F.1 KDF interface and input parameter construction

33.1803GPPRelease 17Security of the Mission Critical (MC) serviceTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

F.1.1 General

This annex specifies the use of the Key Derivation Function (KDF) specified in 3GPP TS 33.220 [17] for the current specification. This annex specifies how to construct the input string, S, to the KDF (which is input together with the relevant key). For each of the distinct usages of the KDF, the input parameters S are specified below.

F.1.2 FC value allocations

The FC number space used is controlled by 3GPP TS 33.220 [17].

F.1.3 Calculation of the User Salt for GUK-ID generation

When calculating a User Salt using the GMK for generating the GUK-ID from the GMK-ID, the following parameters shall be used to form the input S to the KDF that is specified in annex B of 3GPP TS 33.220 [17]:

– FC = 0x50.

– P0 = MC Service user ID.

– L0 = length of above (i.e. 0x00 0x17).

The GMK and MC Service user ID follow the encoding also specified in annex B of 3GPP TS 33.220 [17]. The 28 least significant bits of the 256 bits of the KDF output shall be used as the User Salt.

F.1.4 Calculation of keys for application data protection

The two keys used to protect either signalling plane confidentiality, or signalling plane integrity are derived from the XPK, using the KDF that is specified in annex B of 3GPP TS 33.220 [17].

The following parameters shall be used to form the input S to the KDF that is specified in annex B of 3GPP TS 33.220 [27]. The key used by the KDF shall be the XPK:

– FC = 0x51, (for signalling plane confidentiality), or

– FC = 0x52 (for signalling plane integrity).

– P0 = MC Service user ID.

– L0 = length of above, expressed in number of bytes (i.e. 0x00 0x17).

– P1 = XPK-ID.

– L1 = length of above, expressed in number of bytes (i.e. 0x00 0x17).

The MC Service user ID and XPK-ID follow the encoding also specified in annex B of 3GPP TS 33.220 [17].

Where the XPK is 128-bits, the output keys shall be 128-bits and hence the 128 least significant bits of the 256 bits of the KDF output shall be used as the signalling protection key. Where the XPK is 256-bits, the output keys shall be 256-bits and hence the entire output of the KDF shall be used.

F.1.5 Calculation of keys for MCData payload protection

The following parameters shall be used to form the input S to the KDF that is specified in annex B of 3GPP TS 33.220 [27]. The key used by the KDF shall be the DPPK:

– FC = 0x53, (for MCData Payload Protection),

– P0 = DPPK-ID.

– L0 = length of above, expressed in number of bytes (i.e. 0x00 0x17).

The DPPK-ID follow the encoding also specified in annex B of 3GPP TS 33.220 [17].

Where the DPPK is 128-bits, the DPCK shall be 128-bits and hence the 128 least significant bits of the 256 bits of the KDF output shall be used as the signalling protection key. Where the DPPK is 256-bits, the output DPCK shall be 256-bits and hence the entire output of the KDF shall be used.

For MCData signalling parameters, Data signaling payload, and End to end security parameter protection between the MCData client and MCData server, the CSK is used as the DPPK. When the selected algorithm is DP_AES_128_GCM (see clause 5.8.1), the DPCK shall be 128-bits and hence the 128 least significant bits of the 256 bits of the KDF output shall be used as the signalling protection key. When the selected algorithm is DP_AES_256_GCM (see clause 5.8.1), the output DPCK shall be 256-bits and hence the entire output of the KDF shall be used.