<?xml version="1.0"encoding="us-ascii"?> <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> <!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.2.13 -->encoding="UTF-8"?> <!DOCTYPE rfc SYSTEM"rfc2629.dtd" [ <!ENTITY RFC2119 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"> <!ENTITY RFC8174 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"> <!ENTITY RFC8446 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8446.xml"> <!ENTITY RFC5116 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5116.xml"> ]> <?rfc toc="yes"?> <?rfc sortrefs="yes"?> <?rfc symrefs="yes"?>"rfc2629-xhtml.ent"> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-yang-tls-tls13-sm-suites-06"category="info">number="8998" submissionType="independent" category="info" obsoletes="" updates="" xml:lang="en" tocInclude="true" sortRefs="true" symRefs="true" version="3"> <front> <titleabbrev="TLSv1.3 SMabbrev="SM CipherSuites">ShangMiSuites for TLS 1.3">ShangMi (SM) Cipher Suites forTransport Layer Security (TLS) Protocol VersionTLS 1.3</title> <seriesInfo name="RFC" value="8998"/> <author initials="P." surname="Yang" fullname="Paul Yang"> <organization>Ant Group</organization> <address> <postal> <street>No. 77 Xueyuan Road</street> <city>Hangzhou</city> <code>310000</code> <country>China</country> </postal> <phone>+86-571-2688-8888</phone><facsimile>+86-571-8643-2811</facsimile><email>kaishen.yy@antfin.com</email> </address> </author> <dateyear="2020" month="September" day="27"/>year="2021" month="March" /> <area>Security</area> <workgroup>TLS</workgroup><keyword>Internet-Draft</keyword><keyword>cryptography</keyword> <keyword>encryption</keyword> <keyword>authentication</keyword> <keyword>network security</keyword> <abstract> <t>This document specifies how to use the ShangMi (SM) cryptographic algorithms with Transport Layer Security (TLS) protocol version 1.3.</t> <t>The use of these algorithms withTLSv1.3TLS 1.3 is not endorsed by the IETF. The SM algorithms are becoming mandatory in China,andso this document provides a description of how to use the SM algorithms withTLSv1.3TLS 1.3 and specifies a profile ofTLSv1.3TLS 1.3 so that implementers can produce interworking implementations.</t> </abstract> </front> <middle> <section anchor="intro"title="Introduction">numbered="true" toc="default"> <name>Introduction</name> <t>This document describes two new cipher suites, a signaturealgorithm,algorithm and akey-exchangekey exchange mechanism for the Transport Layer Security (TLS) protocol version 1.3(TLSv1.3, <xref target="RFC8446"></xref>).(TLS 1.3) (<xref target="RFC8446" format="default"/>). These all utilize several ShangMi (SM) cryptographic algorithms tofulfilfulfill the authentication and confidentiality requirements of TLS 1.3. The new cipher suites are as follows (see also <xreftarget="proposed"/>):</t> <figure><artwork><![CDATA[target="proposed" format="default"/>):</t> <sourcecode name="" type=""><![CDATA[ CipherSuite TLS_SM4_GCM_SM3 = { 0x00, 0xC6 }; CipherSuite TLS_SM4_CCM_SM3 = { 0x00, 0xC7 };]]></artwork></figure>]]></sourcecode> <t>For a more detailed introduction to SM cryptographic algorithms, pleasereadsee <xreftarget="sm-algos"/>.target="sm-algos" format="default"/>. These cipher suites follow theTLSv1.3TLS 1.3 requirements. Specifically, all the cipher suites use SM4 in eitherGCM (Galois/Counter Mode)Galois/Counter (GCM) mode orCCM (CounterCounter withCBC-MAC)CBC-MAC (CCM) mode to meet the needs ofTLSv1.3TLS 1.3 to have anAEAD (Authenticatedencryption algorithm that is Authenticated Encryption with AssociatedData) capable encryption algorithm.Data (AEAD) capable. The key exchange mechanism utilizesECDHE (EllipticElliptic Curve Diffie-HellmanEphemeral)Ephemeral (ECDHE) over the SM2 elliptic curve, and the signature algorithm combines the SM3 hash function and the SM2 elliptic curve signature scheme.</t> <t>Forthedetails about how these mechanisms negotiate shared encryption keys, authenticate the peer(s), and protect the record structure, pleasereadsee <xreftarget="definitions"/>.</t>target="definitions" format="default"/>.</t> <t>The cipher suites, signature algorithm, and key exchange mechanism defined in this document are not recommended by the IETF. The SM algorithms are becoming mandatory in China,andso this document provides a description of how to use them withTLSv1.3TLS 1.3 and specifies a profile of TLS 1.3 so that implementers can produce interworking implementations.</t> <section anchor="sm-algos"title="Thenumbered="true" toc="default"> <name>The SMAlgorithms">Algorithms</name> <t>Several different SM cryptographic algorithms are used to integrate with TLS 1.3, including SM2 for authentication, SM4 forencryptionencryption, and SM3 as the hash function.</t> <t>SM2 is a set ofelliptic curve basedcryptographic algorithms based on elliptic curve cryptography, including a digital signature, public key encryption and key exchange scheme. In this document, only the SM2 digital signature algorithm and basic key exchange scheme are involved, which have already been added to ISO/IEC 14888-3:2018 <xreftarget="ISO-SM2"/>target="ISO-SM2" format="default"/> (as well asinto <xreftarget="GBT.32918.2-2016"/>).target="GBT.32918.2-2016" format="default"/>). SM4 is a block cipher defined in <xreftarget="GBT.32907-2016"/>target="GBT.32907-2016" format="default"/> and now is being standardized by ISO to ISO/IEC 18033-3:2010 <xreftarget="ISO-SM4"/>.target="ISO-SM4" format="default"/>. SM3 is a hash functionwhichthat produces an output of 256 bits. SM3 has already been accepted by ISO in ISO/IEC 10118-3:2018 <xreftarget="ISO-SM3"/>,target="ISO-SM3" format="default"/> and has also been described by <xreftarget="GBT.32905-2016"/>.</t>target="GBT.32905-2016" format="default"/>.</t> </section> <section anchor="term"title="Terminology">numbered="true" toc="default"> <name>Terminology</name> <t> The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shown here. </t> <t>Although this document is not an IETF Standards Trackpublicationpublication, it adopts the conventions for normative language to provide clarity ofinstructionsinstruction to theimplementer,implementer and to indicate requirement levels for compliantTLSv1.3TLS 1.3 implementations.</t><t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shown here.</t></section> </section> <section anchor="proposed"title="Algorithm Identifiers">numbered="true" toc="default"> <name>Algorithm Identifiers</name> <t>The cipher suites defined here have the following identifiers:</t><figure><artwork><![CDATA[<sourcecode name="" type=""><![CDATA[ CipherSuite TLS_SM4_GCM_SM3 = { 0x00, 0xC6 }; CipherSuite TLS_SM4_CCM_SM3 = { 0x00, 0xC7 };]]></artwork></figure>]]></sourcecode> <t>To accomplish aTLSv1.3TLS 1.3 handshake, additional objects have been introduced along with the cipher suites as follows:</t><t><list style="symbols"> <t>The<ul spacing="normal"> <li>The combination of the SM2 signature algorithm and SM3 hash function used in the Signature Algorithm extension is defined inappendix-B.3.1.3 of<xreftarget="RFC8446"/>:</t> </list></t> <figure><artwork><![CDATA[target="RFC8446" sectionFormat="of" section="B.3.1.3"/>:</li> </ul> <sourcecode name="" type=""><![CDATA[ SignatureScheme sm2sig_sm3 = { 0x0708 };]]></artwork></figure> <t><list style="symbols"> <t>The]]></sourcecode> <ul spacing="normal"> <li>The SM2 elliptic curve ID used in the Supported Groups extension is defined inappendix-B.3.1.4 of<xreftarget="RFC8446"/>:</t> </list></t> <figure><artwork><![CDATA[target="RFC8446" sectionFormat="of" section="B.3.1.4"/>:</li> </ul> <sourcecode name="" type=""><![CDATA[ NamedGroup curveSM2 = { 41 };]]></artwork></figure>]]></sourcecode> </section> <section anchor="definitions"title="Algorithm Definitions">numbered="true" toc="default"> <name>Algorithm Definitions</name> <section anchor="tls-versions"title="TLS Versions">numbered="true" toc="default"> <name>TLS Versions</name> <t>The new cipher suites defined in this document are only applicable toTLSv1.3.TLS 1.3. Implementations of this documentMUST NOT<bcp14>MUST NOT</bcp14> apply these cipher suites to any older versions of TLS.</t> </section> <section anchor="authentication"title="Authentication">numbered="true" toc="default"> <name>Authentication</name> <section anchor="sm2-signature-scheme"title="SM2numbered="true" toc="default"> <name>SM2 SignatureScheme">Scheme</name> <t>The Chinese government requires the use of the SM2 signature algorithm. This section specifies the use of the SM2 signature algorithm as the authentication method for aTLSv1.3TLS 1.3 handshake.</t> <t>The SM2 signature algorithm is defined in <xreftarget="ISO-SM2"/>.target="ISO-SM2" format="default"/>. The SM2 signature algorithm is based on elliptic curves. The SM2 signature algorithm uses a fixed elliptic curve parameter set defined in <xreftarget="GBT.32918.5-2016"/>.target="GBT.32918.5-2017" format="default"/>. This curvehas the name curveSM2is named "curveSM2" and has been assigned the value4141, as shown in <xreftarget="proposed"/>.target="proposed" format="default"/>. Unlike otherelliptic curve basedpublic key algorithms based on elliptic curve cryptography likeECDSA,the Elliptic Curve Digital Signature Algorithm (ECDSA), SM2MUST NOT<bcp14>MUST NOT</bcp14> select other elliptic curves. But it is acceptable to write test cases that use other elliptic curve parameter sets forSM2, takeSM2; see Annex F.14 of <xreftarget="ISO-SM2"/>target="ISO-SM2" format="default"/> as a reference.</t> <t>Implementations of the signature scheme and key exchange mechanism defined in this documentMUST<bcp14>MUST</bcp14> conform to what <xreftarget="GBT.32918.5-2016"/> requires,target="GBT.32918.5-2017" format="default"/> requires; that is to say, the only valid elliptic curve parameter set for the SM2 signature algorithm(a.k.a(a.k.a. curveSM2) is defined as follows:</t><figure><artwork><![CDATA[ curveSM2: a<dl><dt>curveSM2:</dt><dd>A prime field of 256bits y^2bits.</dd></dl> <t>y<sup>2</sup> =x^3x<sup>3</sup> + ax +bb</t> <sourcecode name="" type=""><![CDATA[ p = FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF 00000000 FFFFFFFF FFFFFFFF a = FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF 00000000 FFFFFFFF FFFFFFFC b = 28E9FA9E 9D9F5E34 4D5A9E4B CF6509A7 F39789F5 15AB8F92 DDBCBD41 4D940E93 n = FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF 7203DF6B 21C6052B 53BBF409 39D54123 Gx = 32C4AE2C 1F198119 5F990446 6A39C994 8FE30BBF F2660BE1 715A4589 334C74C7 Gy = BC3736A2 F4F6779C 59BDCEE3 6B692153 D0A9877C C62A4740 02DF32E5 2139F0A0]]></artwork></figure>]]></sourcecode> <t>The SM2 signature algorithm requests an identifier value when generating or verifying a signature. In all uses except when a client of a server needs to verify a peer's SM2 certificate in the Certificate message, an implementation of this documentMUST<bcp14>MUST</bcp14> use the following ASCII string value as the SM2 identifier when doing aTLSv1.3TLS 1.3 key exchange:</t><figure><artwork><![CDATA[<sourcecode name="" type=""><![CDATA[ TLSv1.3+GM+Cipher+Suite]]></artwork></figure>]]></sourcecode> <t>If either a client or a server needs to verify the peer's SM2 certificate contained in the Certificate message, then the following ASCII string valueMUST<bcp14>MUST</bcp14> be used as the SM2 identifier according to <xreftarget="GMT.0009-2012"/>:</t> <figure><artwork><![CDATA[target="GMT.0009-2012" format="default"/>:</t> <sourcecode name="" type=""><![CDATA[ 1234567812345678]]></artwork></figure>]]></sourcecode> <t>Expressed as octets, this is:</t><figure><artwork><![CDATA[<sourcecode name="" type=""><![CDATA[ 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38]]></artwork></figure>]]></sourcecode> <t>In practice, the SM2 identifier used in a certificate signature depends on theCAcertificate authority (CA) who signs that certificate. CAs may choose values other than the ones mentioned above. Implementations of this documentSHOULD<bcp14>SHOULD</bcp14> confirm this information by themselves.</t> </section> </section> <section anchor="kx"title="Key Exchange">numbered="true" toc="default"> <name>Key Exchange</name> <section anchor="hello-messages"title="Hello Messages">numbered="true" toc="default"> <name>Hello Messages</name> <t>The use of the algorithms defined by this document is negotiated during the TLS handshake with information exchanged in the Hello messages.</t> <section anchor="clienthello"title="ClientHello">numbered="true" toc="default"> <name>ClientHello</name> <t>To use the cipher suites defined by this document, aTLSv1.3TLS 1.3 client includes the new cipher suites in the'cipher_suites'"cipher_suites" array of the ClientHello structure defined inSection 4.1.2 of<xreftarget="RFC8446"/>.</t>target="RFC8446" sectionFormat="of" section="4.1.2"/>.</t> <t>Other requirements of thisTLSv1.3TLS 1.3 profile on the extensions of ClientHello messageare:</t> <t><list style="symbols"> <t>Forare as follows:</t> <ul spacing="normal"> <li>For the supported_groups extension,'curveSM2' MUST"curveSM2" <bcp14>MUST</bcp14> beincluded;</t> <t>Forincluded.</li> <li>For the signature_algorithms extension,'sm2sig_sm3' MUST"sm2sig_sm3" <bcp14>MUST</bcp14> beincluded;</t> <t>Forincluded.</li> <li>For the signature_algorithms_cert extension (if present),'sm2sig_sm3' MUST"sm2sig_sm3" <bcp14>MUST</bcp14> beincluded;</t> <t>Forincluded.</li> <li>For the key_share extension, a KeyShareEntry for the'curveSM2'"curveSM2" groupMUST<bcp14>MUST</bcp14> beincluded</t> </list></t>included.</li> </ul> </section> <section anchor="serverhello"title="ServerHello">numbered="true" toc="default"> <name>ServerHello</name> <t>If aTLSv1.3TLS 1.3 server receives a ClientHello message containing the algorithms defined in this document, itMAY<bcp14>MAY</bcp14> choose to use them. If so, then the serverMUST<bcp14>MUST</bcp14> put one of the new cipher suites defined in this document into its ServerHello's'cipher_suites'"cipher_suites" array and eventually send it to the client side.</t> <t>ATLSv1.3TLS 1.3 server's choice of what cipher suite to use depends on the configuration of the server. For instance, aTLSv1.3TLS 1.3 server may or not be configured to include the new cipher suites defined in thisdocument, or it may not be.document. TypicalTLSv1.3TLS 1.3 server applications also provide a mechanism that configures the cipher suite preferenceaton the server side. If a server is not configured to use the cipher suites defined in this document, itSHOULD<bcp14>SHOULD</bcp14> choose another cipher suite in the list that theTLSv1.3TLS 1.3 client provides;otherwiseotherwise, the serverMUST<bcp14>MUST</bcp14> abort the handshake with an "illegal_parameter" alert.</t> <t>The followingextensions MUSTextension <bcp14>MUST</bcp14> conform to the new requirements:</t><t><list style="symbols"> <t>For<ul spacing="normal"> <li>For the key_share extension, a KeyShareEntry withSM2 relatedSM2-related valuesMUST<bcp14>MUST</bcp14> be added if the server wants to conform to thisprofile.</t> </list></t>profile.</li> </ul> </section> </section> <section anchor="certificaterequest"title="CertificateRequest">numbered="true" toc="default"> <name>CertificateRequest</name> <t>If a CertificateRequest message is sent by the server to require the client to send its certificate for authentication purposes, for conformance to this profile,itthe following isREQUIRED that:</t> <t><list style="symbols"> <t>The<bcp14>REQUIRED</bcp14>:</t> <ul spacing="normal"> <li>The only valid signature algorithm present in'signature_algorithms'"signature_algorithms" extensionMUST<bcp14>MUST</bcp14> be'sm2sig_sm3'."sm2sig_sm3". That is to say, if the server chooses to conform to this profile, the signature algorithm for the client's certificateMUST<bcp14>MUST</bcp14> use the SM2/SM3 procedure specified by thisdocument.</t> </list></t>document.</li> </ul> </section> <section anchor="certificate"title="Certificate">numbered="true" toc="default"> <name>Certificate</name> <t>When a server sends the Certificate message containing the server certificate to the client side, several new rules are added that will affect the certificate selection:</t><t><list style="symbols"> <t>The<ul spacing="normal"> <li>The public key in the certificateMUST<bcp14>MUST</bcp14> be a valid SM2 publickey.</t> <t>Thekey.</li> <li>The signature algorithm used by the CA to sign the current certificateMUST<bcp14>MUST</bcp14> be'sm2sig_sm3'.</t> <t>The"sm2sig_sm3".</li> <li>The certificateMUST<bcp14>MUST</bcp14> be capable ofsigning,signing; e.g., the digitalSignature bit of X.509's Key Usage extension isset.</t> </list></t>set.</li> </ul> </section> <section anchor="certificateverify"title="CertificateVerify">numbered="true" toc="default"> <name>CertificateVerify</name> <t>In the CertificateVerify message, the signature algorithmMUST<bcp14>MUST</bcp14> be'sm2sig_sm3',"sm2sig_sm3", indicating that the hash functionMUST<bcp14>MUST</bcp14> be SM3 and the signature algorithmMUST<bcp14>MUST</bcp14> be SM2.</t> </section> </section> <section anchor="key-scheduling"title="Key Scheduling">numbered="true" toc="default"> <name>Key Scheduling</name> <t>As described in <xreftarget="sm-algos"/>,target="sm-algos" format="default"/>, SM2 is actually a set of cryptographicalgorithmsalgorithms, including one key exchange protocolwhichthat defines methods such as key derivation function, etc. This document does not define an SM2 key exchange protocol, and an SM2 key exchange protocolSHALL NOT<bcp14>SHALL NOT</bcp14> be used in the key exchange steps defined in <xreftarget="kx"/>.target="kx" format="default"/>. Implementations of this documentMUST<bcp14>MUST</bcp14> always conform to whatTLSv1.3TLS 1.3 <xreftarget="RFC8446"/>target="RFC8446" format="default"/> and its successors requireaboutregarding the key derivation and related methods.</t> </section> <section anchor="cipher"title="Cipher">numbered="true" toc="default"> <name>Cipher</name> <t>The new cipher suites introduced in this document add two new AEAD encryption algorithms, AEAD_SM4_GCM and AEAD_SM4_CCM, which stand for SM4 cipher in Galois/Counter mode and SM4 cipher <xreftarget="GBT.32907-2016"></xref>target="GBT.32907-2016" format="default"/> in Counter with CBC-MAC mode, respectively. TheHashhash function for both cipher suites is SM3 (<xreftarget="ISO-SM3"/>).</t>target="ISO-SM3" format="default"/>).</t> <t>This section defines the AEAD_SM4_GCM and AEAD_SM4_CCM AEAD algorithms in a style similar to what <xreftarget="RFC5116"/>target="RFC5116" format="default"/> used to define AEAD ciphers based on the AES cipher.</t> <section anchor="aeadsm4gcm"title="AEAD_SM4_GCM">numbered="true" toc="default"> <name>AEAD_SM4_GCM</name> <t>The AEAD_SM4_GCM authenticated encryption algorithm works as specified in <xreftarget="GCM"></xref>,target="GCM" format="default"/>, using SM4 as the block cipher, by providing the key, nonce, plaintext, and associated data to that mode of operation. An authentication tag conforming to the requirements ofSection 5.2 of TLSv1.3TLS 1.3 as specified in <xreftarget="RFC8446"/> MUSTtarget="RFC8446" sectionFormat="of" section="5.2"/> <bcp14>MUST</bcp14> be constructed using the details in the TLS record header. The additional data input that forms the authentication tagMUST<bcp14>MUST</bcp14> be the TLS record header. The AEAD_SM4_GCM ciphertext is formed by appending the authentication tag provided as an output to the GCM encryption operation to the ciphertext that is output by that operation. AEAD_SM4_GCM has four inputs: an SM4 key, an initialization vector (IV), a plaintext content, and optional additional authenticated data (AAD). AEAD_SM4_GCM generates two outputs: a ciphertext and message authentication code (also called an authentication tag). To have a common set of terms for AEAD_SM4_GCM and AEAD_SM4_CCM, the AEAD_SM4_GCM IV is referred to as a nonce in the remainder of this document. A simple test vector of AEAD_SM4_GCM and AEAD_SM4_CCM is given inAppendix A<xref target="test-vectors"/> of this document.</t> <t>The nonce is generated by the party performing the authenticated encryption operation. Within the scope of anyauthenticated-encryptionauthenticated encryption key, the nonce valueMUST<bcp14>MUST</bcp14> be unique. That is, the set of nonce values used with any given keyMUST NOT<bcp14>MUST NOT</bcp14> contain any duplicates. Using the same nonce for two different messages encrypted with the same key destroys the security properties of GCM mode. To generate the nonce, implementations of this documentMUST<bcp14>MUST</bcp14> conform toTLSv1.3TLS 1.3 (see <xreftarget="RFC8446"/>, Section 5.3).</t>target="RFC8446" sectionFormat="comma" section="5.3"/>).</t> <t>The input and output lengths are as follows:</t><figure><artwork><![CDATA[ the<ul empty="true"> <li>The SM4 key length is 16octets, theoctets.</li> <li>The max plaintext length is2^362<sup>36</sup> - 31octets, theoctets.</li> <li>The max AAD length is2^612<sup>61</sup> - 1octets, theoctets.</li> <li>The nonce length is 12octets, theoctets.</li> <li>The authentication tag length is 16octets, and theoctets.</li> <li>The max ciphertext length is2^362<sup>36</sup> - 15octets. ]]></artwork></figure>octets.</li> </ul> <t>A security analysis of GCM is available in <xreftarget="MV04"></xref>.</t>target="MV04" format="default"/>.</t> </section> <section anchor="aeadsm4ccm"title="AEAD_SM4_CCM">numbered="true" toc="default"> <name>AEAD_SM4_CCM</name> <t>The AEAD_SM4_CCM authenticated encryption algorithm works as specified in <xreftarget="CCM"></xref>,target="CCM" format="default"/> using SM4 as the block cipher. AEAD_SM4_CCM has four inputs: an SM4 key, a nonce, a plaintext, and optional additional authenticated data (AAD). AEAD_SM4_CCM generates two outputs: a ciphertext and a message authentication code (also called an authentication tag). The formatting and counter generation functions are as specified in Appendix A of <xreftarget="CCM"></xref>,target="CCM" format="default"/>, and the values of the parameters identified in that appendix are as follows:</t><figure><artwork><![CDATA[ the<ul empty="true"> <li>The nonce length n is12, the12.</li> <li>The tag length t is16, and the16.</li> <li>The value of q is3. ]]></artwork></figure>3.</li> </ul> <t>An authentication tag is also used in AEAD_SM4_CCM. The generation of the authentication tagMUST<bcp14>MUST</bcp14> conform toTLSv1.3TLS 1.3 (See <xreftarget="RFC8446"/>, Section 5.2).target="RFC8446" sectionFormat="comma" section="5.2"/>). The AEAD_SM4_CCM ciphertext is formed by appending the authentication tag provided as an output to the CCM encryption operation to the ciphertext that is output by that operation. The input and output lengths are as follows:</t><figure><artwork><![CDATA[ the<ul empty="true"> <li> The SM4 key length is 16octets, theoctets.</li> <li> The max plaintext length is2^242<sup>24</sup> - 1octets, theoctets.</li> <li> The max AAD length is2^642<sup>64</sup> - 1octets, and theoctets.</li> <li> The max ciphertext length is2^242<sup>24</sup> + 15octets. ]]></artwork></figure>octets.</li> </ul> <t>To generate the nonce, implementations of this documentMUST<bcp14>MUST</bcp14> conform toTLSv1.3TLS 1.3 (see <xreftarget="RFC8446"/>, Section 5.3).</t>target="RFC8446" sectionFormat="comma" section="5.3"/>).</t> <t>A security analysis of CCM is available in <xreftarget="J02"></xref>.</t>target="J02" format="default"/>.</t> </section> </section> </section> <section anchor="iana-considerations"title="IANA Considerations">numbered="true" toc="default"> <name>IANA Considerations</name> <t>IANA has assigned the values{0x00, 0xC6}{0x00,0xC6} and{0x00, 0xC7}{0x00,0xC7} with the namesTLS_SM4_GCM_SM3, TLS_SM4_CCM_SM3,"TLS_SM4_GCM_SM3" and "TLS_SM4_CCM_SM3" to the "TLS CipherSuite"Suites" registry with this document as reference:</t><texttable> <ttcol align='right'>Value</ttcol> <ttcol align='left'>Description</ttcol> <ttcol align='left'>DTLS-OK</ttcol> <ttcol align='left'>Recommended</ttcol> <ttcol align='left'>Reference</ttcol> <c>0x00,0xC6</c> <c>TLS_SM4_GCM_SM3</c> <c>No</c> <c>No</c> <c>this RFC</c> <c>0x00,0xC7</c> <c>TLS_SM4_CCM_SM3</c> <c>No</c> <c>No</c> <c>this RFC</c> </texttable><table align="center"> <thead> <tr> <th align="left">Value</th> <th align="left">Description</th> <th align="left">DTLS-OK</th> <th align="left">Recommended</th> <th align="left">Reference</th> </tr> </thead> <tbody> <tr> <td align="right">0x00,0xC6</td> <td align="left">TLS_SM4_GCM_SM3</td> <td align="left">No</td> <td align="left">No</td> <td align="left">RFC 8998</td> </tr> <tr> <td align="right">0x00,0xC7</td> <td align="left">TLS_SM4_CCM_SM3</td> <td align="left">No</td> <td align="left">No</td> <td align="left">RFC 8998</td> </tr> </tbody> </table> <t>IANA has assigned the value 0x0708 with the name'sm2sig_sm3',"sm2sig_sm3" to the "TLS SignatureScheme" registry:</t><texttable> <ttcol align='right'>Value</ttcol> <ttcol align='left'>Description</ttcol> <ttcol align='left'>Recommended</ttcol> <ttcol align='left'>Reference</ttcol> <c>0x0708</c> <c>sm2sig_sm3</c> <c>No</c> <c>this RFC</c> </texttable><table align="center"> <thead> <tr> <th align="right">Value</th> <th align="left">Description</th> <th align="left">Recommended</th> <th align="left">Reference</th> </tr> </thead> <tbody> <tr> <td align="right">0x0708</td> <td align="left">sm2sig_sm3</td> <td align="left">No</td> <td align="left">RFC 8998</td> </tr> </tbody> </table> <t>IANA has assigned the value 41 with the name'curveSM2',"curveSM2" to the "TLS Supported Groups" registry:</t><texttable> <ttcol align='right'>Value</ttcol> <ttcol align='left'>Description</ttcol> <ttcol align='left'>DTLS-OK</ttcol> <ttcol align='left'>Recommended</ttcol> <ttcol align='left'>Reference</ttcol> <c>41</c> <c>curveSM2</c> <c>No</c> <c>No</c> <c>this RFC</c> </texttable><table align="center"> <thead> <tr> <th align="right">Value</th> <th align="left">Description</th> <th align="left">DTLS-OK</th> <th align="left">Recommended</th> <th align="left">Reference</th> </tr> </thead> <tbody> <tr> <td align="right">41</td> <td align="left">curveSM2</td> <td align="left">No</td> <td align="left">No</td> <td align="left">RFC 8998</td> </tr> </tbody> </table> </section> <section anchor="security-considerations"title="Security Considerations">numbered="true" toc="default"> <name>Security Considerations</name> <t>At the time of writing, there are no known weak keys for SM cryptographicalgorithms:algorithms SM2, SM3 and SM4, and no security issues have been found for these algorithms.</t> <t>A security analysis of GCM is available in <xreftarget="MV04"></xref>.</t>target="MV04" format="default"/>.</t> <t>A security analysis of CCM is available in <xreftarget="J02"></xref>.</t>target="J02" format="default"/>.</t> </section> </middle> <back><references title='Normative References'> &RFC2119; &RFC8174; &RFC8446; &RFC5116;<references> <name>References</name> <references> <name>Normative References</name> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8446.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5116.xml"/> <reference anchor="ISO-SM2" target="https://www.iso.org/standard/76382.html"> <front> <title>IT Security techniques -- Digital signatures with appendix -- Part 3: Discrete logarithm based mechanisms</title><author ><author> <organization>International Organization for Standardization</organization> </author> <date year="2018" month="November"/> </front> <seriesInfoname="ISO" value="ISO/IEC 14888-3:2018"/>name="ISO/IEC" value="14888-3:2018"/> </reference> <reference anchor="ISO-SM3" target="https://www.iso.org/standard/67116.html"> <front> <title>IT Security techniques -- Hash-functions -- Part 3: Dedicated hash-functions</title><author ><author> <organization>International Organization for Standardization</organization> </author> <date year="2018" month="October"/> </front> <seriesInfoname="ISO" value="ISO/IEC 10118-3:2018"/>name="ISO/IEC" value="10118-3:2018"/> </reference> <reference anchor="ISO-SM4" target="https://www.iso.org/standard/54531.html"> <front><title>IT<title>Information technology -- Security techniques -- Encryption algorithms -- Part 3: Block ciphers</title><author ><author> <organization>International Organization for Standardization</organization> </author> <date year="2010" month="December"/> </front> <seriesInfoname="ISO" value="ISO/IEC 18033-3:2010"/>name="ISO/IEC" value="18033-3:2010"/> </reference> <reference anchor="GCM" target="http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf"> <front><title>NIST Special Publication 800-38D: Recommendation<title>Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) andGMAC.</title>GMAC</title> <authorinitials="." surname="Dworkin, M"> <organization>U.S. Nationalinitials="M." surname="Dworkin"> <organization>National Institute of Standards and Technology</organization> </author> <date year="2007" month="November"/> </front> <seriesInfo name="Special Publication" value="800-38D"/> <seriesInfo name="DOI" value="10.6028/NIST.SP.800-38D"/> </reference> <reference anchor="CCM" target="http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf"> <front><title>NIST Special Publication 800-38C: The<title>Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality</title> <authorinitials="." surname="Dworkin, M"> <organization>U.S. Nationalinitials="M." surname="Dworkin"> <organization>National Institute of Standards and Technology</organization> </author> <date year="2004" month="May"/> </front> <seriesInfo name="Special Publication" value="800-38C"/> <seriesInfo name="DOI" value="10.6028/NIST.SP.800-38C"/> </reference> </references><references title='Informative References'><references> <name>Informative References</name> <reference anchor="GBT.32907-2016" target="http://www.gmbz.org.cn/upload/2018-04-04/1522788048733065051.pdf"> <front> <title>Information security technology----- SM4 block cipher algorithm</title><author ><author> <organization>Standardization Administration of the People's Republic of China</organization> </author> <date year="2017"month="March" day="01"/>month="March"/> </front> <seriesInfo name="GB/T" value="32907-2016"/> </reference> <reference anchor="GBT.32905-2016" target="http://www.gmbz.org.cn/upload/2018-07-24/1532401392982079739.pdf"> <front> <title>Information security technology --- SM3 cryptographic hash algorithm</title><author ><author> <organization>Standardization Administration of China</organization> </author> <date year="2017"month="March" day="01"/>month="March"/> </front> <seriesInfo name="GB/T" value="32905-2016"/> </reference> <reference anchor="GBT.32918.2-2016" target="http://www.gmbz.org.cn/upload/2018-07-24/1532401673138056311.pdf"> <front> <title>Information security technology --- Public key cryptographic algorithm SM2 based on elliptic curves --- Part 2: Digital signature algorithm</title><author ><author> <organization>Standardization Administration of the People's Republic of China</organization> </author> <date year="2017"month="March" day="01"/>month="March"/> </front> <seriesInfo name="GB/T" value="32918.2-2016"/> </reference> <referenceanchor="GBT.32918.5-2016"anchor="GBT.32918.5-2017" target="http://www.gmbz.org.cn/upload/2018-07-24/1532401863206085511.pdf"> <front> <title>Information security technology --- Public key cryptographic algorithm SM2 based on elliptic curves --- Part 5: Parameter definition</title><author ><author> <organization>Standardization Administration of the People's Republic of China</organization> </author> <date year="2017"month="March" day="01"/>month="December"/> </front> <seriesInfo name="GB/T"value="32918.5-2016"/>value="32918.5-2017"/> </reference> <reference anchor="GMT.0009-2012" target="http://www.gmbz.org.cn/main/viewfile/2018011001400692565.html"> <front> <title>SM2 cryptography algorithm application specification</title><author ><author> <organization>State CryptographyAdministration of China</organization>Administration</organization> </author> <date year="2012"month="November" day="22"/>month="November"/> </front> <seriesInfo name="GM/T"value="0009-2016"/>value="0009-2012"/> </reference> <reference anchor="J02"target="http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ccm/ccm-ad1.pdf">target="https://link.springer.com/chapter/10.1007%2F3-540-36492-7_7"> <front> <title>On the Security of CTR + CBC-MAC</title> <authorinitials="." surname="Jonsson, J"> <organization></organization>initials="J." surname="Jonsson"> <organization/> </author> <dateyear="2002"/>month="February" year="2003"/> </front> <seriesInfo name="DOI" value="10.1007/3-540-36492-7_7"/> </reference> <reference anchor="MV04" target="http://eprint.iacr.org/2004/193"> <front> <title>The Security and Performance of the Galois/Counter Mode(GCM)</title>of Operation</title> <authorinitials="McGrew, D.and J."initials="D." surname="McGrew"> <organization/> </author> <author initials="J." surname="Viega"><organization></organization><organization/> </author> <date year="2004" month="December"/> </front> <seriesInfo name="DOI" value="10.1007/978-3-540-30556-9_27"/> </reference> </references> </references> <section anchor="test-vectors"title="Test Vectors">numbered="true" toc="default"> <name>Test Vectors</name> <t>All values are in hexadecimal and are in network byte order (big endian).</t> <section anchor="sm4-gcm-test-vectors"title="SM4-GCMnumbered="true" toc="default"> <name>SM4-GCM TestVectors"> <figure><artwork><![CDATA[Vectors</name> <sourcecode name="" type=""><![CDATA[ Initialization Vector: 00001234567800000000ABCD Key: 0123456789ABCDEFFEDCBA9876543210 Plaintext: AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB CCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDD EEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFF EEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA Associated Data: FEEDFACEDEADBEEFFEEDFACEDEADBEEFABADDAD2 CipherText: 17F399F08C67D5EE19D0DC9969C4BB7D 5FD46FD3756489069157B282BB200735 D82710CA5C22F0CCFA7CBF93D496AC15 A56834CBCF98C397B4024A2691233B8D Authentication Tag: 83DE3541E4C2B58177E065A9BF7B62EC]]></artwork></figure>]]></sourcecode> </section> <section anchor="sm4-ccm-test-vectors"title="SM4-CCMnumbered="true" toc="default"> <name>SM4-CCM TestVectors"> <figure><artwork><![CDATA[Vectors</name> <sourcecode name="" type=""><![CDATA[ Initialization Vector: 00001234567800000000ABCD Key: 0123456789ABCDEFFEDCBA9876543210 Plaintext: AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB CCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDD EEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFF EEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA Associated Data: FEEDFACEDEADBEEFFEEDFACEDEADBEEFABADDAD2 CipherText: 48AF93501FA62ADBCD414CCE6034D895 DDA1BF8F132F042098661572E7483094 FD12E518CE062C98ACEE28D95DF4416B ED31A2F04476C18BB40C84A74B97DC5B Authentication Tag: 16842D4FA186F56AB33256971FA110F4]]></artwork></figure>]]></sourcecode> </section> </section> <section anchor="contributors"title="Contributors"> <t>Qin Long<vspace /> Ant Group<vspace /> zhuolong.lq@antfin.com</t> <t>Kepeng Li<vspace /> Ant Group<vspace /> kepeng.lkp@antfin.com</t> <t>Ke Zeng<vspace /> Ant Group<vspace /> william.zk@antfin.com</t> <t>Han Xiao<vspace /> Ant Group<vspace /> han.xiao@antfin.com</t> <t>Zhi Guan<vspace /> Peking University<vspace /> guan@pku.edu.cn</t>numbered="false" toc="default"> <name>Contributors</name> <contact fullname="Qin Long"> <organization>Ant Group</organization> <address> <postal/> <email>zhuolong.lq@antfin.com</email> </address> </contact> <contact fullname="Kepeng Li"> <organization>Ant Group</organization> <address> <postal/> <email>kepeng.lkp@antfin.com</email> </address> </contact> <contact fullname="Ke Zeng"> <organization>Ant Group</organization> <address> <postal/> <email>william.zk@antfin.com</email> </address> </contact> <contact fullname="Han Xiao"> <organization>Ant Group</organization> <address> <postal/> <email>han.xiao@antfin.com</email> </address> </contact> <contact fullname="Zhi Guan"> <organization>Peking University</organization> <address> <postal/> <email>guan@pku.edu.cn</email> </address> </contact> </section> </back><!-- ##markdown-source: H4sIAHc5cF8AA+1c63LbyJX+30/RZf+wFZMUbrxAqWwFBEmPJpbtWLJzq4kL JCESEQhwAFASx6OtfYh9wn2SPed0N9AAQVmeJDVVW4uaoUmgL6e/cz/dULfb ZUVUxOEZv1wHyeoi4i8vL064H23XYcYvd1ER5vw6zfhVFiT5Ns0K/ibY46Nw scuiYs9fXr25POHvs7RIF2nMP4VZHqUJN3s2C+bzLLw949DiFn7zy4v6wGyZ LpJgA5Mvs+C66O6Bgm4R5/i/aXfzTTendl1jwJZBAe0swzK6htu1huw5V7dM t2uMar8Zy4sgWX4O4jSBW0nKWLTNzniR7fLCMgzXsFiQhcFZuQx2tyI62c3d GT9PijBLwqI7QbLYIijOeJRcwyiLdBkl0HKXd4N8EUVsG51xuJ7zRZDA3ZAH WRYAKNE1D+KY78P8hAN66yBfc1h4yDgHnM7wAXzNAc8svM7P8Pt+Q1/pEQt2 xTrN8D5eXfkvBzKgxfse/wtAVd4UGL4PdnH9fpoBqV5S8NdZutuWt59zxRh4 NouS8kEOxISw1rdpjw+H/M+7cL+DZX1Ig2XZZgFgnfHvYJqf1umuup0ugQTb NODSbu6SIoPm/jpKgvL2dk1ceTUadPtDs2sNRqPuCK6ywXWwyKNNFGuNRgPH 7loj0ywbhZsgis/4TRDl6zDp7fe/D5LiOkp6i3TDWJJmm6CIbkOE8MPMt0zT lV9H5tBRXx1nIL/2TZO+nl++615eWAJ5qRr/ISc9v6rEvggX6yT6cQfq0e3y SbSKiiDmebRKgmKXwd27qFjzYLsNk2V0j23eB6A8tmLpJMoXWViEPE5XAYy4 3vB5kIdLvoGBgyTKN7kgIchWyJN1UWzzs9PTu7u7XpSnPeDtKQl5kC1PhwN7 ZPXWxSamPnXhISkQIg2IpAmQ+S5bwRQ/0U/S7ks5krxHPUt1GnUl7HmYRWGO mqDGBrTO8OP0fOpz0wEmdu0z7FIiaX8jkt+BpnSvd8kC6chbcAuXESgkALWu tXw6WIMhsPrfCZbxJLAM0zwAy/lGsKbJIttvibAgXqUkRrmyGSVyfBynixvQ XDS93wBU3+nb5r8NKKNrWk8CamTYtgAKgX3tX7SC9Pb8EmDahosIKHm/m8co JUjIyDC69miixv4Qgn3YgFJWZAp4pGe6AEOW8/Sav9uGGbVRPV+DN4nyUx+N mmzIXwI5JxxWyV9feH7vAFuAdpFnix7oc9Fbpben24qy/BTvwo38VNJ4evm+ K7/2tsvrFtTJ/E/u0uwmSjr8oqcz42PvssffKmacJzkgtAMDA2tRjMiJ1CuU oRTszr7GEWMo9Nz/ZQj74D/XIfaW7QkgxNeDJYRJoZojCX6aXEdLvBnE6H3/ Kdx8wE1++zVgc7pGH+ILkF/N5bweX/VsywVMQW4HNTzPVUvAIq/pNQ3O/+e/ /hsiJYfPNa2t1LsNKtTe1Wb+E6pvb5Gc7rYxuOxTskZInnNq9i1rOBoZzmho 28agb/TNI1ARJg3F5d5yEyHoQiEQmsqjlwo97Bp21zjmKV6PT68gQCgh0TDq /1KMbE7mL11lwXYdLUSU9cuRAsIQKdtyDNN2LXdkGUN3aLu/GlL9BlLmqGcd YlW6iSdgJtSW34T7BnQlagCrJQcU8QiMFsZxBF5mwWHQW7CONBL6FuvsMPL5 FzFgMLRNe2T0B7b5q4lqiXeNBS3i+iuyoI+BfwYJAPqkZQgBcFT62l+K/Whg W8bAGPX7vyr2lfhfXPUgr3Dxdz0yB6R0FPcaiBB6lx4qR691LX89BRrILZLT 2yi8u4YshBCCcM0wTMcwBq7VH/QfDYsAF3Agvk7Xk6CxwAF3rWNR0esLhEbh gLh8b9TReJdw8LRVsIizXH3gr7g/9rsQn3zdza4wUcxPL69OizSNb6LidOxf nEKavoOQqchPt1m6TUEkNxglnS4WG/y/GyyPiQk53u/BZ+cpON7ve3XPiSu9 +GS0R71X+krQ/74PM9KuZIHOWbbC9R4NzNrWG26zKCl6UbDIKNpFB35quvYx 4i8Wr7PwrsMnPSLi+x7/FIWrOuPAx0Isy9hzCLq7PEmL8PP59PL157fwjT2H 2/M4UP8zhm2COYrComDsah3lXAGsBBUUfJ3e8SKlkgLxVK/O1OwGqyJ/kXN+ pVKzVZWa26pS00M6QpoMZAbmyzUzroaVRRwgF1bIIYJOMzRO8z12YOfTq1lP cu1C7xyAS5hj0B0lK75Bg1Gk2R7AFRrQIVjzlBU1IIDK2wgj8QCMGmTK0Vbp TRMYfTJWo5QGLgENcExUZxxENclTGCQoWLTZxiFODJhQKQfaLncgaBHeEoHj qmol4lBAjZi5iZbLOGQMsiHqRZTK68vzCO8+sN9pV5PrYoVzILK4S3kS3qmo T5S/AKI29yqQCxh4km54j0WDVVhVDyjyRoAa4sCeIA70CPHp8L/JKskPJz0U EZKLmO+KKI5+CsFIQS9w/selU2cOcO16FwMLiK7gMCtY1LMCnoU/7qKMEM8l 14S0opQdwESS9jIPkUTg65cvylg9PJycMfaf8kLNFbkeFSFx0M8Qbn8Gg/EZ Q8rf8S/cuDeMDnz6A/7w22Md/LYOQ+xQTsVmwISAb1KgbBkWAUjfkkW6mAAm IMHHIOtwEDgIAQCJYAkrysHWwsP84UFxo47AdRrHqB7rsJRwHcOeSN/QEcbx vsOQldi2PghqFuYfoKEhUAEPABowqIdW9oSjH2CwRh9bqEekhNLliCa4zE0Y FjRbEobLXFdCeLgOboFtEEFMvQl7qSWMYGC0IgeN7IEzgRwUH02CIgCBC7bB HPQ6bKmGCFnBYKtFRaQY53zqT76b8pdTFWT5GGRBaHsNlqP7HcReYLfYFEDa oLif8BTEXlofqxGaCa3EZy0qCxK+mUdJCLpAnW2RsqgiVtn1cFhttHyBdPSE cGFrIVkg//N0Vwj7SLJRVRIB81VaIGY8X4OaLDWs0H6gidEwp1G3YZi9zE/E etBKhAvBvwyMebbEYjHIMBBUE1L25UsVhJKcEgMa9uyoNWtnFKMhgeoIAxzd cqLKozfKVFWndEhcOCThj9i3+6P6ROyp/mjDj7sg1nRBXHNB/Be7IOlyvWqJ 5HdKW4E+qnkxcAPCdC9ByMMMsQSYjtkhAm2H3h5WivRAExATtVRcRwfs2iLe 4fYIiS+6n7qJ75BVgftMV1QACPUgyIlpNXWAxeFIEYKeg/EA0BpKIdKjo1RX FC1FlspKwQOhrfKwBj01IZTaBqldXSI6kJXFe6a0dXk8DaYxgVI1WX1kgjZK btP4Nlx2+B0sYS3NYYwKtQdhDYGuJYg2etC2Yjt4Brlt8fDAXwKUd4ATQgpC /eVLs3gA7rDHyMAjsLUqk6ZnZT9Zr4GRcR0JSDv0m4eIal7mf0AbqB0QwXUS tcptSaIDNoE4TrPXzZ9YvJR7UBfQr12x3RHnIeni84h8mDCbDXwWi3BbCO1H MqKEtVXaSzLshwcZP2GsQEOoKIzGqJbfl8snVQszMBsilxdaBqq5qWkYY14M ScRutW6YKhk3w6LQMmm1RQjQgANagZNHBQuW6bYQOgFR0S1qEW6HoFaVW1s8 BjnaBStyr9JA8UUcyNwPFFLYaOpZpDSYZmWkp0KFFlsqeqzAY7APcc5wQrCV kEoHcLPMAQ6skPKyYKdgSc8uPl5ePeuIf/nbd/T9w/SPH88/TCf4/fI7782b 8otoweDHu49v5HP8VvX0311cTN9OROcL7y/PBPHP3r2/On/31nvzTLkGVnMN BbJWGNAtbrYtUSkqPkOfsf8eVAnYLfcIHx4YfcdNQhD5O7BfYirUdvkTcNzT zl6Q4RAYRUEIguqPfjQHF5veJQx3e1FmSrvMzym0BU8ABv7L8zI6raUGtRyh GZkp9cShhY1AloqgD/Uxqib4tQLeqxRVkQQGa7GlxIDJW0LocYPx0XIZyWp7 Ov8HRBW5WAspoQqOkVVxCmtCH8MOg9RABbu40t+QmxexVVlfQat8zBofRl7k 3CJZPyl7lbxj4X0RJpQfaTZS7e52x5CU4CphWiE9kDE9PDR4AFc58qWw/fnG AhI/55sS1KExqgP6GxnCHASE55M60bstJnlwgzb7c95GMWtQ7HyV4rfBJlzS iGJaJARJdcw6mZqYT6r4Dy2kHg62i7oUd4gj5OGRnNVjlfZ079GgkNRVlgAx NwBLIEWxx87r1kuUPPQBlNWiAfYymq5PDuMFCVjZeAkptUydVVIDWl/f8mLN 4Ov58+fE0krShECIpWIcijOuMM1IiCJpmYVDqMo0x4S8JwoMebjQy59P7s5k NNZI0TchOLaliOwOFbunIlF9yCivxxRlmNLjh40rHQU7fqzy/XhHWBuGFdfR PeY4tZ5sW5bJMZhsC3XKmrOgD4gXqraWeOA5m1INGBoSfCLijxzJCUX6dhvE uxBVRDkDMUtVj+jxj0kc3QAfKL9uECqWrsWnWkhLvSBdvfQ6BEIpqnkYY4LW NiD45zEEURHFICJQUjpxl6GBB4EuwIXlJCCQipCEtAzESwgZQCiiESACPCLw n3tJEt7zWc+UVqUKSTFYAxGmPGOBgtKqgYc57iMp4XHtJ0SwkgRhEiyR3eGK 2lhcKlVHJmCk1XmwJw8vLAhwMvqKIEkQWsXxZdC76QWlyJzo+lDzYLrVVa3P qGQZAQyguvFSD4IZttv/HU3x/d9t/ooH9/Axp9tbDndn4pqqL7PDL+VBqvKJ Ia/2tsG/flzakJjjuNZo6s48d8rdiTvrT22HO5M+/HbG3J8N+obrDatxbXc4 glbc7Hvj0cy1+GQy9scT0Ddn4jrGVBTzk2+ld2gZ9mQ2GHPL9AdG3xrzvj0e zxzD5bY76TumReO+vodxbct3vKkFycXMdEcQN/L+zHUNcKJ84Nmu77pOOe5o NrUNGIjPrMHAGE9NPgTKnf4IxrUdfwj/0bh7GHfs20N74Fl85swGw6Hr8747 nvjTqc0H44FrmX27HHdieO5oOPS5P7A8Z+gY3LAmM9ua9mEFtjszPEMPzB6x mqgIYALwmIMWQ0ozhjEvX4UJnYaBgAzEHdxSdL3HcoRWmKYUmYrDaEdAY8HM iM6gAHGEqgkSnIcZ1s5EDRDUTQyFkh6G2YucEv5FmBVity5U0Y2v3dqEeQ5J T4eorRmSA0/OyBiorYIqUPYu/fNzrGDhD7FMaeKp4FBBQPQvU2wWMOXydIvU 0F3Z5NXri1cign5FIbTGh/NrVVWtYMmowNEKjKrEvch5AxoGNq4IKht4BCT0 4F9fPeE0DxlFlO1QYFifUTGlwOJ6bU/2IHIEXXH6g+FI/asBML2HVCyX86SL AhxJR3AtalpC4942McmwLfq06dOhzz59DuhzSJ+jzrd30fmCBbcA4qWFAK25 fBVrBzXxrLRpGWJknWPEgtthvgeyk9Jz6VS1bj3ueznfBHu+WKcQEQgm5NLn QutEeiC4txGpf7hkwRziQdCyr0WvMnemzRR0gQStdjBB1Ec3EDBQaMD+AOI8 VQ4WAvab+wd2GK5iFTzlF0Ks8uZ+oR6iKAdH8zQrIKoOveTLHcofk3sVVRwp qoo6wUrXSkEXtEgRxyU8Rwp90iZ6RnmoUvv2rKFJXUeLaaVeivKhLNYf5h+S mBfi7mdx9wUTB8AlLBpNVcFcj10uZYjuQDZmNbIxWNg7kojmPhgRrogtS8qC nDLtw5ZMn1/ihekR5cxq+yBXmePnVSNz7MDiZDDyQpkIhcryt/oQSg0+a3Kg D1Mlut8+0GfUHC2dxbP1aEJgYSffMDRY7c+0+aETFnCQ/ku8O8WT6uWmqbZu AuVgZClzl2S1pcyBaa9kSNrzLFyE0S0lJW28kDacrGpNi45ueXQwjr/w/qJM h7b1ALbhmuWpZvMlEUQ81VGTUmG/mk9XlbQowSIhiJ62WvBHDcGXbz5gyB5i vXKHe4xAAfyOCibLj1KzcjCsmCU30IJBYVURne/gFLfrFKql1i2tsHOrnThY w1QmQeP1iPlYBsVDI51D7qAJnldDqP0NYjGZ8adXHTroxoE1OCTWeedgqq/2 W9xqVbMyOat2MikX9WdVvA20BEc4DUVZfmDK2LbMqDi0lGMTspwkUd6Rdef6 Gltt4+Myp9yKELsgEc6qxiBpEeMoL8SxCn0jWrJebaT9Vni7u0hSoosqeLqs kPtBulfAHYFnURyHqyD+XGZhzwBDsBCy/lCFOZolbOSEpQLohrVmE59kLMhR YZiQhTG5NOnGla0QezaRLpH8LkAbDiTUqAGspRkXzkwP5T6I4Fyal8MHpS2h gg8gLPc/5YQwvlylpoCojlIz81o8c7hrB3Yjw6oFBGliLyApD2FJ0pkkvSMr DKrOTyJQVme1dLotBZEGHUXoRZsTeFExgil8ddOP9Zp6Dl/HXYjtY8h32LFN e1o34faijlYtuwBBOMW6Mgy3CJdUxJBlt8Ng45DLjP1JpEpKj8nEHYnqm25D rVEb7tDedsrTOiT5u1iemCEpFdbmLsJtw+trtdOvDyjqS/Q6hOSoVqCSin+A DSqBZDrqSdWjJ8c4UsMrN/EhjC5EFI1lEdqmbpmE1SRBbQe0EKNOimAiCmMC fh0e9lY9EfHLPdyqKDsHxwVN/9zrGy6wHgPlj4R/FYyQ0rXw8xOlb5RWNJgo ntQStFYY2qQcN9lpr05wPlBGUt/JUP1oV/2RoygKO2CMTAKwBr3cxRiVN+rV XmPXTD+JJOqQVFmUPr/crT96TrHamMeIpFbhK8+jic1g4ZJyWXsGsHdwM8jx 0Ao8y6Jb+RqPXD2ws1jI2m11vC4NhQ8Ug2HdAEnWp2VqWrkpfNiiIqzcskSU 9S2Y2oB5EW4bxW9IrB6ekL8JFxjfBfv8oI6pnKmWJRDBaMcBmgUIVZrlpcUX J4IUbRpe0IcpryWhBSEQJQv2+LaLtkN3uPOyXJZHGPEol37MSD/Vhs/UHiTR X97w/Qt1CIJOF8jyqqOIgCnrB9EYnS8Tm3plq7/Vzy78QKd7Wk6n0eG0DsCF phq31OO9ODD2XU2lkIY5hCtNJHJSspfamYKTHqtvvSj5RR48umqBV01HeABS tI9RfTdRHJAvl9Vs+cIqcF+dypGyTaPIN/2qtwe86aW8KS2VTopgdJ242gG8 tnN1uNF/Q9uwlZcDiv8GvX/osF0ujgE5qpaknzLpoHEXYaByYCCdHdBQCtK3 cYAb9vcFqSILqtN+y6AIhNcGDIjtoDupek2vx72kGbsUwUqpkChcMXGArZ5O qxy8LzLwNh0rHUgqz1QAObRIph/Ak3YAyxnykNw6DJaYhyDC2r43rSRKtjsR J6OAbQgo1rIANfcjQ9eYJ1BGBFFCcWjyp2rvV6WahxPJ0JwKc9XZGxlJ4Mia Npewq+farGo3RQ5Arhzu6JzS6cU9NHad7jKBSH4mzK8jpAKLvLh9DEGEfMvk FtgFCvny/BMeTqzkhaIiUcnB8xpbiTXTcK/LNXHhpedNThoUyWq3PI8tloFk 6Yuk7b+ypFIHc0FvIFBmhydtQ3Ioh4DDtFfq6CueXtjAbSZdJ54rEhtsX7GV B4bl/BNiT7mhTPZo+42ReikRzfDt+QTk58D9ABRob7ax3BaUaEOzA0JYzX7B GCuwoLTX6anX3r3D8aVfEdTkJdZlyAd5XQH2Qbzs0SKtdYNUCRX7E9glubx8 Afdxatyjr/Xtan1JvoqSmFolnO/oLWv0BiTMMk4TzNHa58IAi5f9YTIBAXrb cmdWBuv0eLkTqT9WLT/mZfyO+8piUCpAgdBVxzJVmVOtWs1WdoTJIHMHs5Tu c0mlPOGPG84YeIoXmpFtaDVJ6hTs1fo7zVNdR3ZTtPRJWUo6dK+Zy45mUu0T yXFh7kg1hV2Iw2RVrGUScmwzVGRWZAtkBxQac6B2DphqtAnuNVNQNbX+bg94 l9tmaw9Q/lrbgQltD5sK3mjzWwdNWuxpG73k03QKNJNyQLTZl9162kaFV/E3 AJu2z6OSuxiE34InohwHvTG+XPVD0+X7By7f/6dcvv91l9+rz7Umdh8z+FIc WdAIBSqT/m0WHdf7FItOgf+TTTo7atKpCIV7F5SlifdaROipdlG1hEWJP6th WrefAuEymVObRdfKXIoyWM7K3SoZmYPhKv/+yFeVrCbiiRDySro1cS6EQNcl WdhOIOlHfGrX5LU1Kotk5VPlTzq3BIYaWGqPqX6oqoyN2izS5XGLZIlXmeoi eSRo4k8Omlhb0OTXgib+9KCJtQRNv6oRtZxWw9hqQ2tNn2rwYIJX7QbvF3qr g4NAT/ZWRyys32ZhvzcsNLDs3Hvr4V+1wEqbYFjedthRNqTj6wcnxnL+pTqH K/L66sbwoXL7eA4tZ41zvJ3mOd2OKgI+w6xB/8NbzyD+W+HLyHs1Zi2Jz6uz WiBIPwPvPpF6w/Uzn2hvv8AvGLr77g/w7YP2Bg7+UlsTP7OftVLS2auDV1Fe aZ/1e+KCAcRpYzqdDGM3zy//zN+meF+cV025oJPWBDzmXB9gqA/gP3mAx7im Tu3WuFOv2kl1Z8SIxhngihcCawF1E+evo3t2HMFWPJHkn/UDyBIAuf5vAcAx m4svd08bS2+cUW6svX3p3yBiRzF4HA1cAC2/POEswBBQPApL9Tbt13Vf6L8n 6nEFnuvDXU7oTGXogg71i/fZ+E2Ch0bvwuAGbbY6aHn09awzcQpTVXxBtjvy ZZ3KkkV5DhaGVSftIQCT5bWi8b73cRP4aJD5C8wmMIDPg8UNvlkDueYnyjXz xrvSXhwr+yjeleLr8D5YQri0wQAQozZxOwkLDFHBbeOf78kwu305j1b4qnoU JCf0OpnTxTXUZjuwSF0sfpb+57xefRC98I/+4ZFGdb5JHXH0xv4Ea+lnvO0q m7vYbjqbTSf+GA/xDfqObZkGe698b7O/17jGjYu1zoeX37gmjet4z2njmjWu p/dsUs8ar/BWq51Np5OZ508nEJuNccrGb2/sTSbexJKl6qtDqMzhzHbdmTHy B8NJfzo13Ykx8V134PrOeDx8ZL392cQZzCb2sD9wRq4xcM3+cGyNrPEY/zaW 3T/eczKyhqbhe33fsmaG78+8oT+eufbEcQeebz7S0+sPRrbjj/2ZO/Jtdzh2 DMvxLJjbsu3xaNJ4kYBfBSu53pE9mdp9x5w6vjXuj8zhcGoM+p47ng3HA2vq awEUSr3//1L/f1nqnZEH8tY3zJk3sKCTP3FMx/enA8N2JiP3MdmdeOZ4NpqZ NoiuYxnuaDAAwbemQ2dkG9ox5oNrNjGtad8c+SB4lu+OgOCpNZq4/cnMcczB I9yZTmzTw+mc4cA3R2OQeojFvaEzdocTvz8+LvXmYORYE2fmmaPBrD/wxrZt 9QfuENZtmsbM0d9IAo9cZNF8d+BSyKv8ERzGG3zBjLPyL6TC95/WuxTfO+vF P2p/TxQegHxDJrjib6JGjxu634tvtgcd+F/Dgwlwjz0KNr2fbhrNv4Ps8c9R kDbar4Okdw+3G63/uo74a/zjrJy9D/HNcP4xieg9JHC/nK3g0e+3N7teuNz1 FtjqfwEl7X7x6lcAAA== --></rfc>