Network Working Group A. Kato
Request for Comments: 5529 NTT Software Corporation
Category: Standards Track M. Kanda
NTT
S. Kanno
NTT Software Corporation
April 2009
Network Working Group A. Kato
Request for Comments: 5529 NTT Software Corporation
Category: Standards Track M. Kanda
NTT
S. Kanno
NTT Software Corporation
April 2009
Modes of Operation for Camellia for Use with IPsec
用于IPsec的Camellia的操作模式
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2009 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document.
本文件受BCP 78和IETF信托在本文件出版之日生效的与IETF文件有关的法律规定的约束(http://trustee.ietf.org/license-info). 请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。
Abstract
摘要
This document describes the use of the Camellia block cipher algorithm in Cipher Block Chaining (CBC) mode, Counter (CTR) mode, and Counter with CBC-MAC (CCM) mode as additional, optional-to-implement Internet Key Exchange Protocol version 2 (IKEv2) and Encapsulating Security Payload (ESP) mechanisms to provide confidentiality, data origin authentication, and connectionless integrity.
本文件描述了在密码分组链(CBC)模式、计数器(CTR)模式和计数器(CBC-MAC(CCM)模式下使用Camellia分组密码算法作为附加可选,以实现Internet密钥交换协议版本2(IKEv2)和封装安全有效载荷(ESP)机制以提供机密性,数据源身份验证和无连接完整性。
Table of Contents
目录
1. Introduction ....................................................2
1.1. Terminology ................................................3
2. The Camellia Cipher Algorithm ...................................3
2.1. Block Size and Padding .....................................3
2.2. Performance ................................................3
3. Modes ...........................................................3
3.1. Cipher Block Chaining ......................................3
3.2. Counter and Counter with CBC-MAC ...........................3
4. IKEv2 Conventions ...............................................4
4.1. Keying Material ............................................4
4.2. Transform Type 1 ...........................................5
4.3. Key Length Attribute .......................................5
5. Security Considerations .........................................5
6. IANA Considerations .............................................5
7. Acknowledgments .................................................5
8. References ......................................................5
8.1. Normative References .......................................5
8.2. Informative References .....................................6
1. Introduction ....................................................2
1.1. Terminology ................................................3
2. The Camellia Cipher Algorithm ...................................3
2.1. Block Size and Padding .....................................3
2.2. Performance ................................................3
3. Modes ...........................................................3
3.1. Cipher Block Chaining ......................................3
3.2. Counter and Counter with CBC-MAC ...........................3
4. IKEv2 Conventions ...............................................4
4.1. Keying Material ............................................4
4.2. Transform Type 1 ...........................................5
4.3. Key Length Attribute .......................................5
5. Security Considerations .........................................5
6. IANA Considerations .............................................5
7. Acknowledgments .................................................5
8. References ......................................................5
8.1. Normative References .......................................5
8.2. Informative References .....................................6
This document describes the use of the Camellia block cipher algorithm [1] in Cipher Block Chaining (CBC) mode, Counter (CTR) mode, and Counter with CBC-MAC (CCM) mode as additional, optional-to-implement IKEv2 [2] and Encapsulating Security Payload (ESP) [3] mechanisms to provide confidentiality, data origin authentication, and connectionless integrity.
本文件描述了在密码分组链(CBC)模式、计数器(CTR)模式和计数器(CBC-MAC(CCM)模式下使用Camellia分组密码算法[1],作为附加可选,以实现IKEv2[2]和封装安全有效载荷(ESP)[3]机制,以提供机密性、数据源身份验证,和无连接的完整性。
Since optimized source code is provided under several open source licenses [9], Camellia is also adopted by several open source projects (OpenSSL, FreeBSD, Linux, and Firefox Gran Paradiso).
由于优化的源代码是在几个开源许可下提供的[9],Camellia也被几个开源项目(OpenSSL、FreeBSD、Linux和Firefox Gran Paradiso)采用。
The algorithm specification and object identifiers are described in [1].
[1]中描述了算法规范和对象标识符。
The Camellia web site [10] contains a wealth of information about Camellia, including detailed specification, security analysis, performance figures, reference implementation, optimized implementation, test vectors, and intellectual property information.
Camellia网站[10]包含了大量关于Camellia的信息,包括详细的规范、安全性分析、性能数据、参考实现、优化实现、测试向量和知识产权信息。
The remainder of this document specifies the use of various modes of operation for Camellia within the context of IPsec ESP. For further information on how the various pieces of IPsec in general and ESP in particular fit together to provide security services, please refer to [11] and [3].
本文档的其余部分规定了在IPsec ESP的上下文中对Camellia的各种操作模式的使用。有关IPsec的各个部分,尤其是ESP如何结合在一起提供安全服务的更多信息,请参阅[11]和[3]。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [4].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[4]中所述进行解释。
All symmetric block cipher algorithms share common characteristics and variables, including mode, key size, weak keys, block size, and rounds. The relevant characteristics of Camellia are described in [1].
所有对称分组密码算法都具有共同的特征和变量,包括模式、密钥大小、弱密钥、块大小和轮数。文献[1]描述了山茶属植物的相关特征。
Camellia uses a block size of 16 octets (128 bits).
Camellia使用16个八位字节(128位)的块大小。
Padding requirements are described:
填充要求如下所述:
(a) Camellia Padding requirement is specified in [3], (b) Camellia-CBC Padding requirement is specified in [3], (c) Camellia-CCM Padding requirement is specified in [5], and (d) ESP Padding requirement is specified in [3].
(a) [3]中规定了茶花填充要求,[3]中规定了(b)茶花CBC填充要求,[5]中规定了(c)茶花CCM填充要求,[3]中规定了(d)ESP填充要求。
Performance figures for Camellia are available at [10]. The NESSIE project has reported on the performance of optimized implementations independently [12].
茶花属植物的性能数据见[10]。NESSIE项目独立报告了优化实施的性能[12]。
This document describes three modes of operation for the use of Camellia with IPsec: CBC (Cipher Block Chaining), CTR (Counter), and CCM (Counter with CBC-MAC).
本文档描述了使用带IPsec的Camellia的三种操作模式:CBC(密码块链接)、CTR(计数器)和CCM(带CBC-MAC的计数器)。
Camellia CBC mode is defined in [6].
[6]中定义了Camellia CBC模式。
Camellia in CTR and CCM modes is used in IPsec as AES in [7] and [8]. In this specification, CCM is used with the Camellia [13] block cipher.
[7]和[8]将CTR和CCM模式下的Camellia用作IPsec中的AES。在本规范中,CCM与Camellia[13]分组密码一起使用。
This section describes the transform ID and conventions used to generate keying material for use with ENCR_CAMELLIA_CBC, ENCR_CAMELLIA_CTR, and ENCR_CAMELLIA_CCM using the Internet Key Exchange (IKEv2) [2].
本节描述用于生成密钥材料的转换ID和约定,以便使用Internet密钥交换(IKEv2)与ENCR_CAMELLIA_CBC、ENCR_CAMELLIA_CTR和ENCR_CAMELLIA_CCM一起使用[2]。
The size of KEYMAT MUST be equal or longer than the associated Camellia key. The keying material is used as follows:
键盘垫的大小必须等于或大于关联的茶花键。键控材料的使用方式如下:
Camellia-CBC with a 128-bit key The KEYMAT requested for each Camellia-CBC key is 16 octets. All 16 octets are the 128-bit Camellia key.
具有128位密钥的Camellia CBC为每个Camellia CBC密钥请求的键盘为16个八位字节。所有16个八位字节都是128位Camellia密钥。
Camellia-CBC with a 192-bit key The KEYMAT requested for each Camellia-CBC key is 24 octets. All 24 octets are the 192-bit Camellia key.
具有192位密钥的Camellia CBC为每个Camellia CBC密钥请求的键盘为24个八位字节。所有24个八位字节都是192位Camellia密钥。
Camellia-CBC with a 256-bit key The KEYMAT requested for each Camellia-CBC key is 32 octets. All 32 octets are the 256-bit Camellia key.
具有256位密钥的Camellia CBC为每个Camellia CBC密钥请求的键盘为32个八位字节。所有32个八位字节都是256位Camellia密钥。
Camellia-CTR with a 128-bit key The KEYMAT requested for each Camellia-CTR key is 20 octets. The first 16 octets are the 128-bit Camellia key, and the remaining four octets are used as the nonce value in the counter block.
具有128位密钥的Camellia CTR为每个Camellia CTR密钥请求的键盘为20个八位字节。前16个八位字节是128位Camellia密钥,其余四个八位字节用作计数器块中的nonce值。
Camellia-CTR with a 192-bit key The KEYMAT requested for each Camellia-CTR key is 28 octets. The first 24 octets are the 192-bit Camellia key, and the remaining four octets are used as the nonce value in the counter block.
具有192位密钥的Camellia CTR为每个Camellia CTR密钥请求的键盘为28个八位字节。前24个八位字节是192位Camellia密钥,其余四个八位字节用作计数器块中的nonce值。
Camellia-CTR with a 256-bit key The KEYMAT requested for each Camellia-CTR key is 36 octets. The first 32 octets are the 256-bit Camellia key, and the remaining four octets are used as the nonce value in the counter block.
具有256位密钥的Camellia CTR每个Camellia CTR密钥请求的键盘为36个八位字节。前32个八位字节是256位Camellia密钥,其余四个八位字节用作计数器块中的nonce值。
Camellia-CCM with a 128-bit key The KEYMAT requested for each Camellia-CCM key is 19 octets. The first 16 octets are the 128-bit Camellia key, and the remaining three octets are used as the salt value in the counter block.
具有128位密钥的Camellia CCM为每个Camellia CCM密钥请求的键盘为19个八位字节。前16个八位字节是128位Camellia密钥,其余三个八位字节用作计数器块中的salt值。
Camellia-CCM with a 192-bit key The KEYMAT requested for each Camellia-CCM key is 27 octets. The first 24 octets are the 192-bit Camellia key, and the remaining three octets are used as the salt value in the counter block.
具有192位密钥的Camellia CCM为每个Camellia CCM密钥请求的键盘为27个八位字节。前24个八位字节是192位Camellia密钥,其余三个八位字节用作计数器块中的salt值。
Camellia-CCM with a 256-bit key The KEYMAT requested for each Camellia-CCM key is 35 octets. The first 32 octets are the 256-bit Camellia key, and the remaining three octets are used as the salt value in the counter block.
具有256位密钥的Camellia CCM为每个Camellia CCM密钥请求的键盘为35个八位字节。前32个八位字节是256位Camellia密钥,其余三个八位字节用作计数器块中的salt值。
For IKEv2 negotiations, IANA has assigned five ESP Transform Identifiers for Camellia-CBC, Camellia-CTR, and Camellia-CCM, as recorded in Section 6.
对于IKEv2谈判,IANA为Camellia CBC、Camellia CTR和Camellia CCM分配了五个ESP转换标识符,如第6节所述。
Since Camellia supports three key lengths, the Key Length attribute MUST be specified in the IKE exchange [2]. The Key Length attribute MUST have a value of 128, 192, or 256 bits.
由于Camellia支持三种密钥长度,因此必须在IKE交换中指定密钥长度属性[2]。密钥长度属性的值必须为128、192或256位。
For security considerations of CTR and CCM mode, this document refers to Section 9 of [7] and Section 7 of [8].
出于CTR和CCM模式的安全考虑,本文件参考[7]第9节和[8]第7节。
No security problem has been found for Camellia [14], [12].
茶花[14],[12]未发现任何安全问题。
IANA has assigned IKEv2 parameters for use with Camellia-CTR and with Camellia-CCM for Transform Type 1 (Encryption Algorithm):
IANA已为转换类型1(加密算法)分配IKEv2参数,用于Camellia CTR和Camellia CCM:
23 for ENCR_CAMELLIA_CBC;
24 for ENCR_CAMELLIA_CTR;
25 for ENCR_CAMELLIA_CCM with an 8-octet ICV;
26 for ENCR_CAMELLIA_CCM with a 12-octet ICV; and
27 for ENCR_CAMELLIA_CCM with a 16-octet ICV.
23 for ENCR_CAMELLIA_CBC;
24 for ENCR_CAMELLIA_CTR;
25 for ENCR_CAMELLIA_CCM with an 8-octet ICV;
26 for ENCR_CAMELLIA_CCM with a 12-octet ICV; and
27 for ENCR_CAMELLIA_CCM with a 16-octet ICV.
We thank Tim Polk and Tero Kivinen for their initial review of this document. Thanks to Derek Atkins and Rui Hodai for their comments and suggestions. Special thanks to Alfred Hoenes for several very detailed reviews and suggestions.
我们感谢Tim Polk和Tero Kivinen对本文件的初步审查。感谢Derek Atkins和Rui Hodai的评论和建议。特别感谢阿尔弗雷德·霍恩斯(Alfred Hoenes)几次非常详细的评论和建议。
[1] Matsui, M., Nakajima, J., and S. Moriai, "A Description of the Camellia Encryption Algorithm", RFC 3713, April 2004.
[1] Matsui,M.,Nakajima,J.,和S.Moraii,“茶花加密算法的描述”,RFC 3713,2004年4月。
[2] Kaufman, C., "Internet Key Exchange (IKEv2) Protocol", RFC 4306, December 2005.
[2] Kaufman,C.,“因特网密钥交换(IKEv2)协议”,RFC 4306,2005年12月。
[3] Kent, S., "IP Encapsulating Security Payload (ESP)", RFC 4303, December 2005.
[3] Kent,S.,“IP封装安全有效载荷(ESP)”,RFC 4303,2005年12月。
[4] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[4] Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[5] Dworkin, M., "Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality", NIST Special Publication 800-38C, July 2007, <http://csrc.nist.gov/publications/nistpubs/800-38C/ SP800-38C_updated-July20_2007.pdf>.
[5] Dworkin,M.“分组密码操作模式的建议:认证和保密的CCM模式”,NIST特别出版物800-38C,2007年7月<http://csrc.nist.gov/publications/nistpubs/800-38C/ SP800-38C_更新-July20_2007.pdf>。
[6] Kato, A., Moriai, S., and M. Kanda, "The Camellia Cipher Algorithm and Its Use With IPsec", RFC 4312, December 2005.
[6] Kato,A.,Moraii,S.,和M.Kanda,“茶花密码算法及其与IPsec的使用”,RFC 4312,2005年12月。
[7] Housley, R., "Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP)", RFC 4309, December 2005.
[7] Housley,R.,“使用高级加密标准(AES)CCM模式和IPsec封装安全有效载荷(ESP)”,RFC 4309,2005年12月。
[8] Housley, R., "Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP)", RFC 3686, January 2004.
[8] Housley,R.,“将高级加密标准(AES)计数器模式与IPsec封装安全有效载荷(ESP)结合使用”,RFC 3686,2004年1月。
[9] "Camellia open source software", <http://info.isl.ntt.co.jp/crypt/eng/camellia/source.html>.
[9] “Camellia开源软件”<http://info.isl.ntt.co.jp/crypt/eng/camellia/source.html>.
[10] "Camellia web site", <http://info.isl.ntt.co.jp/camellia/>.
[10] “山茶花网站”<http://info.isl.ntt.co.jp/camellia/>.
[11] Kent, S. and K. Seo, "Security Architecture for the Internet Protocol", RFC 4301, December 2005.
[11] Kent,S.和K.Seo,“互联网协议的安全架构”,RFC 43012005年12月。
[12] "The NESSIE project (New European Schemes for Signatures, Integrity and Encryption)", <http://www.cosic.esat.kuleuven.be/nessie/>.
[12] “尼斯工程(新的欧洲签名、完整性和加密方案)”<http://www.cosic.esat.kuleuven.be/nessie/>.
[13] Kato, A., Kanda, M., and S. Kanno, "Camellia Counter Mode and Camellia Counter with CBC-MAC Mode Algorithms", RFC 5528, April 2009.
[13] Kato,A.,Kanda,M.,和S.Kanno,“茶花计数器模式和具有CBC-MAC模式算法的茶花计数器”,RFC 5528,2009年4月。
[14] Information-technology Promotion Agency (IPA), "Cryptography Research and Evaluation Committees", <http://www.ipa.go.jp/security/enc/CRYPTREC/index-e.html>.
[14] 信息技术促进局(IPA),“密码学研究和评估委员会”<http://www.ipa.go.jp/security/enc/CRYPTREC/index-e.html>.
Authors' Addresses
作者地址
Akihiro Kato NTT Software Corporation
加藤昭宏NTT软件公司
Phone: +81-45-212-7577
Fax: +81-45-212-9800
EMail: akato@po.ntts.co.jp
Phone: +81-45-212-7577
Fax: +81-45-212-9800
EMail: akato@po.ntts.co.jp
Masayuki Kanda NTT
神田正辅
Phone: +81-422-59-3456
Fax: +81-422-59-4015
EMail: kanda.masayuki@lab.ntt.co.jp
Phone: +81-422-59-3456
Fax: +81-422-59-4015
EMail: kanda.masayuki@lab.ntt.co.jp
Satoru Kanno NTT Software Corporation
Satoru Kanno NTT软件公司
Phone: +81-45-212-7577
Fax: +81-45-212-9800
EMail: kanno-s@po.ntts.co.jp
Phone: +81-45-212-7577
Fax: +81-45-212-9800
EMail: kanno-s@po.ntts.co.jp