0x00ffffffffffffff
ctr: 0x000000ffffffffff ctr: 0x000000ffffffffff
header: ecffffffffffffffffffffffff header: ecffffffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00ffffffffffffff kid: 0x00ffffffffffffff
ctr: 0x0000010000000000 ctr: 0x0000010000000000
header: edffffffffffffff010000000000 header: edffffffffffffff010000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00ffffffffffffff kid: 0x00ffffffffffffff
ctr: 0x0000ffffffffffff ctr: 0x0000ffffffffffff
header: edffffffffffffffffffffffffff header: edffffffffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00ffffffffffffff kid: 0x00ffffffffffffff
ctr: 0x0001000000000000 ctr: 0x0001000000000000
header: eeffffffffffffff01000000000000 header: eeffffffffffffff01000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00ffffffffffffff kid: 0x00ffffffffffffff
ctr: 0x00ffffffffffffff ctr: 0x00ffffffffffffff
header: eeffffffffffffffffffffffffffff header: eeffffffffffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00ffffffffffffff kid: 0x00ffffffffffffff
ctr: 0x0100000000000000 ctr: 0x0100000000000000
header: efffffffffffffff0100000000000000 header: efffffffffffffff0100000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x00ffffffffffffff kid: 0x00ffffffffffffff
ctr: 0xffffffffffffffff ctr: 0xffffffffffffffff
header: efffffffffffffffffffffffffffffff header: efffffffffffffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0100000000000000 kid: 0x0100000000000000
ctr: 0x0000000000000000 ctr: 0x0000000000000000
header: f00100000000000000 header: f00100000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0100000000000000 kid: 0x0100000000000000
ctr: 0x0000000000000001 ctr: 0x0000000000000001
header: f10100000000000000 header: f10100000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0100000000000000 kid: 0x0100000000000000
ctr: 0x00000000000000ff ctr: 0x00000000000000ff
header: f80100000000000000ff header: f80100000000000000ff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0100000000000000 kid: 0x0100000000000000
ctr: 0x0000000000000100 ctr: 0x0000000000000100
header: f901000000000000000100 header: f901000000000000000100
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0100000000000000 kid: 0x0100000000000000
ctr: 0x000000000000ffff ctr: 0x000000000000ffff
header: f90100000000000000ffff header: f90100000000000000ffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0100000000000000 kid: 0x0100000000000000
ctr: 0x0000000000010000 ctr: 0x0000000000010000
header: fa0100000000000000010000 header: fa0100000000000000010000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0100000000000000 kid: 0x0100000000000000
ctr: 0x0000000000ffffff ctr: 0x0000000000ffffff
header: fa0100000000000000ffffff header: fa0100000000000000ffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0100000000000000 kid: 0x0100000000000000
ctr: 0x0000000001000000 ctr: 0x0000000001000000
header: fb010000000000000001000000 header: fb010000000000000001000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0100000000000000 kid: 0x0100000000000000
ctr: 0x00000000ffffffff ctr: 0x00000000ffffffff
header: fb0100000000000000ffffffff header: fb0100000000000000ffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0100000000000000 kid: 0x0100000000000000
ctr: 0x0000000100000000 ctr: 0x0000000100000000
header: fc01000000000000000100000000 header: fc01000000000000000100000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0100000000000000 kid: 0x0100000000000000
ctr: 0x000000ffffffffff ctr: 0x000000ffffffffff
header: fc0100000000000000ffffffffff header: fc0100000000000000ffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0100000000000000 kid: 0x0100000000000000
ctr: 0x0000010000000000 ctr: 0x0000010000000000
header: fd0100000000000000010000000000 header: fd0100000000000000010000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0100000000000000 kid: 0x0100000000000000
ctr: 0x0000ffffffffffff ctr: 0x0000ffffffffffff
header: fd0100000000000000ffffffffffff header: fd0100000000000000ffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0100000000000000 kid: 0x0100000000000000
ctr: 0x0001000000000000 ctr: 0x0001000000000000
header: fe010000000000000001000000000000 header: fe010000000000000001000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0100000000000000 kid: 0x0100000000000000
ctr: 0x00ffffffffffffff ctr: 0x00ffffffffffffff
header: fe0100000000000000ffffffffffffff header: fe0100000000000000ffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0100000000000000 kid: 0x0100000000000000
ctr: 0x0100000000000000 ctr: 0x0100000000000000
header: ff010000000000000001000000000000 header: ff010000000000000001000000000000
00 00
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0x0100000000000000 kid: 0x0100000000000000
ctr: 0xffffffffffffffff ctr: 0xffffffffffffffff
header: ff0100000000000000ffffffffffffff header: ff0100000000000000ffffffffffffff
ff ff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0xffffffffffffffff kid: 0xffffffffffffffff
ctr: 0x0000000000000000 ctr: 0x0000000000000000
header: f0ffffffffffffffff header: f0ffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0xffffffffffffffff kid: 0xffffffffffffffff
ctr: 0x0000000000000001 ctr: 0x0000000000000001
header: f1ffffffffffffffff header: f1ffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0xffffffffffffffff kid: 0xffffffffffffffff
ctr: 0x00000000000000ff ctr: 0x00000000000000ff
header: f8ffffffffffffffffff header: f8ffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0xffffffffffffffff kid: 0xffffffffffffffff
ctr: 0x0000000000000100 ctr: 0x0000000000000100
header: f9ffffffffffffffff0100 header: f9ffffffffffffffff0100
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0xffffffffffffffff kid: 0xffffffffffffffff
ctr: 0x000000000000ffff ctr: 0x000000000000ffff
header: f9ffffffffffffffffffff header: f9ffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0xffffffffffffffff kid: 0xffffffffffffffff
ctr: 0x0000000000010000 ctr: 0x0000000000010000
header: faffffffffffffffff010000 header: faffffffffffffffff010000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0xffffffffffffffff kid: 0xffffffffffffffff
ctr: 0x0000000000ffffff ctr: 0x0000000000ffffff
header: faffffffffffffffffffffff header: faffffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0xffffffffffffffff kid: 0xffffffffffffffff
ctr: 0x0000000001000000 ctr: 0x0000000001000000
header: fbffffffffffffffff01000000 header: fbffffffffffffffff01000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0xffffffffffffffff kid: 0xffffffffffffffff
ctr: 0x00000000ffffffff ctr: 0x00000000ffffffff
header: fbffffffffffffffffffffffff header: fbffffffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0xffffffffffffffff kid: 0xffffffffffffffff
ctr: 0x0000000100000000 ctr: 0x0000000100000000
header: fcffffffffffffffff0100000000 header: fcffffffffffffffff0100000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0xffffffffffffffff kid: 0xffffffffffffffff
ctr: 0x000000ffffffffff ctr: 0x000000ffffffffff
header: fcffffffffffffffffffffffffff header: fcffffffffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0xffffffffffffffff kid: 0xffffffffffffffff
ctr: 0x0000010000000000 ctr: 0x0000010000000000
header: fdffffffffffffffff010000000000 header: fdffffffffffffffff010000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0xffffffffffffffff kid: 0xffffffffffffffff
ctr: 0x0000ffffffffffff ctr: 0x0000ffffffffffff
header: fdffffffffffffffffffffffffffff header: fdffffffffffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0xffffffffffffffff kid: 0xffffffffffffffff
ctr: 0x0001000000000000 ctr: 0x0001000000000000
header: feffffffffffffffff01000000000000 header: feffffffffffffffff01000000000000
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0xffffffffffffffff kid: 0xffffffffffffffff
ctr: 0x00ffffffffffffff ctr: 0x00ffffffffffffff
header: feffffffffffffffffffffffffffffff header: feffffffffffffffffffffffffffffff
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0xffffffffffffffff kid: 0xffffffffffffffff
ctr: 0x0100000000000000 ctr: 0x0100000000000000
header: ffffffffffffffffff01000000000000 header: ffffffffffffffffff01000000000000
00 00
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
kid: 0xffffffffffffffff kid: 0xffffffffffffffff
ctr: 0xffffffffffffffff ctr: 0xffffffffffffffff
header: ffffffffffffffffffffffffffffffff header: ffffffffffffffffffffffffffffffff
ff ff
]]></sourcecode></figure> ]]></sourcecode>
</section>
</section> <section anchor="aead-encryptiondecryption-using-aes-ctr-and-hmac">
<section anchor="aead-encryptiondecryption-using-aes-ctr-and-hmac"><name>AEAD En <name>AEAD Encryption/Decryption Using AES-CTR and HMAC</name>
cryption/Decryption Using AES-CTR and HMAC</name> <t>For each case, we provide:</t>
<ul spacing="normal">
<t>For each case, we provide:</t> <li>
<t><tt>cipher_suite</tt>: The index of the cipher suite in use (see
<t><list style="symbols">
<t><spanx style="verb">cipher_suite</spanx>: The index of the cipher suite in
use (see
<xref target="sframe-cipher-suites"/>)</t> <xref target="sframe-cipher-suites"/>)</t>
<t><spanx style="verb">key</spanx>: The <spanx style="verb">key</spanx> input </li>
to encryption/decryption</t> <li>
<t><spanx style="verb">enc_key</spanx>: The encryption subkey produced by the <t><tt>key</tt>: The <tt>key</tt> input to encryption/decryption</t>
<spanx style="verb">derive_subkeys()</spanx> algorithm</t> </li>
<t><spanx style="verb">auth_key</spanx>: The encryption subkey produced by the <li>
<spanx style="verb">derive_subkeys()</spanx> algorithm</t> <t><tt>enc_key</tt>: The encryption subkey produced by the <tt>deriv
<t><spanx style="verb">nonce</spanx>: The <spanx style="verb">nonce</spanx> in e_subkeys()</tt> algorithm</t>
put to encryption/decryption</t> </li>
<t><spanx style="verb">aad</spanx>: The <spanx style="verb">aad</spanx> input <li>
to encryption/decryption</t> <t><tt>auth_key</tt>: The encryption subkey produced by the <tt>deri
<t><spanx style="verb">pt</spanx>: The plaintext</t> ve_subkeys()</tt> algorithm</t>
<t><spanx style="verb">ct</spanx>: The ciphertext</t> </li>
</list></t> <li>
<t><tt>nonce</tt>: The <tt>nonce</tt> input to encryption/decryption
<t>An implementation should verify that the following are true, where </t>
<spanx style="verb">AEAD.Encrypt</spanx> and <spanx style="verb">AEAD.Decrypt</s </li>
panx> are as defined in <xref target="aes-ctr-with-sha2"/>:</t> <li>
<t><tt>aad</tt>: The <tt>aad</tt> input to encryption/decryption</t>
<t><list style="symbols"> </li>
<t><spanx style="verb">AEAD.Encrypt(key, nonce, aad, pt) == ct</spanx></t> <li>
<t><spanx style="verb">AEAD.Decrypt(key, nonce, aad, ct) == pt</spanx></t> <t><tt>pt</tt>: The plaintext</t>
</list></t> </li>
<li>
<t>The other values in the test vector are intermediate values provided to <t><tt>ct</tt>: The ciphertext</t>
</li>
</ul>
<t>An implementation should verify that the following are true, where
<tt>AEAD.Encrypt</tt> and <tt>AEAD.Decrypt</tt> are as defined in <xref target="
aes-ctr-with-sha2"/>:</t>
<ul spacing="normal">
<li>
<t><tt>AEAD.Encrypt(key, nonce, aad, pt) == ct</tt></t>
</li>
<li>
<t><tt>AEAD.Decrypt(key, nonce, aad, ct) == pt</tt></t>
</li>
</ul>
<t>The other values in the test vector are intermediate values provided
to
facilitate debugging of test failures.</t> facilitate debugging of test failures.</t>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
cipher_suite: 0x0001 cipher_suite: 0x0001
key: 000102030405060708090a0b0c0d0e0f key: 000102030405060708090a0b0c0d0e0f
101112131415161718191a1b1c1d1e1f 101112131415161718191a1b1c1d1e1f
202122232425262728292a2b2c2d2e2f 202122232425262728292a2b2c2d2e2f
enc_key: 000102030405060708090a0b0c0d0e0f enc_key: 000102030405060708090a0b0c0d0e0f
auth_key: 101112131415161718191a1b1c1d1e1f auth_key: 101112131415161718191a1b1c1d1e1f
202122232425262728292a2b2c2d2e2f 202122232425262728292a2b2c2d2e2f
nonce: 101112131415161718191a1b nonce: 101112131415161718191a1b
aad: 4945544620534672616d65205747 aad: 4945544620534672616d65205747
pt: 64726166742d696574662d736672616d pt: 64726166742d696574662d736672616d
652d656e63 652d656e63
ct: 6339af04ada1d064688a442b8dc69d5b ct: 6339af04ada1d064688a442b8dc69d5b
6bfa40f4bef0583e8081069cc60705 6bfa40f4bef0583e8081069cc60705
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
cipher_suite: 0x0002 cipher_suite: 0x0002
key: 000102030405060708090a0b0c0d0e0f key: 000102030405060708090a0b0c0d0e0f
101112131415161718191a1b1c1d1e1f 101112131415161718191a1b1c1d1e1f
202122232425262728292a2b2c2d2e2f 202122232425262728292a2b2c2d2e2f
enc_key: 000102030405060708090a0b0c0d0e0f enc_key: 000102030405060708090a0b0c0d0e0f
auth_key: 101112131415161718191a1b1c1d1e1f auth_key: 101112131415161718191a1b1c1d1e1f
202122232425262728292a2b2c2d2e2f 202122232425262728292a2b2c2d2e2f
nonce: 101112131415161718191a1b nonce: 101112131415161718191a1b
aad: 4945544620534672616d65205747 aad: 4945544620534672616d65205747
pt: 64726166742d696574662d736672616d pt: 64726166742d696574662d736672616d
652d656e63 652d656e63
ct: 6339af04ada1d064688a442b8dc69d5b ct: 6339af04ada1d064688a442b8dc69d5b
6bfa40f4be6e93b7da076927bb 6bfa40f4be6e93b7da076927bb
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
cipher_suite: 0x0003 cipher_suite: 0x0003
key: 000102030405060708090a0b0c0d0e0f key: 000102030405060708090a0b0c0d0e0f
101112131415161718191a1b1c1d1e1f 101112131415161718191a1b1c1d1e1f
202122232425262728292a2b2c2d2e2f 202122232425262728292a2b2c2d2e2f
enc_key: 000102030405060708090a0b0c0d0e0f enc_key: 000102030405060708090a0b0c0d0e0f
auth_key: 101112131415161718191a1b1c1d1e1f auth_key: 101112131415161718191a1b1c1d1e1f
202122232425262728292a2b2c2d2e2f 202122232425262728292a2b2c2d2e2f
nonce: 101112131415161718191a1b nonce: 101112131415161718191a1b
aad: 4945544620534672616d65205747 aad: 4945544620534672616d65205747
pt: 64726166742d696574662d736672616d pt: 64726166742d696574662d736672616d
652d656e63 652d656e63
ct: 6339af04ada1d064688a442b8dc69d5b ct: 6339af04ada1d064688a442b8dc69d5b
6bfa40f4be09480509 6bfa40f4be09480509
]]></sourcecode></figure> ]]></sourcecode>
</section>
</section> <section anchor="sframe-encryptiondecryption">
<section anchor="sframe-encryptiondecryption"><name>SFrame Encryption/Decryption <name>SFrame Encryption/Decryption</name>
</name> <t>For each case, we provide:</t>
<ul spacing="normal">
<t>For each case, we provide:</t> <li>
<t><tt>cipher_suite</tt>: The index of the cipher suite in use (see
<t><list style="symbols">
<t><spanx style="verb">cipher_suite</spanx>: The index of the cipher suite in
use (see
<xref target="sframe-cipher-suites"/>)</t> <xref target="sframe-cipher-suites"/>)</t>
<t><spanx style="verb">kid</spanx>: A KID value</t> </li>
<t><spanx style="verb">ctr</spanx>: A CTR value</t> <li>
<t><spanx style="verb">base_key</spanx>: The <spanx style="verb">base_key</spa <t><tt>kid</tt>: A KID value</t>
nx> input to the <spanx style="verb">derive_key_salt</spanx> algorithm</t> </li>
<t><spanx style="verb">sframe_key_label</spanx>: The label used to derive <spa <li>
nx style="verb">sframe_key</spanx> in the <spanx style="verb">derive_key_salt</s <t><tt>ctr</tt>: A CTR value</t>
panx> algorithm</t> </li>
<t><spanx style="verb">sframe_salt_label</spanx>: The label used to derive <sp <li>
anx style="verb">sframe_salt</spanx> in the <spanx style="verb">derive_key_salt< <t><tt>base_key</tt>: The <tt>base_key</tt> input to the <tt>derive_
/spanx> algorithm</t> key_salt</tt> algorithm</t>
<t><spanx style="verb">sframe_secret</spanx>: The <spanx style="verb">sframe_s </li>
ecret</spanx> variable in the <spanx style="verb">derive_key_salt</spanx> algori <li>
thm</t> <t><tt>sframe_key_label</tt>: The label used to derive <tt>sframe_ke
<t><spanx style="verb">sframe_key</spanx>: The <spanx style="verb">sframe_key< y</tt> in the <tt>derive_key_salt</tt> algorithm</t>
/spanx> value produced by the <spanx style="verb">derive_key_salt</spanx> algori </li>
thm</t> <li>
<t><spanx style="verb">sframe_salt</spanx>: The <spanx style="verb">sframe_sal <t><tt>sframe_salt_label</tt>: The label used to derive <tt>sframe_s
t</spanx> value produced by the <spanx style="verb">derive_key_salt</spanx> algo alt</tt> in the <tt>derive_key_salt</tt> algorithm</t>
rithm</t> </li>
<t><spanx style="verb">metadata</spanx>: The <spanx style="verb">metadata</spa <li>
nx> input to the SFrame <spanx style="verb">encrypt</spanx> algorithm</t> <t><tt>sframe_secret</tt>: The <tt>sframe_secret</tt> variable in th
<t><spanx style="verb">pt</spanx>: The plaintext</t> e <tt>derive_key_salt</tt> algorithm</t>
<t><spanx style="verb">ct</spanx>: The SFrame ciphertext</t> </li>
</list></t> <li>
<t><tt>sframe_key</tt>: The <tt>sframe_key</tt> value produced by th
<t>An implementation should verify that the following are true, where e <tt>derive_key_salt</tt> algorithm</t>
<spanx style="verb">encrypt</spanx> and <spanx style="verb">decrypt</spanx> are </li>
as defined in <xref target="encryption-schema"/>, using an SFrame <li>
context initialized with <spanx style="verb">base_key</spanx> assigned to <spanx <t><tt>sframe_salt</tt>: The <tt>sframe_salt</tt> value produced by
style="verb">kid</spanx>:</t> the <tt>derive_key_salt</tt> algorithm</t>
</li>
<t><list style="symbols"> <li>
<t><spanx style="verb">encrypt(ctr, kid, metadata, plaintext) == ct</spanx></t <t><tt>metadata</tt>: The <tt>metadata</tt> input to the SFrame <tt>
> encrypt</tt> algorithm</t>
<t><spanx style="verb">decrypt(metadata, ct) == pt</spanx></t> </li>
</list></t> <li>
<t><tt>pt</tt>: The plaintext</t>
<t>The other values in the test vector are intermediate values provided to </li>
<li>
<t><tt>ct</tt>: The SFrame ciphertext</t>
</li>
</ul>
<t>An implementation should verify that the following are true, where
<tt>encrypt</tt> and <tt>decrypt</tt> are as defined in <xref target="encryption
-schema"/>, using an SFrame
context initialized with <tt>base_key</tt> assigned to <tt>kid</tt>:</t>
<ul spacing="normal">
<li>
<t><tt>encrypt(ctr, kid, metadata, plaintext) == ct</tt></t>
</li>
<li>
<t><tt>decrypt(metadata, ct) == pt</tt></t>
</li>
</ul>
<t>The other values in the test vector are intermediate values provided
to
facilitate debugging of test failures.</t> facilitate debugging of test failures.</t>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
cipher_suite: 0x0001 cipher_suite: 0x0001
kid: 0x0000000000000123 kid: 0x0000000000000123
ctr: 0x0000000000004567 ctr: 0x0000000000004567
base_key: 000102030405060708090a0b0c0d0e0f base_key: 000102030405060708090a0b0c0d0e0f
sframe_key_label: 534672616d6520312e30205365637265 sframe_key_label: 534672616d6520312e30205365637265
74206b65792000000000000001230001 74206b65792000000000000001230001
sframe_salt_label: 534672616d6520312e30205365637265 sframe_salt_label: 534672616d6520312e30205365637265
742073616c7420000000000000012300 742073616c7420000000000000012300
01 01
sframe_secret: d926952ca8b7ec4a95941d1ada3a5203 sframe_secret: d926952ca8b7ec4a95941d1ada3a5203
skipping to change at line 4642 skipping to change at line 4167
sframe_salt: 50b29329a04dc0f184ac3168 sframe_salt: 50b29329a04dc0f184ac3168
metadata: 4945544620534672616d65205747 metadata: 4945544620534672616d65205747
nonce: 50b29329a04dc0f184ac740f nonce: 50b29329a04dc0f184ac740f
aad: 99012345674945544620534672616d65 aad: 99012345674945544620534672616d65
205747 205747
pt: 64726166742d696574662d736672616d pt: 64726166742d696574662d736672616d
652d656e63 652d656e63
ct: 9901234567449408b6f490086165b9d6 ct: 9901234567449408b6f490086165b9d6
f62b24ae1a59a56486b4ae8ed036b889 f62b24ae1a59a56486b4ae8ed036b889
12e24f11 12e24f11
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
cipher_suite: 0x0002 cipher_suite: 0x0002
kid: 0x0000000000000123 kid: 0x0000000000000123
ctr: 0x0000000000004567 ctr: 0x0000000000004567
base_key: 000102030405060708090a0b0c0d0e0f base_key: 000102030405060708090a0b0c0d0e0f
sframe_key_label: 534672616d6520312e30205365637265 sframe_key_label: 534672616d6520312e30205365637265
74206b65792000000000000001230002 74206b65792000000000000001230002
sframe_salt_label: 534672616d6520312e30205365637265 sframe_salt_label: 534672616d6520312e30205365637265
742073616c7420000000000000012300 742073616c7420000000000000012300
02 02
sframe_secret: d926952ca8b7ec4a95941d1ada3a5203 sframe_secret: d926952ca8b7ec4a95941d1ada3a5203
skipping to change at line 4669 skipping to change at line 4193
sframe_salt: e68ac8dd3d02fbcd368c5577 sframe_salt: e68ac8dd3d02fbcd368c5577
metadata: 4945544620534672616d65205747 metadata: 4945544620534672616d65205747
nonce: e68ac8dd3d02fbcd368c1010 nonce: e68ac8dd3d02fbcd368c1010
aad: 99012345674945544620534672616d65 aad: 99012345674945544620534672616d65
205747 205747
pt: 64726166742d696574662d736672616d pt: 64726166742d696574662d736672616d
652d656e63 652d656e63
ct: 99012345673f31438db4d09434e43afa ct: 99012345673f31438db4d09434e43afa
0f8a2f00867a2be085046a9f5cb4f101 0f8a2f00867a2be085046a9f5cb4f101
d607 d607
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
cipher_suite: 0x0003 cipher_suite: 0x0003
kid: 0x0000000000000123 kid: 0x0000000000000123
ctr: 0x0000000000004567 ctr: 0x0000000000004567
base_key: 000102030405060708090a0b0c0d0e0f base_key: 000102030405060708090a0b0c0d0e0f
sframe_key_label: 534672616d6520312e30205365637265 sframe_key_label: 534672616d6520312e30205365637265
74206b65792000000000000001230003 74206b65792000000000000001230003
sframe_salt_label: 534672616d6520312e30205365637265 sframe_salt_label: 534672616d6520312e30205365637265
742073616c7420000000000000012300 742073616c7420000000000000012300
03 03
sframe_secret: d926952ca8b7ec4a95941d1ada3a5203 sframe_secret: d926952ca8b7ec4a95941d1ada3a5203
skipping to change at line 4695 skipping to change at line 4218
11d57909934f46f5405e38cd583c69fe 11d57909934f46f5405e38cd583c69fe
sframe_salt: 38c16e4f5159700c00c7f350 sframe_salt: 38c16e4f5159700c00c7f350
metadata: 4945544620534672616d65205747 metadata: 4945544620534672616d65205747
nonce: 38c16e4f5159700c00c7b637 nonce: 38c16e4f5159700c00c7b637
aad: 99012345674945544620534672616d65 aad: 99012345674945544620534672616d65
205747 205747
pt: 64726166742d696574662d736672616d pt: 64726166742d696574662d736672616d
652d656e63 652d656e63
ct: 990123456717fc8af28a5a695afcfc6c ct: 990123456717fc8af28a5a695afcfc6c
8df6358a17e26b2fcb3bae32e443 8df6358a17e26b2fcb3bae32e443
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
cipher_suite: 0x0004 cipher_suite: 0x0004
kid: 0x0000000000000123 kid: 0x0000000000000123
ctr: 0x0000000000004567 ctr: 0x0000000000004567
base_key: 000102030405060708090a0b0c0d0e0f base_key: 000102030405060708090a0b0c0d0e0f
sframe_key_label: 534672616d6520312e30205365637265 sframe_key_label: 534672616d6520312e30205365637265
74206b65792000000000000001230004 74206b65792000000000000001230004
sframe_salt_label: 534672616d6520312e30205365637265 sframe_salt_label: 534672616d6520312e30205365637265
742073616c7420000000000000012300 742073616c7420000000000000012300
04 04
sframe_secret: d926952ca8b7ec4a95941d1ada3a5203 sframe_secret: d926952ca8b7ec4a95941d1ada3a5203
skipping to change at line 4720 skipping to change at line 4242
sframe_salt: 75234edefe07819026751816 sframe_salt: 75234edefe07819026751816
metadata: 4945544620534672616d65205747 metadata: 4945544620534672616d65205747
nonce: 75234edefe07819026755d71 nonce: 75234edefe07819026755d71
aad: 99012345674945544620534672616d65 aad: 99012345674945544620534672616d65
205747 205747
pt: 64726166742d696574662d736672616d pt: 64726166742d696574662d736672616d
652d656e63 652d656e63
ct: 9901234567b7412c2513a1b66dbb4884 ct: 9901234567b7412c2513a1b66dbb4884
1bbaf17f598751176ad847681a69c6d0 1bbaf17f598751176ad847681a69c6d0
b091c07018ce4adb34eb b091c07018ce4adb34eb
]]></sourcecode></figure> ]]></sourcecode>
<sourcecode type="test-vectors"><![CDATA[
<figure><sourcecode type="test-vectors"><![CDATA[
cipher_suite: 0x0005 cipher_suite: 0x0005
kid: 0x0000000000000123 kid: 0x0000000000000123
ctr: 0x0000000000004567 ctr: 0x0000000000004567
base_key: 000102030405060708090a0b0c0d0e0f base_key: 000102030405060708090a0b0c0d0e0f
sframe_key_label: 534672616d6520312e30205365637265 sframe_key_label: 534672616d6520312e30205365637265
74206b65792000000000000001230005 74206b65792000000000000001230005
sframe_salt_label: 534672616d6520312e30205365637265 sframe_salt_label: 534672616d6520312e30205365637265
742073616c7420000000000000012300 742073616c7420000000000000012300
05 05
sframe_secret: 0fc3ea6de6aac97a35f194cf9bed94d4 sframe_secret: 0fc3ea6de6aac97a35f194cf9bed94d4
skipping to change at line 4748 skipping to change at line 4269
sframe_salt: 84991c167b8cd23c93708ec7 sframe_salt: 84991c167b8cd23c93708ec7
metadata: 4945544620534672616d65205747 metadata: 4945544620534672616d65205747
nonce: 84991c167b8cd23c9370cba0 nonce: 84991c167b8cd23c9370cba0
aad: 99012345674945544620534672616d65 aad: 99012345674945544620534672616d65
205747 205747
pt: 64726166742d696574662d736672616d pt: 64726166742d696574662d736672616d
652d656e63 652d656e63
ct: 990123456794f509d36e9beacb0e261d ct: 990123456794f509d36e9beacb0e261d
99c7d1e972f1fed787d4049f17ca2135 99c7d1e972f1fed787d4049f17ca2135
3c1cc24d56ceabced279 3c1cc24d56ceabced279
]]></sourcecode></figure> ]]></sourcecode>
</section>
</section> </section>
</section> <section numbered="false" anchor="acknowledgements">
<section numbered="false" anchor="acknowledgements"><name>Acknowledgements</name <name>Acknowledgements</name>
> <t>The authors wish to specially thank <contact fullname="Dr. Alex Gouaill
ard"/> as one of the early
<t>The authors wish to specially thank <contact fullname="Dr. Alex Gouaillard"/>
as one of the early
contributors to the document. His passion and energy were key to the design and contributors to the document. His passion and energy were key to the design and
development of SFrame.</t> development of SFrame.</t>
</section>
</section>
<section anchor="contributors" numbered="false" toc="include" removeInRFC="f alse"> <section anchor="contributors" numbered="false" toc="include" removeInRFC="f alse">
<name>Contributors</name> <name>Contributors</name>
<contact initials="F." surname="Jacobs" fullname="Frédéric Jacobs"> <contact initials="F." surname="Jacobs" fullname="Frédéric Jacobs">
<organization>Apple</organization> <organization>Apple</organization>
<address> <address>
<email>frederic.jacobs@apple.com</email> <email>frederic.jacobs@apple.com</email>
</address> </address>
</contact> </contact>
<contact initials="M." surname="Mularczyk" fullname="Marta Mularczyk"> <contact initials="M." surname="Mularczyk" fullname="Marta Mularczyk">
<organization>Amazon</organization> <organization>Amazon</organization>
<address> <address>
<email>mulmarta@amazon.com</email> <email>mulmarta@amazon.com</email>
</address> </address>
</contact> </contact>
<contact initials="S." surname="Nandakumar" fullname="Suhas Nandakumar"> <contact initials="S." surname="Nandakumar" fullname="Suhas Nandakumar">
<organization>Cisco</organization> <organization>Cisco</organization>
<address> <address>
<email>snandaku@cisco.com</email> <email>snandaku@cisco.com</email>
</address> </address>
</contact> </contact>
<contact initials="T." surname="Rigaux" fullname="Tomas Rigaux"> <contact initials="T." surname="Rigaux" fullname="Tomas Rigaux">
<organization>Cisco</organization> <organization>Cisco</organization>
<address> <address>
<email>trigaux@cisco.com</email> <email>trigaux@cisco.com</email>
</address> </address>
</contact> </contact>
<contact initials="R." surname="Robert" fullname="Raphael Robert"> <contact initials="R." surname="Robert" fullname="Raphael Robert">
<organization>Phoenix R&amp;D</organization> <organization>Phoenix R&amp;D</organization>
<address> <address>
<email>ietf@raphaelrobert.com</email> <email>ietf@raphaelrobert.com</email>
</address> </address>
</contact> </contact>
</section> </section>
</back> </back>
<!-- ##markdown-source:
H4sIALU5mGYAA+29bXfbyJEo/B2/Alc52UgjkkOQFEUq49lobDnjnbHH17In
mZNkLRAAJcQkwQVAy4rl/S336/0bz/1jT731GwBKlMhsbu5Z5mRMgY3q6u7q
euuq6na77ZVpOUtO/L3zJFrlif88D+eJv39O/x6c+D+ml1fldYL/9U9X5VWy
KNMoLJPYP1tE+c2yTLOFP81y/00SztpvU3j5ZRKn4Z4XTiZ58vHEZ1BenEUL
+PfEj/NwWrbTpJy2iyn+1E4WUXsGMIvSQ9CXWX5z4hdl7HnpMj/xy3xVlL1u
d9zteUWZJ+H8xH9x9va5F8J3wPx0uZwhToBJ4YeL2KCy511fAiTqxfuQ3Fxn
eXzi+X7bL3C0aXlDf+TYvkTU54i6n+iR0c/JIm6XGWAZ27/AyPqeF8KUZDnA
bENT3+cRns3D2P9pHuYhPczyy3CR/o0QPPER24SeJ/MwnZ34SYYtfxfi806U
zV1Y/wZjTxf+u0mSl2kDuOfppzTphKkN8a/0zu+m+icb4HmSX6aZ//swj2Co
L2EWZrOsAfDT7Pxl5p9n0/Ia5tkGXxCEziVB6MwZwu+irJhnhTTvpJnb65s0
ugrz2P8uzBdJ0dRdWkSZ3Us+m/wuXX7sFJ/oaZ4hlcLylFnugv4lWyWLhf88
nMyScpMJv6EXrAn3omxR5ulkVdaW8nn+f/53/H/+d55G/r+FUTZpQr3WwTRP
4gRe6fyVXlm3tC/DvMQVmMFE/u3mQxPkefg3IkINer6azfG134X0Ux3o+eoq
LPxXsA3CDytouslUFwtu/rsIf6nDfAsUWsASXoarT5vAg7nEpuvAvQmXV2Ey
899kSNQNAF9fZcki/eS/+ZdnNlhkGb/L+eWc3uXVSxfAf+bw7scEN/db4CM/
JxGsZXFCr2sOx7wNf/elwR7TVjJFCgDWduIDxHla+t3eUXw0HPH7YX6ZwE9X
ZbksTr7++jItr1YT7PtrYWDXl/Lt68ksm3wtL3+NHK39kXty/uj8tZBljYHf
nfi9bq/f7o49z2u32344AS4XRqXnvb1KCx8Y52oOuPlxUkRApUnhAxv2G/l1
M69CpkicSpg3PponsCEXaTEn5s18j4ZQ+MBuQiS0Ml0Cqd3AlCymSQ7gEj8K
Z7MWNPCur2BD+xEAzMOZvA584WOSF4BMMoNxwnL4z7Mc2EGcLi79d4u0LGCh
QR68Kw4AEvQSRUlBo/EYwjwpQ5iR0F8ksINiv8z8efghQRQVmDgBqiJOfw3L
kK1K/yr8iD8oYBnBg+lbKcQ6MpFmyHE6nSKm0zyb25NpZNjrPCuzKJvBYN68
fX2Ac1JehaUHpJHiDMXJEuYYVyWb+tDC3weaKJB6ljC/wIkIPX+RLdr4Kw8P
5mpRLLO8PCAxBVPgTRIfuUPKg72+Ai5XWwwQWkmOP0PjeQZoTuDt6zQG+Ml0
mkYpoNFh0pmncQy8yPuV/wJWJotXEckq72UGIBb2on5M4ySj9fSLm6JM5oW/
KnAi1iwdkti7A0+tMWCj+57dAHdelQpxFtHUhMDDPC2zdAGLPwkLGCfqCyFt
A79YRVcesJbwI2xw5N9maC0k9xQYqWBapH9LWjC/sP7w2hJnsUWzmMH65Qpi
xz9deICoX94sU+z9BrYPzOIiK4mmXCoRhGXv40riQ0PuLSFzgJNdF9YbvBay
wQDqHu43nJJFvOcXGZGKD3MGK4w9T0D7SVTbyQ1T3PN3HVgkWVzcg/KU6CDL
P/jLPFsm+eym5SOdX8KMAMRVscJReTiYQvCgiYOvMjamN9lIpA69ffran8IL
kzD6AD8VRXiZFC2fB5fS7HjLrCiIbtMpjhehfE0vAtHiQmO7OnNJYiC8U15I
wPM682fhDdIHzKXLf/wK/wElAfjuf6xwiU884IVBx/8+W7YnN+2rbOnvf//d
9wc2CABIc9/SY+Plr42L2CpMCyityYIm1RAgvgBTDE16HdBf9Wj2z3pnTm/4
AJ6oTpvBIVvZhHVAvzPYEvEN8IQ4AZJc4TbAJYdB2irl58//+ub50/5xEHz5
0vEJOC7mXpytcGVMSyCy6CqBvuJkmoI+Bfz6OrxBGogzH1D3rKEAAyEoDHx0
3Osj8HcoM8vVAsQPUxhgKTBRf1hmgJ3a4NGNhxN3BTYAMbhZ8gk0Z55+5Omw
quHicpaQkCK2RyQIjLsgkl0gORORguAoEuAfwJlR505BTY2I5guQJGGeZkWn
KvRwF2QFDXGRXOPgzvBZmRBnUzh/WGTXQFOFGBstr1iCnJgqFgCc5HIhLBa3
FszJJbCsZVW0sVAhCdURULR83mWyIKyteUX+jMyR9jpKM9iJtLDQiSAoxLMM
b2ZZGMOOCy8XGY7ZQ1ajhEEH2fXbJAdo2Sy7vGGyAmsFcYVNvvfy3fnbvRb/
67/6ib6/Ofuf7168OXuG38+/P/3xR/3Fkxbn3//07sdn5pt58+lPL1+evXrG
L8NT33nk7b08/WWPV3fvp9dvX/z06vTHPRaA9sLgBmb+A3shyZd5gtwtLDyl
psT4zndPX/9//ysYAPX9D6C+XhCMv3yRP0bB8QD+uAauIJx8AWvFf8I+A6Jb
LpMwJ3UEGFIULtMynOEsAqle4XoD409g9r76E87MX078bybRMhh8Kw9wwM5D
NWfOQ5qz+pPayzyJDY8autGz6TyvzLSL7+kvzt9q3q2H3/zrDLa63w5G//ot
KIovT5+eeGBDMNezTXMkzqcgJz0PNws2Ek4H/1hGu+cB98FfhevCP573B6Jh
dAbcqQbsMXXY8n6P1cYZSiBSx0GvSBZF4sH+ICbE/Od4eDRE/gNymjY+7i5o
qHorYP9FV9jZdLWItG+BOvKsfYTyxFE3FKD/WNFm1oxbv+PlCRisMeEHvwKZ
kd4AorVIKm2ZtNX2RI0FWBbxNEClyOaJxzrHUhg9beDfZ0CbnmeYhs10UEiD
jAT6RS64hofhQCv8SNRimtlJDrj5gNUlDU9zTNoPoH4hdWjtYpqhyoLzeIl4
gYAF8QqCCXUpmieSWYSIawiEqzjNaH5Z7YKuqzwSBWyN6RHfDPNJCvOW3zBP
Z1URZgeE7bMkAn47q3tYWAdHbjcPF0DJxFtQmcEBKB7MU4gdYefc18LqrvI6
K7TQcb/jv0wX6Rx0R1jd6ENS+smnJSwsdqw7AeUFFafpambGilOXkkQBuOgl
AulTkuyAJnEqviYUlKw2QWcDa5RGVaxIjIRgaLtjBTYEqHgkRxTBtbC3UK0f
bkdARBkS1rInnctOy/9DMnmr3sQXYZu9aD/rkHvtOpkQ1DYS8Mc0uYad53lH
Hf8PwCusdUPASpiHRZFFKTn4kjzP8nYOdDxLafk1qUDvaSeB3t+8/SNhCy8L
o/DP8C1gQHku5L3//OzpQUspezASn4QzMAgAFs9os6P/8O0fGc7ZU1krJJ2h
tYKknF/hBiiUgZguKqR2fG97rb5B6xFMBa4HzQKtGYhnWNMl+mRqe4GMj4Ln
zd4XMAKcBFuH+ZXyetZMeNHXFjZhmC1I+2rJ+7RABUz4Iu7Uloc6WjpfsrZP
XxBoizQ2mFZlk4LOVqCVBcvKrHIuM1LYeqExIpE6rkA/RZUTu5B1M+4GELZC
0YKnh1TM6nS6iGYrRDYGtTydEXPF9qHtlF2VQEJ/S9R2Nh4HwwXRDLxOQM6H
bGhpA566jAgu8St8Wb0GpKMs/F/9yrf8wEB/oJR8Km2GHPrrtbgWKTGLWLNr
WuSQFgp79cisYUEAj6xtC0K0bQxBvYnJIiKFVOQGqB5PQcHX+r29T+fZf7T1
m7RHUQMsgNvCPJRip8lAbM2+sH0HPKGwCqRJipMoI2V75oXzbMUWrlpsJjUB
GsZxxSYWqeouCpDPJYBOchy4sQRg7j5ms4+8K3AeL/OQ1kbN/QJZrY9+hzTC
nQVwPqZ5tkDqBaIDq3EZloD3gkUvuuDQDbgqLCBkXdPQ/SQl8UvOEs9xluwv
0ZZmT1iGmmOcwk5COtLT256BATKrSHyPXmSucwDT/xytn08hDrAFHJUat4sS
fgeFFXVPpCZxMWjnF9KET414bksygFh1IYaPqgP8Z5VHABUGk8VsINH88Aha
PmFMq4eKiXYCqQX2hDXyxkadj3pW7bUKo6w+xUnJmgSOnKQfFZYejBk1NaaU
HO0ygIA+B961yLJBGiTzCfNoRoVGYoMm5yIwxgx1RFTsgP9fk4uMzonIKcD+
NjIPw5vCIT1LDwLZOYvRWaJoiCiKyDItNF1Cryc2NbDPTLBzF92ZMXRUwG65
sWhKU4u2blhzgH1C7kG0eBPbDvYnKzDqwhtPCbOQHXKyFwzxs91tkXmBGmeO
BjujI75umGLYv4WXLZTrSXmiFIHK8jWhLhpN+DFLiQDSwrM2JVIggSwInozF
cH3oq1jNiZPAqp0jbf7HKgQToiRPuhenRbQqCvG9AKiClOI4acPsFMh8RE7F
rN0rxtIGPWx2U6QFMbJT8i4hL51AgxaKBiS0lt/El7XGFC4L4BPadcSKpqeY
HbpEiQMYiesTfYNIhB0eogJJNkQqpIbzIPsTiVVtA5Ip4UJQsbh4NvkrWu/h
ZZ4kfsaeX3n4G5SPc5ymCChKBqFdjDIjTEv0Oq79b3GTz1dFSXZATiq81tQt
OQnT9Z//+Z9+GBYfL9mL5R+2H/U5lNdv/Ud9bs3rGoHDJoQaHh7S6512h17X
CNw2IWQ/RFcYf7/1bukLvX5GbNK/JdjfwqPXsn0S334o/hZ5pObgN4e/qWPx
7w1Y/HsFNesdGMzXt3+uz8Vtw1zcNsyFBvO1f+j/ubYiTStknv179RFi4/+5
8ppQob/2WXUVCBu/io2exHXPGsCcAu0mNhhbAjvPRLg2g6mOmz//7tc/5tnG
YO6e4rVgqlvvtl3/3Na/HVbArO/5TmzU5+OWYGQUh5olrHkJlFz/B7Cinddx
T6qHtxzWsX5g1JP/0ljhZjKshwjonKy1rWdo06HdC0g92O3C74gMq6/93ADG
PGsCo3ix+TQxDOdhAxjNk/Xn3WJZ5xjOwyZsFE9WnyaGUeEYTWAUT3Y+jeJO
P/y5+sTiyfey9urDQxcb4ckOpj83iTv10BJ3FjbCk2/JkYRi7xumMfh7qeWe
fmjmWh4RYp7/XTZ5oPA1j7YX/etX4v7Pui244ecQ9Sfv84n/K8ti4/CPJ3to
Zv60ZH8E+hBeNBmqoIy+FbOO2d05gtjzv3jej+kHPo/TuqtW+9iro90kH5Kb
wpzxKRMblP/kE7ujUPnzsCWZxHzI7548w479AaFYAOYUggcaJCjmHKykPNPh
wgOVv6CRAB9vi3cX+1qAqbtfgBb7+TMrwG1E7ssXMo8xRgmtdjLp2NEh73rF
VYhH7/BXDhaGQJjP8E3RtRtdrj6duyRgWKAHHbXmJIyuMPLOzIdyYCjfDWrp
9CMoxGBzRxhOkC0S16y2oiA8snfAcELPKCjwiwzmq2APkEzV03QJ5gH7f06V
fu9H+inZa3lasCNOfkbbhU7i0fNq9PNsVS5XJVsK3toASHIgnhrX6TM8e98/
PTt9Vj3EpmWfhSm5p+Qk7CgIhl++tIwbUnDRBhY6omL2OoczO5IHfou5K+hJ
/EbueMjA+ghWEh49tGfJ4hL6AAJaReWK7FHrsI5deHhKC+TCkU0MhU5syCel
X5ShGKNJhxtUDvrL8BIDNY1nSk8tTo8fzi6zHMY9RwRgSatGEIh32trqn6Zt
3/jwG9YLbn+4/eHHs1e3T2+f4j/CaFCrefHM5YRP0UUGM2bxwsP2t4/uX4Tm
IzmhNoT+X3z/TBMN7ZP/8v7/ad4n+nvch+i/sf/KUfHb8PIu/B/dv1IaH//Z
/n1E3qK211lOQ3Y/LlNXbdq2OiHM0EiQNjNCpVuc22zRiBQjh0iDoFM3y+8l
7iyj67ZYOrAPl0KoQHoqN991OpuRA0nB8Aw6wJ3vAE7ItyS+rCIKvTxZ5kmB
48cYyoXF0NkzSt0WyxD9zBy5oz3QFXEl8Rpyckqn0GmOx2nipmR/dYN4UM1n
oW7d8V6U7L5Dz3SxBKUtnaQz9GuK4LH8ZugN1q7qpGkQqOF4lmPYONGjCLm+
OoMUVGdZwYdbeUJaB00NniHiMXGY3zjKxvc8+AbRKzFI6MwH3fNjOFsp/zmf
6FiKASiC8GKJPkkMthfN7MTzvvJPlbDa/+EFaBOkVVmnPDVQqGwVV+JK5zNz
BKKk2/7Tt28EilK8MFATJlgo+iphlUrHJFoBap6TatGo7BGaLZ96ATVrki5C
dVhlVEBW8zxU8+rHWvoEogNoq0MWWO48Q/AU53iVAi2yl/VyBVMHI0Oq93QY
BHmkeRnaNPHt1SLF2BBYQPJLOzrGU9C700v/u5sy8QzzAMMZP7/xf0P/dmrc
CJp0/cDv+X1/4B/5Q//YO2xX/2ezROcP7/aPAPAHAPML/PuUOTXMXafT8fkP
mEP540FwFdOCIbUdLU5zK5tw9740ke5V6JwfWnofR17R/NY6UGqixxt/AvPJ
+udexDOMT/YsxmHCVGCbzGKMUzn7JOewMBX+8xlwh/0/tmCWJ2l5gNFKL+Rc
qcBAVYTxA79LZyegVjPe+LKQL35ltReWXZ7jPz+yKrz/QwvWD6AXDJ6B/tGf
Ytd0Gk7hKF2JkWzuC4ZdfdGTF4MWn9JhNLD9lmjiws1oz8CGXuHBPerAehqA
CGQafrlzGp42oYYvyzTgVz0N8hz/UdPw1JmGt2vGim9Ih780TJHpy+O+rEG1
8EU1KWKq4Dogn0WwTAFsJ5PTn8weCqiPMIhUoqnoiA35JFgpKiRnfwKUCNOV
hosDpjpi22ZViAXQ6fciMadZ0mOq7G+Pg6u67WNZM/MqtInCPJfTJ7bVcxZM
FBo3odwGEz+eXnqEx/4PNM8HWvq5r02ZvrHNLwfWVP4tyTPA/ic85boGO7Xl
GVSI607MJJnYFYzyWM39xWo+wViFKU1FoaOsOQtkuWS6Cqdlklv4UmNra+LS
8DZWC1QkGPrUoYVTxjJRiB6kGQBJkQoeqQqfZrxpNC3PED1bmDzIbrfra82k
oLhCtV1gQ3W7gfOo1/KTMupwrI0E64d+vw2roloxpqQoCFRrdblN4QftUaMN
jeePlN6BR/oWDQH/WlHs/rzQfNFr4IvtKCySAi18DtHBpUenAYnuTDEOnGfe
VLwLClSDLEGFK/KNPyLZil9OPCUH9L/ebfeWVg7/xWa3DW1cQN8+aYS0Vq03
XQRkUaOkEkG1z/P4BB8f+E19r4dKSCEudw3vDqQCsvLNuLUoVUj9sD1SD52q
DdA1c7gG3V1M7no81qoKTLFKYXhOFI4BWLJ3XQ0CbRvQhy132DlGtIY6+MpS
7lbidCPfj50hot1AlGoQFlcmApjdq9ppysYLhdMm4jRSHkr+qU0/ia/yD2LC
5MmUk6gcvcMLUUk3vJtdUsKrCQuD2CSBd0glv8BmHRnvBbXnR88SedQmXlbJ
gJEcIAo7k7FhMK3SswkCIczoKeb8Ea0ldh6+ef7UR2eh4zfkEAm0kNAO8dcZ
Wehr1iLKuEKXlCXGTrnKuPZDRC9bYv4F8U50x6KlUorsRAHtppdwbBt6ItUs
vfqgZgMzuLA5SwM0lMlWqZsZZs4tMIs7wKyzVxoB6dXRkXA2sHUA/H2TUYaq
gs94UPd7ML172qQKY4kidDy9B/aMhIgCxpjZpFxIvBuv+nwJ9lrM9Gj7aD2M
8A2Toh2VeRuFdbu4CnsoWsr7p9gKW3RS3N1p+h7IvvPqau18u15xvVEUSSMv
+BXZrJJEgI/OwsYIRjqEqBt+HFyUzFNJFwS6SzHBSM4jvAtMJHwPI7uwkthm
IWxQHYm+UIoiySoW86hBhjOjwokbhTmeCrrUYUK+CROizEGkfxUQxJ0aNCoG
N0fS+5fw9sJj8+BllicZBT5xD8X9XXCCQmh3o3xAZNXbhyn1uVzMbjjoDzZ4
JEkZfKCAIV1IAhZc8U0I40tp0jx5CFM7SW4y4YlFBKvE647ansqywj5bFB2H
irAqriApjHTEhah7EyJqYlBFsQJ1O0pq0YAU/ggz5sRggulgfFvitPBUtBXG
Luguw0s0VkpOSqIzpPxGzpIWGHApqr1Ao6M6mXvMxV0kl1mZSuShyqojj4s6
66N8ZAAxl3TLVJIv2aSwek3pUIpGgcTPGWqaGHm/RhhYX4J1DdRRNNgHxc18
npRYfAAQtchepoewr6ViuHThdBTOikx6I1G6QAmAqg1vECv0GdOw7KO6fTAu
YGKQ/XWRvf+h8ntoWF2r5p8zjjDeODgLaWF11/KUzDXIkFkG2x2PF7W9YqVq
mCEq76ci/8Ul20sWgU/d3UGGCjIndfpJGOskZDnAVdxYbwaXcfiacZzyVrc7
VAloa1YFpS0nY88Uz0GaP8egcTrZ9K6JocBCQSvsV7eu+DZxd1KeD8VQlrZB
WFBlAECn5ZGEPAAdIM0Vy7wKVeivCcG1YjondLx7UzmkA5J+ofIObC/gPAQz
nOjcmoMQJ5Em9C5WBcihY9mfZOSaeJWViR21yUev7tLwUTifpfMROHlU0mlC
RVzwBc/UdCkSimJFb8CCw/JJuXU2BjFWxYP5WNvnU2v8pg+dmY+Qezjm/cIC
lpdAOVNVZPIkmWJwcEjap2L06N5VCduU20P2skxHle1hkpO1j+bhDfMfM3tt
ZPQezYqZpHROiHJqLzLlOJmFfOYqh+YfVHCBrZqDvjgDpe/AczG+Cj9iOgYy
MBCeGL1Avy21+Me8XKQyXNf9yQGGxsO8Y2mG5NMyzeVwnnWCZ+jZDlkpqOsD
FS0ZkeUJxh+KcFa6MQvuJves1CVWAsQ193vanGFN4LVUtIYBzwfV1IXHDOD7
l6dP21y4wMXff67sk/3vf3j2/EDp5KMhpriGhWjx6NNEG35ZJKs4Q/PJA3tG
OkFk3mPH7DRX+B1g3RK2x95LCMYTHztpn32iyiD7e3tWa8+0RnikCMELys8b
dLqYpI5QcKx7/iEx4EPRPt+T9umA8J+QG1x6XMLs7DvYtGrdtXxRbW1kcGB3
YUMzfh861GhTfEyPCqEFIQRtVvnCwtp5g8xg7wXz9tgsMJD3hdPPBVl/qFRd
HF6Iugo0bzmqwAxDr+xCAyAvIMbrLC6LjnrbqKRUVEE7O2G7j9r0hnFoKj22
RdqHMg6gP06GROeTzkhrkk2Crz25F6bz0O+t69B3TgbZ5rnD9HaOSC0LnNVq
16A39Q9gRTlXthob0tCTcBE7g3mNf0Fb8o2WnLKGGrt4KxyhwZiU48gLQ0UX
4rNk+zPlxGceA7tO//jTG3Qy2K8hwV0YGQ1aK+XFaL3HSuwhylBKiGgCSCVN
i5VNxeNu7GWZehlBphyVtYgno+ggEti7pk+jD3QULKJVE1tkhyidwoyL3Vud
fW3aAc/NLsmy8ZhHG/HW1rBM9ZIJShFrHRIlg1VImrRkSmvgs/Iennq25JRF
lw8xxvmJw/5aLu/xiUmj0vwnAPAX5Ce/kpl4Dyvxnldi/xPs0APlTqFpXrSt
3e+sJoFQS/eJrGuzpNYBBm65MgcU6t3RgDSP84UGn/ifsnzfQp9PYh2c5VcT
YyYI+3diqxfHPrNRJiIl+C2qvMdXdPKksWu9Joh+GMbQTNof6kXyNNMhZ9UT
3/ZQ7dtLRuNvIRx7YQ3v16Ct2Afi+47CRecoivrSBfo4jELHbIROF5A9cGiB
bk3WTCU27/qeoAxMlyO7xtnqDBhPa0SDVLG/FFoh9pUORvArpbOUj2CeoZ6U
aS+NpzYvg5+splNdVYrOQ4AKKUNRxY2ip8AYt5Rnvc855+HCQ5efTGmCR5Wo
YR80JDDd9ak6ptfF8Ttn7vUz+L/bOyZM8+/bz0PfUfN2+IB5q8PvtAXQ4b1t
bzWih9Trt7auSDC+vUXt2OMDAWlPh0TrAuAaYHOw2bcO87WCyg8Z07tw1vHr
txWcG09FAOdXyDTcN+T06K4Zua1gfU9b/zcbzvRm0W61trXxHa5vS181q3B+
Wwu3mgdwF75Nj9Tq3X8uBSsCOsQ2c9H8sYXG1tBrsX13tK1xOKvtYW3szqma
Iq/GvX0X3NooGv/esO036/kLtrVE86YQt2hVlxdyfinHlGeWO3JdDCZaEM8S
Y0F8xxLWch2CIqTz5HWVPRNcCFYMyNdaHCXXVPHCpmwDNAzy8FIcmZzLr7x5
eCrH6oQpHcFS1gsltb0azKiEtYZhZ+MftMRawBFQmQZycHlRNpvRQSf6dkTJ
uOTE9NqZYEtMAoq5W+boUVGVlejIFJ0lJeD9NZbOQ88fh+MQFFPVzP8JFVLs
TjrQcSima3KGKbeV45Az8ZwFe9ulEEBDCCtpo0tsXnjuQHDlrJIjxrNkhR/x
QWaT8WzHR05T8U/n5Hp0fEYA2nNNFAm4tX3a0s2dEZdS8k/KZRs3GJ3gxBh8
lxYbOJZYNzZmjshTMy1k7qgozZaMtuXq2UCXhf3Ofh2K63a632ja2pIBAPeY
CqLr22fxa40EeyTsAMLjUmsSplTOxjhnQVGOQvR4lFTJgepmMiVox6vyGuCJ
QRNJOST+8vQXrYVf1QgahpLfWCTr0aywN1S8B2GpTlKEYcUc8Xb3KOhscnEj
Ncxwn1UOicihj9UfsJqTixlWLAWbL42tZ4UvdfAmXDMC3qqdnnHJXE5RW6XF
FU3WPhuNaD7kixDYxITLOB2wc5fL+npyfIkeBr/aNbv0eSBUK9EJclcD1r4H
T05pSznC4wMSUxqHTguay8RZu5GOoFAsoAmIk3uv1VPPSttMujU9rWkJm+kd
ja2ape69re6B6OgED4G7o7Z36UYP1fs2tZGq9sZdNpLTfgMbqWpt3G0jffvf
NlJT2/8nbaTNPpt4FHzfkZm7h06fn//bJ/R39wmZeXNto2fJJraRPPHP6fjG
DduSY3SJ4FQRWc4hCsl6K+vJibQEQ2KeYmWpQtKa1pwJIb+MrVPir7BU7PrT
nD9JHORfDIRp5VCoBSoAp07PkP3K2TAo3wv20jYkLK8p2+iMyI3es0LnSbUP
0b5RkasUFm4QalPF1/DLF5gJYLD1WhwOMby6wv98COm/+J8F/qfE9MiTRrat
P/Q7NzJf+T/Q78Xp2fn7oDd6D+z8PR5zvz///rR3NHw/6l5gv/0e/CcY4tfB
CL/S313/zneHg/Xv+qO73+337nh34L77+6cv1Wvw54WaK3p38XXIEBTOQ/Mu
viDvHgU9593hQL/LKOh3MUTaPthsmxV2U6rs7YNZZdyINtcroCQM5Erx0gjc
H3mhzIUiqQSCchSCIh2iqRenr05RN8XaDzdeBGp7qdLcmk9eO/pEm/fmgssL
lrXUo6Z8TFO+T0ddU3Imnfec+Ht/xonb042QH8ADyreA91vYYNS1fke/yKjr
/D4cuO8PB+ZnKi79Z6AHp4nX76kmPLhQ8yRiPMSYtFPEuYuiZVUgdKdaVdXw
OAtmlQsPMe0dQLW4ROt2DiQKNGA86w4LgyJ3xBEtDtMktmEmh6mCC85ygBc5
XMIFmzn1V82sFFYFZ35VjsyB8Nuos3Fxe9g1NH0aca6CDJYXJY7mBIvCfpGp
KUrEodwsAAcs2U/sWAf8mgNk9/QrkpTTOZayAWoDNPTpL+OCu5/8Jy4RchQ8
zZUOMmxjgza2V6mgrXXh5x3t1lsbc3bP5RTFasIhVSYX10QcieSjOYBWEgOg
MiXdzaUa4Za6QB5+6L26oqhldCFcUCi4FT6i4pEo5trkBZz7k1kWfVCLL4EX
lHYA0LwKAInNVvHptQBtHwP7mXU0iKSDjh01YCbDqplCUpDiG3gAHBnenN/t
Nb6d441OHISMgeYEoPn8XuKkZEEsZw45sX5VTbNYhyhOPfUCL0FzDnKyLLQ/
dTAsX87239a5ogv31ZU1AgUW36jDBaidzl8s35T03tLt2fn0tilkZU3OCNen
x6NlyhOgIPmpVffU46ssxF+KG19FJGoSQNC4+YR4ObgER4MbTEcHaRXJo0jH
akLfBeZSTNNPzVE7zeupQO4To1+oVVQeGSGrxYVJN7iAlhdm/uAvWKwFTCmC
wwlYlcl7eLqvJrTi5mN3J3x/D1uz0QEJz/fh94OWPzogP+WdLQGgNIRO17Z8
VUojwoosyScaiUPVx6GGcShuz0Nyb2ID7gAD/2BNrMFpgFZwgzurr9A3i7Pj
BEvUoyR4ZmoECV1Wdh0FGfq+hIC/V3z9ica5+6krH1hMTjHl3EhMZNU7JOIA
DpJFGi3dfQU64afnYKN1NvMBPR2yHq+nQbmD1xFIulgk+fsIoyuox2I5S0v4
e18e4SqRy3vz+Ypgl6V4wdv7TQehkKDZnvr/Q+mZ79E1+T75D9jcvMQO6AO+
5i4PgTn5Z5+ihPjF/l6l0MvzMJ2BfrNHo9h2LbWnnVdTze761TRDI37H0cCm
MKSO5VN1cq0a0CqjB/M8KmXHiNFSDjiG6Uh5NS7ym5VUffpqTT02O31ABf0Z
wJ4BrKvxu8af5sZkzb62E2vQqfe1HW08h2nEAFC6GoiqoKdLLjzHLvcCILxb
xmGp9SgsliwVtQrVyP9rRuomqBghaJkPrZBiahOvHyypVE5JsM+foW3btG3r
tqRnYRkUzpjCcnV0hkIZBWqQiDYdBdBNcBxJjqldd9Sr48t/6HI8Kz5e17yz
M3dAepGHQg4u3Kk13arUCNCk8WrO4qoWCe6rC9soeIrOeEwYP98wQEQiHZVy
fQafNzaU3IO3i0QnU1X0E5HLcoeMNVPKZNNXcdGNb3TmV6wwrpSwrAbmS1ob
qn2YAYqrb8481T2NjDdW9aDTY8lNE0+Jjuqii0BAy4+u8kzdxikF6/398/M3
Tw8wo1agWyliWh9Rh5vWUY++Og1RJu1FyJOzXn5TWIshBTp0VKHvXkv2kYvJ
05H5CeZd4mzK4qZ4KRpfC7QHf8IrmFaVLPc63ncZXU2TNNSQoAmdgFW9wHLp
UnVBcQMD2SQiFR4ludBJkRmERZ7qnjJZaL1YStGyUMMiIXaGUyNkeaEQUpLQ
ZLpoZcohvfSd4tOjm/qRsJrbP6WHwV9MFgHF0De4FdcmGfwp/ctBq+EFO6z/
DeMKb7EfhNwgnVdXBybQUsp5YBketi0zCmtXm0UiHuxZojM++ILi8ZqnhZIb
PUw0BF7cZjP24s0FFeHQphX8LaUPKfUzKZsKrvv+M2XneyovE5NskAMYD4DQ
I+qiby44oYbWSoeJUKIt7yiGYq5nxKwZQCksTQ0SQU3VvLQWW90cqRgg9pBd
wk5MvGupR3Kjs5TUJO1/BOJKPi3lPhRNfrhVsSt9iQxdhCfXz3hWZSsQZ3F2
3UK7NqLreehKA7q2q/dNsVp+C1C++Rq/OAtT6LL8fEVNaNgKEvGajVTo8JWK
HTgc+G3/zYVnV1LB9J0aRSOHeEJpbe8twN984785AO1lX1B8Tzvs1/5+wD8J
DVYOaoeD9huu3aI+/Kfnf1NxpX7rPvnWq5/MVJ5g9T3UcX5vkPRv1R7xzxG9
202g6Bp0pn5r+0MaN5ee44AAiTwwgpkLMiTkiHxr0RtJjkLuqnGZ0wr1kQQJ
tJCKJSanSlmI6hrgssrZUNBMkOlb/A1jnc2WgY2u/pCaaKHsQNUPkjH2JVpz
YaeaURoE6kjK+TKLRafBXDz4uiwpPZrimZmlKjcXPgZR2c6mwjniZIYYSaac
SeSG53ijIQYgzJflDIu+UWwFomBJbdLKdPgT37/LSyGeP9FnnAxDGTlfC0O8
RMa+Hx44aSHy2GSkhKWdoo7ZdlZzIz2184gbd/yzj6niDzbyEpNVOEiI9qK1
JQsJnkZLrNlqqMVZf1NUlVKOQEEF5fpK80lfedmE3JhIhIdaCyq/2tTIC2Ep
cvsrW4N2+Q6WO/bgZfSD6RoLMsVrQdgUjcxUtq5KirBFMbNzzEqmwWGtXmiF
CBptzU6RkIRCyhYPI86CZfYLCh9X1LOuLnHhANf9TamDWzBF17loDmeJnJ8e
kx0KQypJoWKD9C4rrhIV28gV/BKu9YGeZUnc5+s4QVjMM75j22zgfb4AjpDV
16Ca0EOummQhykhSFjdjxhcAU5bCgVVvS6NnbRdL++dlN9TDNsjLH8+ZsfF1
mIjPj3Rh17kqC7APTQ70jY3GqONrYF2/NTrltC35+fO/wqvt0zdPv39iLuya
Fe0wj65SzJuGyeM7TbHd6zc/vf3pyZvnT8eDXpfq4b1Y4NHnIkr5wKDU1xxp
bTllIz9V9qq130T3lctzuL6CR1enYya/gkEC276OO07x8j3iWYCUz8dFVEYL
xH+YO/dk4hZs8f6ngCcppyEVwMN5JtthnqD3r/BY2eFpMyKfrtQjLsiynxLy
Q3lJeKQyXZlbEAiwOjzF0zmbjIvRqKgxrppAF8OK2RSuVCAtZV5yc4Il1qDH
urWUFLVywnWnBjDnXO4lyyy6kitvaSIEbUmc0S/BTmEDAl/CO+A/mbIvylWj
Oa/S5JnSpcIcIwq0mmmrVHggdM2VzC0nBWm8EnGINI5qHt5ImhtHbpl5GlA9
w5lTvHFE9DYOU9nMzhD1vHhmiCr33rLIlH5qz9EVZSRydU0nN5K8MG7Wo7Ky
OUnTusILJD4alpYGHl1lGZ1x3BgEKGOQJxJMIY1pDU91NaaW+Vb9GEfAqcPC
FuAfZRnecksMAPQDrlTinv2tNa5AH8W9fyars28bRd9BG9TB8K7lPStN+oEm
Ea2deOA3NYnOKibR2WYmEbTzGo0G/0FGw5kYDR6hrqwFf721kPF9oCAV0Mn2
0RAnj115Eq3ruyhSlWUIbknUArktS2ESFfLAqYmh58g7Y+2fDrxLYT6wzj/C
3FycXyC+JIDNwQe21oHsTMIZXakr24G4guI+zOI8lpTU+xwIMlEH6ax306a4
oKbv6czumyditZwfqARjfQsCAPesnHHph1Cly1vJb6jnTJ/uuFbWOfxfaAPz
hsXSEpxCutXuIuL7MxUfifB2wUXFXN2vtrrocokiT/g4N8YjZRyzQhozPtea
dQIRh79/Dvbc2QFZddzje55d+O2MnvLaKiPvrMnIAwsPNqay8c7Vl7MGM0+b
eOZLxT47rH5BG09uGqXrBG6xLitgCF/OCLeqhdcAQV9ZMrvPruPIbWLlzCrJ
nuM0Cx3TxXeeaANMV3yyC8Morkzzp2obCHjerqyohAtlfbkJHJZIoPJ8c7JF
KneFmjNFy2P7tci4O8p4qAz0AzreLzkHx7OkhTnJt+tsyQasBGN3Oh3jtLq1
v/L6BAMJ1+W99aTv0/ozMXY/9RPrFRcAhdzJW8fuW8ebvdXr+vZbwSC5G9Wj
u1GdbtTpkfvW0fTuPocSWKhQ9iW2WW3TJ37PGcSo13U6dj+3d/xWAdt3wEYO
2AY8jytz477eC4LNJidwXuv3gzW9MmHZOzf5mM1WrJHx/j1d+GccJQSb1Wjb
ALuwNrIYgpLzcy6xQvtnTwa/9c+fDEFf0OdN8A5w79+TovaSdfEDDtv0+aqi
p1ICkusyydnMTC6Qltu5EdK7BbI+7/z5u0K5/vny2MrBz7lcy9rvHKOYwPia
4+HwGC8PEhEsdoGlI/nGo2G7GShXinBhAwMrvxeWr0XsaBGpoamK23BIQjIt
T6RELkXdeCokSLRnuby4UPUHxXJaqItGVZrIOyvBj+qKeabyRKWWECGlE/Mx
pCmdsjDEM5N0gbU1dNEXfAx6UTanuFe5Jtd4cOm4BPPk5mlZmlqRKomneiZ0
96XcBWpf0PeMxjOnO4Wx0LWppShOBs3+PbpG2y70xeQnwWI4nnOewDdUiUwK
Ir+z9XJ1wEWWWehHSY41wi1FSdED07dcb/sxSyPxF1vnlO7qghrItbbKK6dE
p7lhGnSJcDJL2ZMDKp5nXbqtwv1KC2VxO5HbDY2pZZ58TLNVMcP7puQYUqGb
5V5C5myetNF2iNiugj9VPGZ9iFR+lacFsSPbKJuzl9sjK5CNantD8KZRpRqk
HDVs7UuwvUu15vMkXNg32CLxVe+xFlKvHOHxQ0EZHV9yZTae4aH8ZIbxQkJR
5Yx4/yUI3QNe5TDXhSVoR8fmmETN1NQ6IXGX8DvJk6uxAQkdN++hp8WS7GzY
Ubd2GqtyB6H1IAUp4Jnaf6KMiq2uJlYZivZ8hOwua3RYvKXy3tUuPSrHSFeS
aYZgMT1jVWj9XAfN1uMhPXNwqkr9pFTsUVg0XtIsVX+RdBWHKKwOhVPwca5T
LM8OREUCJ/KbAxMoMilGNcGNCnwCFgOI31mXfSkthTLhoEXGDHq/0mJu9m+c
XqYlcBk6MyC99Fpxb6UXdqoX43nqfkJVlJMPGkpUUVVs6nkKVngUFqXUlORg
0kI9bRnS53Is6Rwr8hE9KCvjlUVRYmR4UhtxH4u1L+moQwD6M3QMHqgqiHoQ
Js8QdQEqkk+uNF5Jz8kpyNj7bruDxAFiylcqz4saZhRyiujPFNn7lKu97J//
/PSATv2x+qFfJniBNd52gvIS4xhwwulNcqK7fM2w4jjPljwuuhZBE8IcPdYW
ewabhxxFGf2qz46liKuS5Bj466s0igJnz5PS/74dNQy2PfFchVKhdA2YNO0w
ZqRa9iZBo90zd3wLm6CGHLNhFrOeZU9aDU8hnq095wBp77k5BpcqsJgSnhVl
m4I2M6wkbH5Ul7drzkoCkdxw+0jv9PXAs44liG8QKw8bzn5cvyaGnEh+ObqG
tCP5imKp0IkoARYsgsKFlDi2uSmn9y7M3NJBnUq+l4CU84zuFQ9vBDSPx3J9
1DFV+KlgXY+Bx7yHQbAWqmK0uTJKlk0H0ZgZo0ZSxotPh8QXiuyEHazCBxVT
baELMTV3Wel8YS6fYPXn8cyDmsNHxrRdrNxnq+qkgkcKSVoyEYGd2bYGUmTe
nfJEGZRYXQl1Rb7Vk1w7Io/dYxgGQIcWoCnI5LlzR3U3V1pVkhM7mHBvmSET
5myMsNRnmsxiIpOi7JxeArK6xGtHB1qpg1z4x1k663oPBK8IXO46ATnc0j5q
z9RlyMwbNu3wCcxSlRDl3ATUT/DCEeAWcaVsK3ZSFCvrgtQQ46YJvmstSGll
aoPxPZ7ivDg9cvbAbEj5dDm7wWRjcI5LkRjVz9LUKcDGZua0pFxrosCIZm7G
9We5HXk0VLIF/0xI6jwRUWW5gQq44pmnkEOuLgFc6jXOIPBvusoXt653TtW1
gKaiQnPPpbSKpZVy1tYvK1MOVCbLmPYdVve6DlN9fxliRvVJBHMYY46Olk3u
h/OqqKidDHyUC4FZ9Q8ECzrkowUm84kjFrmOLGVulEBXIjrpnCBnr49c8cAe
Ktl6REW/Mgd2Ddbsq0xlvdOFXaS9higXdfCoPtbj6FEpQS7FjU0hM7vIx75y
f+Jxhalpd6BO2wwRqwDKyO3c6gGm+bXc6ItEQwd1UtWgoWfk3CA3cjBPp3ZO
kWUtJOomGOJ/epR8QSBIK9LNjTeOrxkiIYCBgsQ/uY01MN40VALZY1qrVFbn
ssBxu8ywIqERmzSDS1ZTl+3JTRv+sWtHe2KE5KsFOZvJhU/JOfWgUslZwybt
vFx++SJ1ayzIql9PK6PFBkugjEp3qlUMIsCVm4KBll5D3xIj40ZKa3KqLf0S
E+yEmbvB1dAtszbcAhjFsLgxVoFn0sCikGMflEJPIlsJo2r9YoAhfEaiOPhe
LmBraisKomRYmWLxVsApB/6SEm7wa+mTPCwEomUanSmrm99IHaqcdJCIVOyo
EmFCs1qN6aazC1EvCzlstsO3kbjXXi6gsm87/vfZdULaQ0JJalLSSMqOiHpV
qvhI8bSgEGsMnDZKkBVA6UkA5Z2KI4/xTYKSUJW1XcQzovUppnGhhATETc3F
+0ckUYeeHGX9FRdK62J2ELLKa0SRXVTOs1Q5InKuSyCJuq2zUr+dSpaAVReD
NEztcuhUUVVJWeP8O+oEnUCunuHrZg5kGtLiQ+E/YwXnnNIG34aXhXN9lptq
qU1JlY5oArJwJFKZnI6LvHpSaqEY44Sv4wTF8JIK2AAeipbFtDT6na60zrvF
nJJomhfXH0XSNJSWEq+Cgvubgq0uwADL/mNYthP7UkHbuv7CKbIl6ZsUAZNN
VmLleuxMK/nS+uqIkHFwpZq0kB/AWix1cSp8RAPBIXv7djUvTBFx7uJUrqZJ
jkc7sAB04fw5RwHSwzY9lN49mk2ONl9IqCmeu/NdDD6blOpCNMtfPT/xvIuL
Cz177+WN9/TGEzWE4v0SfyMT0//a7/37/ugrTGHCV93qrHjUcxlitusZssVF
QncqLoRUcV5UvVLxnfg0TphVPpPudeVIWvEw8gyIbUvRUdaEF+jlCGWgVxw7
84E33uUKPQWFdmvo1OSGXOr9i1flk8GFHeJkqJR0fSkoRIon7tlLUMkFbUrJ
YabHIwh6EonLWBdUc5+rJGdyDghKYa7yo9XtqVpMoO+E7CNzPYIEZpkQAMI0
VyfB0+Tadq+jVwH0zUsVJofFp2AHUhLMG30wz5TM+6q2qQrWDL7/7vtK2oQ+
jkClAYuLaWteBCOnD+T+/3z34qm18qzTTJXlIQwebRzGY0FZWyVFIYqFqi7D
kqVVeRtmk9E60Wk6r5aupK7JX+4K5tuw6BzStm2wE1o3dB2nUckVr8jsVvdI
AVbTMMdgBLLUxNznToXkcWA/icGxYHHTUv4zX9lahAF5K31NS+TEliJWJbsG
GAxyzTZHCzGjMYqZCqjlDgEY6x7caSVMREfJI0OYJR9Da0ZIywei414w2NzX
OSrTRgajFJsZcoTc3PVLYVXzOR1iMDZEFSXSnrYILXKsQyZzDmsDUnkwWsSX
VXovzJIoW1Tpe1OYywmx40ytrrq9CbcCFhMhmcS/ac0IRKwELuprPcj8omZt
zOJDWlTAPd+3VFzyOuGVOE7qL6fuFeJ20OjyjduIDPcNoPByEjSXJ8QSSKAQ
W7u8xMpmJVZ/+JjMOlxXpUzborZYGEhpdf4BT/uUP9nhXWRW4IEKGiZ+rTQb
7mU+cxADiOL1mHEa97gAO3BiwzFpFlbnhmvVGBTxcDjPZjIJNovBvcEImPI8
yNrxHlqf7R6Ub6QXYb/OJUMRciP7HKzCxVu2VABwpCBnSCkmPhpjQYUJMB7I
+cmOIh4A3/DaFFsm0wZN8fSdonV07C6dgLOQXy1YtY0bytxda1lC7MIifJw9
3tmqUB15yHi6uHi5s47qJE/HyMlZtF3I7beW7kKTK1Y/+f45j0Ud+fCaK5fc
lejbuG2pPoqeeOSEtgOQLzbglSahBuIgceFYLlLPr4CiY5LwUsKGM9gFi0uy
+3g9yEG1wMITMw6zE98Ju44UBwFWULtyh50/4Qe6ns9SUKnchjbcSjA00UGU
4GkAaaTQkFY9v9HnHbSKdKeS3D9EyX2griOnz9V9QOi+aVMcGHVBEiObcYBn
McNOYCFF99WFRliye9DoSsuSDMO+ea3jOOX6R3gkmCxQdTHl45EAwil67bF7
XQCE7GQuO1N1xdBD3AaqDE0ovlGuTkPGFTxtKopT7Pn7a+8K8VYcnQkoy7t7
EpiqQaM9z8o3nqk0wGf7Y03XGswsRfOqWoqn0WoJK1WcqmV2OMTO0et1rVfM
VuQ6BrBKiVjdicMrPavkj0qK4luoKQ2b7tX+9Bw+GLf7iQ0V8knQppthCCYf
Q+mCukBiceJ9JOcC7Gb7hj7Q0MSeJxf0jVxZNAp6Q8rmfUsucpojoX7Qz+mM
plp49iv/Zy4F9JbDI6m0kc5wq1o62B6rXEnzcL62FaiQIPDphuoTlJns/RBf
KVuKyLKdm1uo/Kl6S4mWF2dvn2Po188011ae6t4vGIn7SqK9957tNXinlPEb
HJPtC2B0aD+u+Fvyf05DvI/FGfOehf4esPLZak5mCXTX8c9ZbxF2aLUEPpDM
caEBNeR8gBNxQOL+UrCNmlxTlI7KW9ECDF5DZU1e1Bk95yUMEHhr4Z/yaD5/
ttca55qYaSTLooudsVOwcaJVRAG8/ZTdLk9ZKAODwvWiYwEUn1mO5wLE0ziP
jAgbrH2d+CeVrMBOoUIBSvAhcXm3TF125Ni9VdKwIqUeEdaorOLXWC9tkwpq
dpum9lhbTHarjU8ias8afNvY5vlTfzzsHlHgKBBspY2CG9jv3Ve17ZfN4fY2
gisV3R4At78RXKn29gC4g0a4ayrBPQDuUQ3uHVXiNoX7HOmhLczbpgfkYq+p
vGHivysSBXcTesBgwzRchK7kvKMGXSEBgqeWRvPGzstLSWKy5qFyTioakA6R
kzpg5ZWEYhTugYq3vnKRDkYrmOtimEuDW4DL3lE2JkVwZHMrYcNKPFtEsxXn
AC5udDH5UHesS8ffHKgDQlSzVCjgNdayuyEnraUYCducSxUtMZpsgxfrksyT
pDQRFpbOAAjyIMVbnHC+qBVxWAHHYS7m5EVnS0oVcVWOzrTiulw1lLhikqzN
mvuGcDSzWe0Q0JPfG6z7lQ2TKkhUJIG5u5V9LxiHZ1d4UKZUvZLhdIXRQy07
DKDSfS151CPqkyviBCHprHLzsgqdw8PTQs5l8grBU3ZbOk9nob4PHguVs32l
LHnEvkTHvLik+Nj2gGM3tf3NCSs0tJobrWipEReocvOJYKniPzH7ZrXUdy7p
AA+TosgO/dLVTXQoWMc7tT0YfDxNjmDOr8JcVCqJU6o8IgXYOuVTtx2jCd88
fO2Rk+OrZ4QM7+rXCtP982evD6QC32g0xDMCzr0CfVdfqGwDxcIkVsypOtVl
of+OIqkwHcpzx0hHJJwc65s0tH37MnB1qYHr7paDTcoIR2suK9hl0HAfuWJU
HXZI1VJxrfJRBx7epuvWcbAuWHfPXWjNOc6ALWbowLpPng/1YkRqciMKPd3C
ZmVlcw4IRjfrfDd1mTWXyndaY+CucnWwPUIG9jwDksoWoKxbhZkkRV8FEXDY
pnakiMvU0z4KCgNTrJPyV0vaULhUEqRmqraoGJHCxPJO8L7aBAsi2XfIYWma
ecjpIyriQNzYNhGwcmqd1UjGgIrP8K9zDKrmg09kEUWpbtgGCxnvheZcTXpJ
izYWKcyIsNBpmxZVY6c4J1ks8q4iKjSP8oYrr5ktqXAJugkjdq/aNhyNg274
Km6vdhU3+usXjVRq3RWJw3YBSc6kcl/KDKhLid1LH62QRftW7XN4x2omqGkI
CI6qj1Cw0QEY57Nl4ezQUHcrHkzloMHYCJwbjshWh6VUjOje/dx01MyRgFiW
yquJyQbpurTLdQklSRyb1OqqZL6WmVfNrTUVL02mk07lxXxX9Pi8xJlKMaoT
c4NnHMHp3Xc3umWual4tUSGrHAs+ar4Me4l/EL80eVIXFWFK0S3aSeCTdZ9c
3jBDnVDoFKeaxXTTtSkHgEF0KmZen2Siy24lgbLA9DnCok0ot1ead2t/QmUl
SChUl4M0BKkvIDFUxD/ilTSQYl/PMTxfHQYis3R0FuIA+pRyiewHD8DZg2Sc
sTr+EZkQl4nTSye33scUHL4uboAOovEqKIkSs5DwOHpP1Tkz/IeRoD0hYVx6
YfXJPlftJOpBZnojlWcLaywmxOODusA7NPG7Enn6wq5iwp4ifVeMRVmoW1g1
I4z3G53BRACrwrPugERl276tVUXsIhNDrSFXYU96JSiZV7Nqz723ZWqfMtr7
AbMJSwwXEaZMdGYndyO/Yz5up93oQG7MkdeFFWzkGmo3c4gGzi6WNfj82aqx
8+WL3LOp8z3c4kdLHZZDlzhzp8yQMe1DA/YJ8HzWAFASoxUbwbxOgYiC3o5j
UqVxcLKkK+aCdISjIlIeWBBQL5A+YulIcAtSwyIpiZ2qg4LCKUSXccg8nQsx
9Uh7IYtpGCltWzjV2x/P+WD3AFRXzG1ZlJyVSlxEHTbpgBj/YQEx3h0BMbpG
DVI8pqripd3k9ybPOwciWedMmXJRicGJvu+Odbj98vQX4uAcEd4mVx0rU5LN
ZwOzzhaq9Kf9jF6/0+/0cJVMDWtLLoQbgZfwGE9XFwnjcCnZZcjBufa3mPiu
9Nf6Ies31JfUVdF3ayErv1DZcRfmalxhGsbCl/CUbBliPoR9pbAaUdxYduAU
TPQVJh5XKbXqf7jmdBez84XZXWaqyEYNT6rrYaklXFVRZ8CJEbjWf+FZlZdL
hZ++GY9lhVvdioj31U9vLb9K280F0omGEi2rw7Url1fpQh8UP+uUqcFY9dUC
D7SI3YhqoKMaJNijkIygZejqzdYNYdqNYV06h8cNRcERlqi2aHxVRSakxL3V
UqIdtMW/R+qqurWLDNp0mWDZGetI2sLI8qE41/M5OyWSA6iqE6UxfNXiERQs
rlKBWCHNJdtOB6fKvR1khduw5QZoI4JwjjEupXrrccc/x/OJoubGYF1HQBRs
FTX04Fmrbl3aZ0oBUgYIqU4YKiL1w7D2h0pU4GTUumqpQlGdkkzaJGlARY1R
wmY9PUaOMMhNWKOcLXB4b/WqwqKQsiDKsLXDSPGs5qNL687Bcp6nZr7lZksK
d4aRqKhJN5fD2WyNI6Oab6Sraf1ZjJj6ZYv1fdYEEigUs+IpfMP7lc70Pn39
wvO++srJ2BXBs2B+9THpfPXV2pxezFsRhySA0n5IReFKXFkKr8fqgDqGxDFF
KPSWKk5wzzWU91oqObLJ3PAw5RQ27XQ107kV1ZhdUWuqAd2u5pRQISZWWrhC
kHUBB2PyW1cBqwIUjSmUxB50xVFJKiPkBQ4GYtbcAWRvF6bwciVQnk7buKY/
tS/2VHQp3figUeWcEDIHF/ouwFISBhwvKOedq8a5uYDV2zcLSBW9WFqxL8h+
mTIAjRzlmBgLRwxqjD4wr3fuH7XCxkWSkdms1Ep1Xmh7MwiwpwE3j4LYF3fa
4FiwPcCsHuAFTxhQYOkCJEqra0OCyD1M/uqrpxRKUG998tVXQtna7SKlxemA
UYx2N6x2EdMtorRIigI61MtpHKssKTNQ1YU7qeS4rhQpUcmB0oWp36YQkvJ6
CttW5bqTkGuom5VoQEoTzt8PLe72TAlJ4+vDLs1jyZPWjkCjNCpcVRukN6op
rw5mShP3j+XpRKpxv8905cI6/0cE7vrdxL1j9Wmf5sXyIZoumy9fDY0rnDU/
g5kHNsiqKNvhMkXl+wrjpCjYmRm7yL3yZsmx3NplwuYbwLnKYtExSAP3rPp+
UZW2kbcDhm+gQ6lXg317CB39Wi/wftvVcPBbfvJUl+i3npkCy/g8GP7W8+Q6
YUxpASCqLNFnmCZYrxP/5yT6ZjX6tkWxWLPSeYBbW5XqP1EdtrwvGihYPx8f
BtS8y4O2X+UFfU/b9cQeC8EB/NHNVpz434fF1ctw+Q3NSasyMuoUdsvH5sYu
xowQMLO0gs9LWTlEa7qQpdpfi+CB3/4Wq6pMf8vtwzh+rxDe/5cCfmj5H9L4
xBcslM/wxP+XP61GfzmwXlOoP+A10Wv3/2WOlWprbylqlrcq5brNLhegOBRZ
LoGv7o4WjKrw7I3aBOOLroijtlJTMRy9BeRs+id1LnAKas9NkeKxz+JGRdtp
5yzoAemcDRxTFMRH/45OrjA3+erAOM+Jc9NpAaZmlInYpgCrkGo94Pn0HG0o
3ZWO9MNKqp6VKqrSbKbwZpazNHvreHmUQ8MuYRLS+a7EquybK6Ow7JUAiFe5
U0+m+QX0jcsL7gkt6/lWy3pqAr6oQqzW21AS1NySOoQqG1cVV2a1egWixvN+
4iuw2ITXU0eH4oDPh3SWUfU1k3ShfKFJUYLqQJGEheSMKKr4YbIsfCqId+jf
wmhv8V+YJvr37envbw/8r/wR/P/p29ewR1USSdDtDTiB5PtEdEZdoFNq1QV4
89YUaxaoi6I+6UpMIjF+619Qn1LLkvrVb/FhEc2vUCASJ/lSCnwRkat0ISF/
amp+y1d4WZhX2hsiqkdLeGTGWnMpfjYVhO4UcJA2B+ZSQK4JqAunGGuEAiRU
1Te9iGqFlM85wpAqdl5lUxWkX0TJIszTTFIsKT1qqWJGuVsKWURHdYS1H/iU
/DqhAFt1f17I9SHNy5LfIqaaRsm2kPVDZgGFPQbtZZ6lHxJ2PkxIGIPVDovB
hT71+hVctRxUBCxTRM7DW/85OcjsKKHvKKrzFjgGsFU5Zt7s0xiFxv+c3BeN
1hihxiUIpynfRCb4BfLvcyLqh3xupWw96M77VIWP4PQE3re9oyPF0X5LlYRU
XVkqWsYJyN8GQ831fMaPNZh9OsqjezoF3ktTNXRAmUuFyaRNF4qwOEHR4Cch
TnrV+bpQGi8mvzdlYVFAuA5qiYkqDlRMVSiSp21TnYiumniy6ZpEGJJ2VkpV
Md4/7Ce3ohTqoQYkUTBCu9fTd51p4gaq+0Ni3F4YR6w314nJjlD54LpUAWWv
UsE0ZAJswrMpLm87u9vSkG2ZGk4KrGWXiHDd/wAsWDLLMZkH4Efog7jUWjHZ
H1rkyuYn1xsd39sVG1RuWWon3YR4lofp5niklyfCGK7Spc7bti7C1PJIgqkN
5oVxDShTHQFSbrQ62yr5WK4t6TJ4FAx/8eSpxJjPnwnltoIM9oBaCewiTxKz
GMarqLNb7WBkFcUlkfMyXz8tVwUHFEnQzPAYE2v9ffZn7k2XQFjkYmN2u1dj
5HsHdHPwuaBR3cJ8Gq6uorz1ASDyLDITJ/RdU3X171/fda2w+wOzK5tpVRmY
8/fJLd11nOfZdXvCBY6SBLYGY8yfoNf154jPqNO3SkSOnHKRQWeg/g6OO2PC
mDZ+DaxVZlIB9o+65iFd82s+o85Q/d0bNgCG/ZBkGBuXRua9QAAH3a41DAdj
wFJ3FPQ7g18rtuOQWSWMU68IUgDtJqnKV6i7uqkMkuf9bF0VqxSqWYipJ8xY
sdDk23di+6747Jf5Kmw9uuXOD6M8w+KH6kiNgQH7+PyZir1oHNt6twC5IsTG
Bry5vnzxClXPzCh4erR4/rkwd5JLVRlmE62qZ19FKq5ldS3fFFKbqStZoyus
N1hIDKDU52x5td3EjgGTTKOyb21FLwqXoQ4gBE6NhRbzhWAtNV14GukiFQw9
J/8MhRygzsNF6zh1x5cUwE51E2+5VR+xIQe9of8JhG+Xej/uHBnCHRxVtp3Z
kj21O4bw4ie/P+TXsUatbmLtB35laPZHp9/4et+8Mqi8fmS2kHkd9hm+fwyb
2309OLrj9a5+fdzD14PuiBoP9SvHFeSDrjX2bidQG3jd5rhrK4dSvkxKbJ7p
CAykRzlC+7KOLl5beeti6+wvUTrvgmS2J5zdkI9FBVUispcRCOoOIhquJSVn
MTWQJlIKRmsJqt/tjC0gwXqCOh6tI6ugP+gEFlGP7yArSa1+LF0x3Wht9Sqx
1B7OlLd0QVvB03aVqQBALmyp8a1SmUWxkcpgWDgF45b4ENDwVYzLztnvgmr/
5MYHDZBKSWK+o0fSinFCn4E5gLImYBNknXIFlE8HfF+rkk1Kr5EjJhgHROY+
CaFez9N3EVdfpBpdHNCAklaiY0CL6bbJGAMoVoWGoDP6tVRPeaq9OWAbv0k4
/0k9AZV1RYqxuIy0k4lVaUTRlpbqbkE9foOoqvDi+JvUbU06I1zVWtaLLXKM
K9x5Vikyu8NVoQLhdGcR2m8hax+NZETnQZ5tEbTwntuKf0vOzWnsRU01KHXq
M5kYtv4vFv4iuZyllxS3xtbEx0Rfuim3tBuilAovpvtq8MHnz+Y32ybgMwJn
4qpeErDb2lyC1YIvuo0UJi30pXh0cII3U6hNJRkFQpDsaKNEFm5KlRyctrAs
+6fQvGKA3lH0rXNApOM55OTHWLhaJe2ZmTLRCNr4IrvXnkxFgqmqAZKTeyX4
Nas6zJuqHxFeP1SEVfXvTU2T+2XXa6u4YSC7yrdr0m9gcLgweAJtGJuIPxtG
rwGPin0yNr8Z+8SFUcWjrghZ8LUi9JaWkUjlnbMuAmPkjCUYWmI+6HSV2GrY
JncLrLewPV7zFjD8UFk3FqulsBvPImPOquJCZ1JGlqpkUIgFx8VQnn097pHK
X3KgHAeBOU5B685px6SH/lWJEh2zIVHQXIcdmJp6l0oti6yxImoxkEWH5mGi
Bxsd7EMXDniFefPopvK4LJwECuh4S5wLsNwSKj1VjcO2Q3PlnFciTsX9iU4k
qtxMJSWx0MqCM3E05lZC2oJvq7OA3uV2YjeK8jqhigHDVdGKTkZUEwyRvJVq
5xL1g7YWedA4Eoha6sOYhhPiFjpO8tLcV7moHQIXZJcunEKEymTF2Ii1w7Qw
NJUorAilwipWYWJImCoLTrLmbD0zNl2DVKqNL6hOc+3oWvImi9WEb24rK12q
F6ernMREdLVafND+Jnt2Qrp2oTJ6MvzNHJCSaFIcSy6SIZlh0q2KAMZgD9JU
gJ6WeSLBwPqKJvu2JudKv0minWP8QC7KTc3dD1zahKODWN20Aoq0LENC1Xfv
mns2DLkUtbLk6vzfswudUx6CumdQ17ZyHHh21CknQVm0zXuW4j2fva5m1xE6
bulbO11OZYeqmFIr8A5DbJ8p1mGucAfUVGRoh9Pk1jiEOd1CSgIQijwr6nZv
jnR1nnnCofigUrHaOVbIkhtI9UTyQaiKmOYBqgo2olgZf60uv6NaTBKKD5W+
uUKQwSUxp64cTGwlEPj7CdfCUMUDnd0iab+GgkUHlqF47gxI+BlMNMavMyVT
CNME415xHq5NUgdTrhwiSAUqL6RYYs46oG31r3hR5GW2CgH/MI/b4ccSI/Pa
5Cdqh5cLrHnalr1EG865lxiv3Dmk//HnsL3mEqk1n8Nv2ocI5/bnJ73b17d/
BFn99Cn+/ZKl9uu3jnw3+0bOGy35f7sTfARO7c4f60NR/CWo3He0sfHZ5tOE
z5233luVYhrxebLdp3F+qNqV4kUKm6cVbAq/CZ+75hk/Hfjc9fvfc57VBxmi
5nL7xYG//9Prty9+enX640EzPoftbxvxeQCSh3x6SPi49YE3mLQqPrdr5ufw
4XAe0PWmcNzzRim57YY1KyXk74TPuvV6wIf42Dp8uLB0/aT3jvnZCT1vOzmC
Et0LyIMwrrrXWV6LJKAmp87KqWZt53p4W5HVdhe+/FppzToBqP2aS0IjLKaC
vS8NMqg6+OozFjJaOZYEkYYFc7jJoQWxsaG1bJXv3NMGDTeGuEHDKt6H6xre
C6mxwc8NDX72NiTVQ5ccZderEF6ny40hrkHaQX6rBj+va9A4040TuGmXD2po
mOW9ECuE+F+D48bTcx8kpdIbGwnd7xsDW0NJ+jGqF506Pa0B3vyYeqOt0bQ/
1j6ubxwRx82P6wzttqIY3DYjedv8dF3vm77e3A7/UcK69/Ur/BsVOOvpK3rq
WU8Cbrej3jd6fcuZr8gx2yWhpNmZiZ56jkfqJNHwcMhhe+IJROqWCOO3GPj1
c0IBupXUK31hiL7unK4q/siNJVvUSbsqTBJd5ulr6Nhphbk66r44k1tcj/1y
00vJWvXsgioODsrEVUcXKsVOn/JYhbe+NlA5Dg3Nf+01qEJVWX4Lvu/la3MH
DSJIcSdYxKYRvJUNIuX8PQqwxYh/zmnTRZ8+fw6Toh2VeRsXrF1chT2yeU9h
MFY9Aikdq4pJYkaUSR7GI6dXdplJfidPlnlSUA46WuFXySddJQB+4IheopKL
7ie8S/s7C2IVAKIKAPR04DXgmG88yZPwA6d5XF9hTTUgykQl0Vm4pBi9KklY
6DbK8rkuL0Wh6E6JMfFxYcU39inxId6NVbqBLzaPTb2VhBOtispSUj4VLnT4
MUz5kjnA7N/Of3oloNGz//kz7gLZBOTn5MNVj9rZ8FpuPU+GT63YPcBTYSd2
W/mD1E5NsHglFZ3g6qjJ1aGD9hLbtaDOFFGa65Oeq9pEfAh8rfN4KOj+4kMa
X5z4pybLDx8C1dFDUw8HHjLd4/OFvpTcYfuUUVjJtpR1sXY8davwxAspGHM7
RUknKHGJmELlJekEJHlHoaYGu77RWkh2b7wgrNHj0rZlaT3KFuFalfbHg2lq
fM49w09dc7P6FgADAzDYBcDp1AAcwR/bgwzsQY/pz62BTqc2nmP6c1uggbs8
oTzYEux06uIayoPtwAbyXIOd6EdbAZ5Oq/hO9KNtAAf6uQYcWQ+3AD2d1nGO
rIePBx1YzzXo2Hn8aODTaRPesfP4scAD57kGnlR+eCT46bQZ96Tyw+PAB5Xn
Gvy09tOjOphO1+Ff/eVhIwjuZffBwzBeB9Cw++Bh7H4NQGsKgoey+2aQNrsP
Hs7uG4E6SxU8nN03AXXZffAYdt8AtkJWwWPYfR1sld0Hj2P3NcC1bRA8jt1X
AdfZffBYdh/cy+6Dx7L74F52Hzye3Qf3svvg8ew+uJfdB9uw++Bedh9sw+6D
e9l9sB27D+5l98FW7B5a38fuR90dgTQMfxTsBqQ1DaPRjoZuM/0R8OeHsv1m
sM6SjcY7WiiX8Y/C6fThrL8JcIXERuGOSKvK/EeT6fQx7L8OurYtRpMdbYi6
ABhF0+njREAVeMN2HlkiYCvMm4TAKJ5OHysGXPCNrGjkiIEtsG8WBKNkOn28
KLA7WMNKRxVR8OgRrBMGyKO2EQemi7XiYFQTBw8aRbCBu2fcfSBPXA/UiIRx
sCug1mSMR9hsJxNgi4Ux2QK7wddZPAa8kyVzRcM4VBhvj3OF4Bj0TgitKh7G
E4P1tnjXNgoD38kWqYuIcWRjvh3uDZucwe9kgzeJiXHsYr8N/o1MijvYCYtq
FhXjpDqCx49hDaPlLnbCaNeJi/G0PorHjmOtwOBOHi8yqPX9ImNnQG2RsSug
jsjY2QS4IgObPUxkrAPsLt94Z0tWFRkK4+1xrpKctie2xrouMgzW2+Jd3yqW
TbEl5k0iw8Z8O9ybtrljV2yFfbPIcLHfBv9mNlWxLbYYwTqRUR3B48dQQdTt
YiejWC8y6qN47DhqqLqdPHokzFLuExnhQ9XVu8AaoREGuwNrTUk44oY7mQZb
cIRjWcyHiI61oJ1lVKB3sniu8AhDg/X2eFfITwHfCdlVBUg4sTHfFvfa1lHg
d7Jp6kIkjFzst8O/YeurDnay7ZsESRhXR7DNGBrZl+piJ8yrWZiESX0Ujx/H
GjasOtkJG14nUMJp00geO5a1IkV181ihIq3vFyo7BGsLld2BdYTKDqfBFSrc
8CFCZT1odyEt5WBr0FWhYrDeHu8qAVo2ydaY14WKjfm2uNc3j2OXbIl9k1Bx
sd8OfwvNagc7GUGzUKmOYJsxOIhWu9jJKNYJlfooHj+OCqrVTnYykvVCpWkk
jx1LDdlqN48cjdqs9wmVyUOVxbsBG7EyCXYJ2JqYyUg13clk2KJlMtaLurlw
uQO4s6AG+E6W0RUvk9DGfHvcK8RowO+ECKsiZjJxsd8W/9pmMh3sZBvVxcwk
qo5guzE0MATTxU6YQZOomcT1UWwzjkbGZjrZCVtrFjeTpGkkjx/LGiZtutkJ
k14ncibT5tE8djxrhY7p6HFiR7e+X+zsFLAtdnYJ2BE7O50MV+yoppuLnbuA
u0vqODy3Bl4VOzbm2+NeJceKErQl+LrYcbHfFn/9vN7BTkbQJHaqI9huDBai
9S52MopmsVMfxTbjcFCtd7KTkawTO00jefxYKsjWu9nJaNaLnebRPHY8NXTr
HT1qRIb07xM70UPVs/tAG8ETBbsFbU1PNDKNdzIltvCJxtbibip+7gTvLK0N
ficL6gqgKHSx3x7/CmnaHeyEJKtCKJpUR7DtGGrby+5iJxurLoiiqD6K7cbR
wCbsTnbCIpqEURQ3jWSbsTSyPLubnTC8ZoEUJc2jefx41rBwu6OdsPB1Qima
rhvRY8e0VizZXT1GMFmt7xdMOwZtC6bdgnYE046nxBVMpvGmgulu8O7iVgJB
tgZfFUwu9tvjL8+bOtjJCOqCqTqCbcegnzd1sZNRNAmm+ii2G4f1vKmTnYyk
WTA1jWSbsTjINnWzk9GsE0zNo3n8eCroNnW0kxGtF0zrRvTYMdUQburqEaOy
iec+wRQ/VAm6H7gRTXGwa+DWJMUju/lOJsYWT/HYWeTNBNQ9HTiL7Hawk6V1
RVQcVkew/RgqhOp2sRMCrYqpeFIfxbbjqG04t5OdbLW6qIqjppFsN5YG5uF2
sxPG0SSu4rh5NNuMp5EZuh3thBU2i6w4WTeix49pDYN3u9oJg18ntuLp+lE9
dlxrBZfb2cNFl9P6ftG1c+C26No1cEd07XxiXNFlN99MdN3XgbvMtSD7rTuo
iq7qCLYfgzxv7mIno6iLrvooth2Hft7cyU5G0iS6mkay3Vis583d7GQ0zaKr
eTTbjMd53tzRTka0TnStG9Hjx1RBuLmrnYxqvehaP6rHjquGcnNnDx6ZO+X3
ia7koerFJuCN8EqC3YO3pioZuS/sZHpsAZaMK4u9iQi7twtnuatd7GSRXSGW
hPVRbD+OCtlWO9kJuVYFWTJpGsm2Y6ltwWo3O9l8dWGWRM2j2W48DSyl2tFO
2EmTQEvidSPaZkyNbLLa1U6YZLNQS5L1o3r8uNaw/2pnO2H/6wRbUhVmDxVt
jd2tFW3V7h4q3Cqt7xdufwfwtnDbPXhHuP0dpscVbu4Lmwi3+7twF7whCXrr
LqrCrT6K7cchz9d1spOR1IVb00i2HYt+vq6bnYymSbg1j2a78VjP13W0kxE1
C7d1I9pmTM7zdV3tZFTrhNv6UT1+XJXn6zrbycjWC7e7RvbYsdWQXtfdA0dX
Re4+4TZ9qLDerAMj3qbB36MDa8Kmo+orO5kkW8RNq/bbJhbcBp04C1/vZCfL
7Yq5adWG28yKu7ebChHXu9kJ8VZF3bRqx21qyd3TUW1T1jvayXasi7tp1Zbb
3Jq7s6sGRlPvaidMpknkTav23EMsujs6a2Sg9c52wj6bxd60atM9zKpb290a
4VDvbifCYZ3oqwu7yujUlWOPHehaKVjvudJQ9XzfmGs93C8Qa6/sogNbIP49
OnAEYvWVnXThCsTqK/cLxE06oefrO9nJSKoCsWkk249Fnq/vZiejqQvE5tFs
Ox79fH1HOxlRk0BcN6LtxmQ9X9/VTkbVLBDXj2qbcTnP13e2k5GtE4h3jezx
Y6s8X9/dTka3XiDeM7pNBeK6nmvP1/dcaVgViHSDH10aaS7jxBv81KWR7+jS
SLkwkq6r+/7l6dN7r/aL0uVVkr8vVmmZXJzgPYl+uoiTT+oWQf7dp9/xYjy8
nXO/SPBO28+f5UJRbtOmNsWXLwd0ZWByI+DoK7y6XJV4aWPjlZf4Bvzw3rxl
XelZrCbwHNGOVxFe2nhDmF3APKYfk/f8c7F/cOGHs8ssT8urOcLDC8x3CnCR
LSI1R/LHBsMKw1i9g183eGNZygvLWZguyuRTydctylOebXq80V2KNLZpNptl
13SZYp74Zb5CUgAwiXeBNNURmrogwuFHQlsXfAlmce+1o0xPNrR9mMaWTzPV
8mHwLX9ZHvhPnvgwFt1Wuqm3jbgtYEBXc/oZ3WEqF2LKFY24FeVyTbkotEzy
eRKnIVCrNNXXOJaZNw2jdJaW+GucTFaXl+q+TIQzDdPZKk/wsszaNre3ieKX
HqAM35Fz9rr97qB71B12j7uj7rgbdifdqBt3k65s5KAbBEEv6AeD4CgYBsfB
KBgHYTAJoiAOkkBa9bq9oNfr9XuD3lFv2DvujXrjXtib9KJe3Et6U0/2yAa9
Kuo/2bDrzfqn9VkP0oOFO/EH48HR0WAw7HWP+oPhcW8YDOPhEfx1PDj2luWJ
PxzQw+HxoBcPx0N4Phz24uP+UBoTRvAGvDVMhn3gpfBOvz8Op91BGIdB3B0O
hqNROBj0JqM4Go7jowm/M5mGg+50MEmm3aNRPxl1R0F3OI4inKGjNRy8YWl7
/720//cu7TAZ9yfHcdg9Ho57x5PJ5sva/+9l/b93WbvjwQhmZizaDig759W7
xy115x+n12x8FfIE8LL0D/O3UQFsrQN+eV+Es7KidDAq9OssnCQzgUbfEWm6
E5tB2I0vlITcDDz+sjl8hvOwDmDlEqXBVB7ClOWpulv7QVNSgUfj5quc1+l2
909DFUdq/Cig86QE2i9DBVH/7RKAkPlFolUwG8g9yqC8vGudMHHUwfguTdCo
se0iukrm4ZcvLbnBPlwIfnh/PSIHb6RlGs7Sv+nL482uCIsivVwwwfE288Qs
IP0Q9ljLh8ctX81jy8yJrVUKtvum2T+BJulkiIvvpNdvcqkNjobHnpq1DcRK
lYGc+C6P7we9pN9Fzg+8uw/Pjyzxoj7A97vDCfD9ca9bRZIGUOMjj+qG+gGp
Egwj/Fbvqekdq3fiJxj+3xuOj3pROJocJ9EgHB+NByA5gRr6IaJShYIpmqMo
SpKkP5iCbIt7/XF3nExAWkYDmEhrDk/8/vQ4HofH0agfJqMkiEZhEIQJ9BdO
jsbwhgN80h8eJ/2j8RT6jo4n42gwnPQm0XA6CqaDYRI4jYeT8XAKGmswGo5i
QLnbA/RHx7i+x73upG9PMkxvd9Ib93vjsDuIo+40GA3CqB8MR56i+3vEuigG
TWCOB6iOoGKAd2r1+khyzbCUErSVomB1Ar10R5PhdDDudkfQ/mgyjof0znQI
Ss0gTILwaBweDQej4WSACxB3+8PJaDSmRkBjvcF07Y3IzZr+P/fW6/1Dt17v
v3TrJb0kOoqOx8dHAxhUdzDqTwJQIIfJcXh03I17DvCwdxwH4940GYEBeBxF
8egIaHsUj+NwMg6O3H06nk6So6P+9CgIYOqCJBqGIUCf9kfDI3ieuFsvGY7C
aBTH/bjbm06iuD8cRUdHx8cP3HpNYDC44h+y9fpTmPL+KJ4MYtDE+4Nk0A+n
Ib3TnY7C3hQ35DFYFkl3dNQdDMPx9CiaDDAahBrFsAEeZIn9c2+7/j902/X/
S7ddL4Ld1e+OxtFkAoQ+6g+Oj5LBFGRZEI9hkznAR7Aa8fR4PBnGR0fd6fEo
wW/d6TQcdePR2N2jQRDDBHfHY8BiMJzCtj5K+qMohj7ARpxWth38Egyh46Pg
aHzcBSy70fG0f9R94LZrAjOBBfqHbLvgeAoaxLQ3Co9C1CGm0TQaRvTOKJ4O
+0egXhwnPdAaptGkPwmTfi8ZDPqb77TBP/tOG/xDd9rgv3SnxdhmcDwdROFg
CkrmYAAEOpwmQCST6THods5+OD4CGkrAGEu6x6Ng3O0Nj4+CUTB84H5oAnMU
Hwf/kP0wOR4Evah3FPTDYDIcxpPJYDRiWR1MJuEU9svReATjDI6HYTwawKQE
sHGiYczrN+mOgwgoNRhFySCMJzCyBzgIj/7ZN8vRP3SzHFU3S3ca9ZNwGCeg
TkXj47B/NA3Gg2g6niTxeBAPqlAmQIpgg4BecRQej44iEAFHcZSMowA0/P4o
rLUfTkIY9CQaRN0wGAPxH43HyTgOJtEUSanaPoR9BeZFdzI9SnpHg+RoMIxh
mfpBH7SaftivbMakdzzpxgNgzckY1EMsHhAed5NhDLt4FLsK5HAM5skwAVsK
rJcJKKTxeAI7Jg7RqutXbLfRYAxkGgC5g7Dr9aNxH8gliR6qQDaBiWBG/iE7
dwysC0R/f5jA6obRpAtSK+B3xqCAx0EyPu5Ng2kSH4+O40F3MIbNHIW9oM+Y
9KMginqD+GgYJeEkSuLesfYF+6fRh0V2PUviS3JrFd7nE3+xmk+SPImf7E3D
WZHsfWHnDrrRYXv712lxha6kYplEaTibkeNr8cH//Pnzs7zjn86ST/7vs1WY
zmZhHn/58gU9W9kiUQ7iJMxnN+S4ytPJCjmGctjFWbRCLDr+92nhL9FvlS3I
U5Yskvzyxr8GtHw8YVYvJOjZwhZenHxMZtkSX8eO2D3W8f5/jltSLy2WAQA=
</rfc> </rfc>
 End of changes. 490 change blocks. 
3886 lines changed or deleted 2822 lines changed or added

This html diff was produced by rfcdiff 1.48.