Internet Engineering Task Force (IETF)                          S. Kanno
Request for Comments: 6367                      NTT Software Corporation
Category: Informational                                         M. Kanda
ISSN: 2070-1721                                                      NTT
                                                          September 2011
        
Internet Engineering Task Force (IETF)                          S. Kanno
Request for Comments: 6367                      NTT Software Corporation
Category: Informational                                         M. Kanda
ISSN: 2070-1721                                                      NTT
                                                          September 2011
        

Addition of the Camellia Cipher Suites to Transport Layer Security (TLS)

将Camellia密码套件添加到传输层安全性(TLS)

Abstract

摘要

This document specifies forty-two cipher suites for the Transport Security Layer (TLS) protocol to support the Camellia encryption algorithm as a block cipher.

本文档为传输安全层(TLS)协议指定了42个密码套件,以支持作为分组密码的Camellia加密算法。

Status of This Memo

关于下段备忘

This document is not an Internet Standards Track specification; it is published for informational purposes.

本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6367.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc6367.

Copyright Notice

版权公告

Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2011 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 2
     1.1.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . 2
   2.  Proposed Cipher Suites  . . . . . . . . . . . . . . . . . . . . 3
     2.1.  HMAC-Based Cipher Suites  . . . . . . . . . . . . . . . . . 3
     2.2.  GCM-Based Cipher Suites . . . . . . . . . . . . . . . . . . 3
     2.3.  PSK-Based Cipher Suites . . . . . . . . . . . . . . . . . . 4
   3.  Cipher Suite Definitions  . . . . . . . . . . . . . . . . . . . 4
     3.1.  Key Exchange  . . . . . . . . . . . . . . . . . . . . . . . 4
     3.2.  Cipher  . . . . . . . . . . . . . . . . . . . . . . . . . . 4
     3.3.  PRFs  . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
     3.4.  PSK Cipher Suites . . . . . . . . . . . . . . . . . . . . . 5
   4.  Security Considerations . . . . . . . . . . . . . . . . . . . . 5
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5
   6.  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 6
     6.1.  Normative References  . . . . . . . . . . . . . . . . . . . 6
     6.2.  Informative References  . . . . . . . . . . . . . . . . . . 7
        
   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 2
     1.1.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . 2
   2.  Proposed Cipher Suites  . . . . . . . . . . . . . . . . . . . . 3
     2.1.  HMAC-Based Cipher Suites  . . . . . . . . . . . . . . . . . 3
     2.2.  GCM-Based Cipher Suites . . . . . . . . . . . . . . . . . . 3
     2.3.  PSK-Based Cipher Suites . . . . . . . . . . . . . . . . . . 4
   3.  Cipher Suite Definitions  . . . . . . . . . . . . . . . . . . . 4
     3.1.  Key Exchange  . . . . . . . . . . . . . . . . . . . . . . . 4
     3.2.  Cipher  . . . . . . . . . . . . . . . . . . . . . . . . . . 4
     3.3.  PRFs  . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
     3.4.  PSK Cipher Suites . . . . . . . . . . . . . . . . . . . . . 5
   4.  Security Considerations . . . . . . . . . . . . . . . . . . . . 5
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5
   6.  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 6
     6.1.  Normative References  . . . . . . . . . . . . . . . . . . . 6
     6.2.  Informative References  . . . . . . . . . . . . . . . . . . 7
        
1. Introduction
1. 介绍

The Camellia cipher suites are already specified in RFC 5932 [15] with SHA-256-based Hashed Message Authentication Code (HMAC) using asymmetric key encryption. This document proposes the addition of new cipher suites to the Transport Layer Security (TLS) [8] protocol to support the Camellia [4] cipher algorithm as a block cipher algorithm. The proposed cipher suites include variants using the SHA-2 family of cryptographic hash functions [13] and Galois Counter Mode (GCM) [14]. Elliptic curve cipher suites and pre-shared key (PSK) [5] cipher suites are also included.

在RFC 5932[15]中,已经使用基于SHA-256的哈希消息身份验证码(HMAC)使用非对称密钥加密指定了Camellia密码套件。本文档建议在传输层安全(TLS)[8]协议中添加新的密码套件,以支持作为分组密码算法的Camellia[4]密码算法。建议的密码套件包括使用SHA-2系列加密哈希函数[13]和伽罗瓦计数器模式(GCM)[14]的变体。还包括椭圆曲线密码套件和预共享密钥(PSK)[5]密码套件。

1.1. Terminology
1.1. 术语

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [3].

本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[3]中所述进行解释。

2. Proposed Cipher Suites
2. 建议的密码套件
2.1. HMAC-Based Cipher Suites
2.1. 基于HMAC的密码套件

The eight cipher suites use Camellia [4] in Cipher Block Chaining (CBC) [4] mode with a SHA-2 family HMAC using the elliptic curve cryptosystem:

八个密码套件在密码块链接(CBC)[4]模式下使用Camelia[4],SHA-2系列HMAC使用椭圆曲线密码系统:

 CipherSuite TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 = {0xC0,0x72};
 CipherSuite TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 = {0xC0,0x73};
 CipherSuite TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  = {0xC0,0x74};
 CipherSuite TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  = {0xC0,0x75};
 CipherSuite TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   = {0xC0,0x76};
 CipherSuite TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   = {0xC0,0x77};
 CipherSuite TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    = {0xC0,0x78};
 CipherSuite TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    = {0xC0,0x79};
        
 CipherSuite TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 = {0xC0,0x72};
 CipherSuite TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 = {0xC0,0x73};
 CipherSuite TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  = {0xC0,0x74};
 CipherSuite TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  = {0xC0,0x75};
 CipherSuite TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   = {0xC0,0x76};
 CipherSuite TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   = {0xC0,0x77};
 CipherSuite TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    = {0xC0,0x78};
 CipherSuite TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    = {0xC0,0x79};
        
2.2. GCM-Based Cipher Suites
2.2. 基于GCM的密码套件

The twenty cipher suites use the same asymmetric key algorithms as those in the previous section but use the authenticated encryption modes defined in TLS 1.2 [8] with Camellia in GCM [14].

二十个密码套件使用与前一节中相同的非对称密钥算法,但使用TLS 1.2[8]中定义的认证加密模式以及GCM[14]中的Camellia。

CipherSuite TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256          = {0xC0,0x7A};
CipherSuite TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384          = {0xC0,0x7B};
CipherSuite TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256      = {0xC0,0x7C};
CipherSuite TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384      = {0xC0,0x7D};
CipherSuite TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256       = {0xC0,0x7E};
CipherSuite TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384       = {0xC0,0x7F};
CipherSuite TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256      = {0xC0,0x80};
CipherSuite TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384      = {0xC0,0x81};
CipherSuite TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256       = {0xC0,0x82};
CipherSuite TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384       = {0xC0,0x83};
CipherSuite TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256      = {0xC0,0x84};
CipherSuite TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384      = {0xC0,0x85};
CipherSuite TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256  = {0xC0,0x86};
CipherSuite TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384  = {0xC0,0x87};
CipherSuite TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256   = {0xC0,0x88};
CipherSuite TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384   = {0xC0,0x89};
CipherSuite TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256    = {0xC0,0x8A};
CipherSuite TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384    = {0xC0,0x8B};
CipherSuite TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256     = {0xC0,0x8C};
CipherSuite TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384     = {0xC0,0x8D};
        
CipherSuite TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256          = {0xC0,0x7A};
CipherSuite TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384          = {0xC0,0x7B};
CipherSuite TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256      = {0xC0,0x7C};
CipherSuite TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384      = {0xC0,0x7D};
CipherSuite TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256       = {0xC0,0x7E};
CipherSuite TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384       = {0xC0,0x7F};
CipherSuite TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256      = {0xC0,0x80};
CipherSuite TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384      = {0xC0,0x81};
CipherSuite TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256       = {0xC0,0x82};
CipherSuite TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384       = {0xC0,0x83};
CipherSuite TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256      = {0xC0,0x84};
CipherSuite TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384      = {0xC0,0x85};
CipherSuite TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256  = {0xC0,0x86};
CipherSuite TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384  = {0xC0,0x87};
CipherSuite TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256   = {0xC0,0x88};
CipherSuite TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384   = {0xC0,0x89};
CipherSuite TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256    = {0xC0,0x8A};
CipherSuite TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384    = {0xC0,0x8B};
CipherSuite TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256     = {0xC0,0x8C};
CipherSuite TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384     = {0xC0,0x8D};
        
2.3. PSK-Based Cipher Suites
2.3. 基于PSK的密码套件

The fourteen cipher suites describe PSK cipher suites. The first six cipher suites use Camellia with GCM, and the next eight cipher suites use Camellia with SHA-2 family HMAC using asymmetric key encryption or the elliptic curve cryptosystem.

十四个密码套件描述了PSK密码套件。前六个密码套件使用Camellia和GCM,接下来的八个密码套件使用Camellia和SHA-2系列HMAC,使用非对称密钥加密或椭圆曲线密码系统。

  CipherSuite TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256        = {0xC0,0x8D};
  CipherSuite TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384        = {0xC0,0x8F};
  CipherSuite TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256    = {0xC0,0x90};
  CipherSuite TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384    = {0xC0,0x91};
  CipherSuite TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256    = {0xC0,0x92};
  CipherSuite TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384    = {0xC0,0x93};
  CipherSuite TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256        = {0xC0,0x94};
  CipherSuite TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384        = {0xC0,0x95};
  CipherSuite TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256    = {0xC0,0x96};
  CipherSuite TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384    = {0xC0,0x97};
  CipherSuite TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256    = {0xC0,0x98};
  CipherSuite TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384    = {0xC0,0x99};
  CipherSuite TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256  = {0xC0,0x9A};
  CipherSuite TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384  = {0xC0,0x9B};
        
  CipherSuite TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256        = {0xC0,0x8D};
  CipherSuite TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384        = {0xC0,0x8F};
  CipherSuite TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256    = {0xC0,0x90};
  CipherSuite TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384    = {0xC0,0x91};
  CipherSuite TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256    = {0xC0,0x92};
  CipherSuite TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384    = {0xC0,0x93};
  CipherSuite TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256        = {0xC0,0x94};
  CipherSuite TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384        = {0xC0,0x95};
  CipherSuite TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256    = {0xC0,0x96};
  CipherSuite TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384    = {0xC0,0x97};
  CipherSuite TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256    = {0xC0,0x98};
  CipherSuite TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384    = {0xC0,0x99};
  CipherSuite TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256  = {0xC0,0x9A};
  CipherSuite TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384  = {0xC0,0x9B};
        
3. Cipher Suite Definitions
3. 密码套件定义
3.1. Key Exchange
3.1. 密钥交换

The RSA, DHE_RSA, DH_RSA, DHE_DSS, DH_DSS, ECDH, DH_anon, and ECDHE key exchanges are performed as defined in RFC 5246 [8].

RSA、DHE_RSA、DH_RSA、DHE_DSS、DH_DSS、ECDH、DH_anon和ECDHE密钥交换按照RFC 5246[8]中的定义执行。

3.2. Cipher
3.2. 密码

This document describes cipher suites based on Camellia cipher using CBC mode and GCM. The details are as follows.

本文描述了使用CBC模式和GCM的基于Camellia密码的密码套件。详情如下。

The CAMELLIA_128_CBC cipher suites use Camellia [4] in CBC mode with a 128-bit key and 128-bit Initialization Vector (IV); the CAMELLIA_256_CBC cipher suites use a 256-bit key and 128-bit IV.

CAMELLIA_128_CBC密码套件在CBC模式下使用CAMELLIA[4],具有128位密钥和128位初始化向量(IV);CAMELLIA_256_CBC密码套件使用256位密钥和128位IV。

Advanced Encryption Standard (AES) [19] authenticated encryption with additional data algorithms, AEAD_AES_128_GCM and AEAD_AES_256_GCM, are described in RFC 5116 [7]. AES GCM cipher suites for TLS are described in RFC 5288 [9]. AES and Camellia share common characteristics including key sizes and block length. CAMELLIA_128_GCM and CAMELLIA_256_GCM are defined according to those of AES.

高级加密标准(AES)[19]RFC 5116[7]中描述了带有附加数据算法的认证加密,AEAD_AES_128_GCM和AEAD_AES_256_GCM。RFC 5288[9]中描述了TLS的AES GCM密码套件。AES和Camellia具有共同的特征,包括密钥大小和块长度。根据AES的定义,定义了CAMELLIA_128_GCM和CAMELLIA_256_GCM。

3.3. PRFs
3.3. PRFs

The hash algorithms and pseudorandom function (PRF) algorithms for TLS 1.2 [8] SHALL be as follows:

TLS 1.2[8]的哈希算法和伪随机函数(PRF)算法应如下所示:

a. The cipher suites ending with _SHA256 use HMAC-SHA-256 [1] as the MAC algorithm. The PRF is the TLS PRF [8] with SHA-256 [13] as the hash function.

a. 以_SHA256结尾的密码套件使用HMAC-SHA-256[1]作为MAC算法。PRF是TLS PRF[8],SHA-256[13]作为哈希函数。

b. The cipher suites ending with _SHA384 use HMAC-SHA-384 [1] as the MAC algorithm. The PRF is the TLS PRF [8] with SHA-384 [13] as the hash function.

b. 以_SHA384结尾的密码套件使用HMAC-SHA-384[1]作为MAC算法。PRF是TLS PRF[8],SHA-384[13]作为哈希函数。

When used with TLS versions prior to 1.2 (TLS 1.0 [2] and TLS 1.1 [6]), the PRF is calculated as specified in the appropriate version of the TLS specification.

当与1.2之前的TLS版本(TLS 1.0[2]和TLS 1.1[6])一起使用时,应按照TLS规范相应版本中的规定计算PRF。

3.4. PSK Cipher Suites
3.4. PSK密码套件

PSK cipher suites for TLS are described in RFC 5487 [11] as to SHA-256/384 and RFC 5489 [12] as to ECDHE_PSK.

关于SHA-256/384的RFC 5487[11]和关于ECDHE_PSK的RFC 5489[12]中描述了TLS的PSK密码套件。

4. Security Considerations
4. 安全考虑

At the time of writing this document, there are no known weak keys for Camellia. Additionally, no security problems with Camellia have been found (see NESSIE [16], CRYPTREC [17], and LNCS 5867[18]).

在编写本文档时,没有已知的Camellia的弱键。此外,还未发现茶花的安全问题(见NESSIE[16]、CRYPTREC[17]和LNCS 5867[18])。

The security considerations in previous RFCs (RFC 5116 [7], RFC 5289 [10], and RFC 5487 [11]) apply to this document as well.

先前RFC(RFC 5116[7]、RFC 5289[10]和RFC 5487[11])中的安全注意事项也适用于本文件。

5. IANA Considerations
5. IANA考虑

IANA allocated the following numbers in the TLS Cipher Suite Registry:

IANA在TLS密码套件注册表中分配了以下号码:

CipherSuite TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  = {0xC0,0x72};
CipherSuite TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  = {0xC0,0x73};
CipherSuite TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256   = {0xC0,0x74};
CipherSuite TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384   = {0xC0,0x75};
CipherSuite TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256    = {0xC0,0x76};
CipherSuite TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384    = {0xC0,0x77};
CipherSuite TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256     = {0xC0,0x78};
CipherSuite TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384     = {0xC0,0x79};
CipherSuite TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256          = {0xC0,0x7A};
CipherSuite TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384          = {0xC0,0x7B};
CipherSuite TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256      = {0xC0,0x7C};
CipherSuite TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384      = {0xC0,0x7D};
        
CipherSuite TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  = {0xC0,0x72};
CipherSuite TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  = {0xC0,0x73};
CipherSuite TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256   = {0xC0,0x74};
CipherSuite TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384   = {0xC0,0x75};
CipherSuite TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256    = {0xC0,0x76};
CipherSuite TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384    = {0xC0,0x77};
CipherSuite TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256     = {0xC0,0x78};
CipherSuite TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384     = {0xC0,0x79};
CipherSuite TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256          = {0xC0,0x7A};
CipherSuite TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384          = {0xC0,0x7B};
CipherSuite TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256      = {0xC0,0x7C};
CipherSuite TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384      = {0xC0,0x7D};
        
CipherSuite TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256       = {0xC0,0x7E};
CipherSuite TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384       = {0xC0,0x7F};
CipherSuite TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256      = {0xC0,0x80};
CipherSuite TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384      = {0xC0,0x81};
CipherSuite TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256       = {0xC0,0x82};
CipherSuite TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384       = {0xC0,0x83};
CipherSuite TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256      = {0xC0,0x84};
CipherSuite TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384      = {0xC0,0x85};
CipherSuite TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256  = {0xC0,0x86};
CipherSuite TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384  = {0xC0,0x87};
CipherSuite TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256   = {0xC0,0x88};
CipherSuite TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384   = {0xC0,0x89};
CipherSuite TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256    = {0xC0,0x8A};
CipherSuite TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384    = {0xC0,0x8B};
CipherSuite TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256     = {0xC0,0x8C};
CipherSuite TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384     = {0xC0,0x8D};
CipherSuite TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256          = {0xC0,0x8E};
CipherSuite TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384          = {0xC0,0x8F};
CipherSuite TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256      = {0xC0,0x90};
CipherSuite TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384      = {0xC0,0x91};
CipherSuite TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256      = {0xC0,0x92};
CipherSuite TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384      = {0xC0,0x93};
CipherSuite TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256          = {0xC0,0x94};
CipherSuite TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384          = {0xC0,0x95};
CipherSuite TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256      = {0xC0,0x96};
CipherSuite TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384      = {0xC0,0x97};
CipherSuite TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256      = {0xC0,0x98};
CipherSuite TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384      = {0xC0,0x99};
CipherSuite TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256    = {0xC0,0x9A};
CipherSuite TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384    = {0xC0,0x9B};
        
CipherSuite TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256       = {0xC0,0x7E};
CipherSuite TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384       = {0xC0,0x7F};
CipherSuite TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256      = {0xC0,0x80};
CipherSuite TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384      = {0xC0,0x81};
CipherSuite TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256       = {0xC0,0x82};
CipherSuite TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384       = {0xC0,0x83};
CipherSuite TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256      = {0xC0,0x84};
CipherSuite TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384      = {0xC0,0x85};
CipherSuite TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256  = {0xC0,0x86};
CipherSuite TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384  = {0xC0,0x87};
CipherSuite TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256   = {0xC0,0x88};
CipherSuite TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384   = {0xC0,0x89};
CipherSuite TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256    = {0xC0,0x8A};
CipherSuite TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384    = {0xC0,0x8B};
CipherSuite TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256     = {0xC0,0x8C};
CipherSuite TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384     = {0xC0,0x8D};
CipherSuite TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256          = {0xC0,0x8E};
CipherSuite TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384          = {0xC0,0x8F};
CipherSuite TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256      = {0xC0,0x90};
CipherSuite TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384      = {0xC0,0x91};
CipherSuite TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256      = {0xC0,0x92};
CipherSuite TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384      = {0xC0,0x93};
CipherSuite TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256          = {0xC0,0x94};
CipherSuite TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384          = {0xC0,0x95};
CipherSuite TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256      = {0xC0,0x96};
CipherSuite TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384      = {0xC0,0x97};
CipherSuite TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256      = {0xC0,0x98};
CipherSuite TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384      = {0xC0,0x99};
CipherSuite TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256    = {0xC0,0x9A};
CipherSuite TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384    = {0xC0,0x9B};
        
6. References
6. 工具书类
6.1. Normative References
6.1. 规范性引用文件

[1] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997.

[1] Krawczyk,H.,Bellare,M.和R.Canetti,“HMAC:用于消息身份验证的键控哈希”,RFC 2104,1997年2月。

[2] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC 2246, January 1999.

[2] Dierks,T.和C.Allen,“TLS协议1.0版”,RFC 2246,1999年1月。

[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[3] Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[4] Matsui, M., Nakajima, J., and S. Moriai, "A Description of the Camellia Encryption Algorithm", RFC 3713, April 2004.

[4] Matsui,M.,Nakajima,J.,和S.Moraii,“茶花加密算法的描述”,RFC 3713,2004年4月。

[5] Eronen, P. and H. Tschofenig, "Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)", RFC 4279, December 2005.

[5] Eronen,P.和H.Tschofenig,“用于传输层安全(TLS)的预共享密钥密码套件”,RFC 4279,2005年12月。

[6] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.1", RFC 4346, April 2006.

[6] Dierks,T.和E.Rescorla,“传输层安全(TLS)协议版本1.1”,RFC 4346,2006年4月。

[7] McGrew, D., "An Interface and Algorithms for Authenticated Encryption", RFC 5116, January 2008.

[7] McGrew,D.,“认证加密的接口和算法”,RFC 5116,2008年1月。

[8] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008.

[8] Dierks,T.和E.Rescorla,“传输层安全(TLS)协议版本1.2”,RFC 5246,2008年8月。

[9] Salowey, J., Choudhury, A., and D. McGrew, "AES Galois Counter Mode (GCM) Cipher Suites for TLS", RFC 5288, August 2008.

[9] Salowey,J.,Choudhury,A.和D.McGrew,“用于TLS的AES伽罗瓦计数器模式(GCM)密码套件”,RFC 5288,2008年8月。

[10] Rescorla, E., "TLS Elliptic Curve Cipher Suites with SHA-256/ 384 and AES Galois Counter Mode (GCM)", RFC 5289, August 2008.

[10] Rescorla,E.,“具有SHA-256/384和AES伽罗瓦计数器模式(GCM)的TLS椭圆曲线密码套件”,RFC 5289,2008年8月。

[11] Badra, M., "Pre-Shared Key Cipher Suites for TLS with SHA-256/ 384 and AES Galois Counter Mode", RFC 5487, March 2009.

[11] Badra,M.,“具有SHA-256/384和AES Galois计数器模式的TLS预共享密钥密码套件”,RFC 5487,2009年3月。

[12] Badra, M. and I. Hajjeh, "ECDHE_PSK Cipher Suites for Transport Layer Security (TLS)", RFC 5489, March 2009.

[12] Badra,M.和I.Hajjeh,“用于传输层安全(TLS)的ECDHE_PSK密码套件”,RFC 5489,2009年3月。

[13] National Institute of Standards and Technology, "Secure Hash Standard (SHS)", FIPS PUB 180, October 2008, <http://csrc.nist.gov/publications/fips/fips180-3/ fips180-3_final.pdf>.

[13] 国家标准与技术研究所,“安全哈希标准(SHS)”,FIPS PUB 180,2008年10月<http://csrc.nist.gov/publications/fips/fips180-3/ fips180-3_final.pdf>。

[14] Dworkin, M., "Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) for Confidentiality and Authentication", Special Publication 800-38D, April 2006, <http://csrc.nist.gov/publications/nistpubs/800-38D/ SP-800-38D.pdf>.

[14] Dworkin,M.“分组密码操作模式的建议:用于保密和认证的Galois/计数器模式(GCM)”,特别出版物800-38D,2006年4月<http://csrc.nist.gov/publications/nistpubs/800-38D/ SP-800-38D.pdf>。

6.2. Informative References
6.2. 资料性引用

[15] Kato, A., Kanda, M., and S. Kanno, "Camellia Cipher Suites for TLS", RFC 5932, June 2010.

[15] Kato,A.,Kanda,M.,和S.Kanno,“TLS的茶花密码套件”,RFC 5932,2010年6月。

[16] "The NESSIE Project (New European Schemes for Signatures, Integrity and Encryption)", <http://www.cosic.esat.kuleuven.be/nessie/>.

[16] “尼斯工程(新的欧洲签名、完整性和加密方案)”<http://www.cosic.esat.kuleuven.be/nessie/>.

[17] "CRYPTREC (Cryptography Research and Evaluation Committees)", <http://www.cryptrec.go.jp/english/estimation.html>.

[17] “CRYPTREC(密码学研究和评估委员会)”<http://www.cryptrec.go.jp/english/estimation.html>.

[18] Mala, H., Shakiba, M., Dakhilalian, M., and G. Bagherikaram, "New Results on Impossible Differential Cryptanalysis of Reduced Round Camellia-128", LNCS 5867, November 2009, <http://www.springerlink.com/content/e55783u422436g77/>.

[18] Mala,H.,Shakiba,M.,Dakhalian,M.,和G.Bagherikaram,“简化圆茶花-128不可能差分密码分析的新结果”,LNCS 58672009年11月<http://www.springerlink.com/content/e55783u422436g77/>.

[19] National Institute of Standards and Technology, "Advanced Encryption Standard (AES)", FIPS PUB 197, November 2001, <http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf>.

[19] 国家标准与技术研究所,“高级加密标准(AES)”,FIPS PUB 197,2001年11月<http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf>.

Authors' Addresses

作者地址

Satoru Kanno NTT Software Corporation

Satoru Kanno NTT软件公司

   Phone: +81-45-212-9803
   Fax:   +81-45-212-9800
   EMail: kanno.satoru@po.ntts.co.jp
        
   Phone: +81-45-212-9803
   Fax:   +81-45-212-9800
   EMail: kanno.satoru@po.ntts.co.jp
        

Masayuki Kanda NTT

神田正辅

   Phone: +81-422-59-3456
   Fax:   +81-422-59-4015
   EMail: kanda.masayuki@lab.ntt.co.jp
        
   Phone: +81-422-59-3456
   Fax:   +81-422-59-4015
   EMail: kanda.masayuki@lab.ntt.co.jp