Network Working Group S. Moriai
Request for Comments: 4132 Sony Computer Entertainment Inc.
Category: Standards Track A. Kato
NTT Software Corporation
M. Kanda
Nippon Telegraph and Telephone Corporation
July 2005
Network Working Group S. Moriai
Request for Comments: 4132 Sony Computer Entertainment Inc.
Category: Standards Track A. Kato
NTT Software Corporation
M. Kanda
Nippon Telegraph and Telephone Corporation
July 2005
Addition of Camellia Cipher Suites to Transport Layer Security (TLS)
将Camellia密码套件添加到传输层安全性(TLS)
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2005).
版权所有(C)互联网协会(2005年)。
Abstract
摘要
This document proposes the addition of new cipher suites to the Transport Layer Security (TLS) protocol to support the Camellia encryption algorithm as a bulk cipher algorithm.
本文档建议在传输层安全(TLS)协议中添加新的密码套件,以支持作为批量密码算法的Camellia加密算法。
This document proposes the addition of new cipher suites to the TLS protocol [TLS] to support the Camellia encryption algorithm as a bulk cipher algorithm. This proposal provides a new option for fast and efficient bulk cipher algorithms.
本文件建议在TLS协议[TLS]中添加新的密码套件,以支持作为批量密码算法的Camellia加密算法。该方案为快速高效的批量密码算法提供了一种新的选择。
Note: This work was done when the first author worked for NTT.
注:这项工作是在第一作者为NTT工作时完成的。
Camellia was selected as a recommended cryptographic primitive by the EU NESSIE (New European Schemes for Signatures, Integrity and Encryption) project [NESSIE] and included in the list of cryptographic techniques for Japanese e-Government systems, which were selected by the Japan CRYPTREC (Cryptography Research and Evaluation Committees) [CRYPTREC]. Camellia is also included in specification of the TV-Anytime Forum [TV-ANYTIME]. The TV-Anytime Forum is an association of organizations that seeks to develop
Camellia被欧盟NESSIE(新欧洲签名、完整性和加密方案)项目[NESSIE]选为推荐的加密原语,并被日本CRYPTREC(密码学研究和评估委员会)选为日本电子政务系统的加密技术列表[CRYPTREC]。Camellia也包含在TV-Anytime论坛[TV-Anytime]的规范中。TV-Anytime论坛是一个旨在开发
specifications to enable audio-visual and other services based on mass-market high-volume digital storage in consumer platforms. Camellia is specified as Cipher Suite in TLS used by Phase 1 S-7 (Bi-directional Metadata Delivery Protection) specification and S-5 (TV-Anytime Rights Management and Protection Information for Broadcast Applications) specification. Camellia has been submitted to other several standardization bodies such as ISO (ISO/IEC 18033) and IETF S/MIME Mail Security Working Group [Camellia-CMS].
在消费平台中实现基于大众市场大容量数字存储的视听和其他服务的规范。Camellia在第1阶段S-7(双向元数据传递保护)规范和S-5(广播应用程序的TV Anytime权限管理和保护信息)规范使用的TLS中被指定为密码套件。Camellia已提交给其他几个标准化机构,如ISO(ISO/IEC 18033)和IETF S/MIME邮件安全工作组[Camellia CMS]。
Camellia supports 128-bit block size and 128-, 192-, and 256-bit key sizes; i.e., the same interface specifications as the Advanced Encryption Standard (AES) [AES].
Camellia支持128位块大小和128、192和256位密钥大小;i、 例如,与高级加密标准(AES)[AES]相同的接口规范。
Camellia was jointly developed by NTT and Mitsubishi Electric Corporation in 2000 [CamelliaTech]. It was carefully designed to withstand all known cryptanalytic attacks and even to have a sufficiently large security leeway. It has been scrutinized by worldwide cryptographic experts.
Camellia于2000年由NTT和三菱电机公司联合开发【CamelliaTech】。它经过精心设计,能够抵御所有已知的密码分析攻击,甚至具有足够大的安全余地。它已经被全世界的密码专家仔细检查过。
Camellia was also designed to be suitable for both software and hardware implementations and to cover all possible encryption applications, from low-cost smart cards to high-speed network systems. Compared to the AES, Camellia offers at least comparable encryption speed in software and hardware. In addition, a distinguishing feature is its small hardware design. Camellia perfectly meets one of the current TLS market requirements, for which low power consumption is mandatory.
Camellia的设计也适用于软件和硬件实现,并涵盖所有可能的加密应用,从低成本智能卡到高速网络系统。与AES相比,Camellia在软件和硬件方面提供了至少相当的加密速度。此外,一个显著特点是其小型硬件设计。Camellia完全符合当前TLS市场的要求之一,低功耗是强制性的。
The algorithm specification and object identifiers are described in [Camellia-Desc]. The Camellia homepage, http://info.isl.ntt.co.jp/camellia/, contains a wealth of information about camellia, including detailed specification, security analysis, performance figures, reference implementation, and test vectors.
算法规范和对象标识符在[Camellia Desc]中描述。茶花主页,http://info.isl.ntt.co.jp/camellia/,包含有关camellia的大量信息,包括详细的规范、安全性分析、性能图、参考实现和测试向量。
The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document (in uppercase, as shown) are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应该”、“不应该”、“建议”、“可以”和“可选”(大写,如图所示)应按照[RFC2119]中所述进行解释。
The new cipher suites proposed here have the following definitions:
此处提出的新密码套件具有以下定义:
CipherSuite TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = { 0x00,0x41 };
CipherSuite TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = { 0x00,0x42 };
CipherSuite TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = { 0x00,0x43 };
CipherSuite TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = { 0x00,0x44 };
CipherSuite TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = { 0x00,0x41 };
CipherSuite TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = { 0x00,0x42 };
CipherSuite TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = { 0x00,0x43 };
CipherSuite TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = { 0x00,0x44 };
CipherSuite TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = { 0x00,0x45 };
CipherSuite TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA = { 0x00,0x46 };
CipherSuite TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = { 0x00,0x45 };
CipherSuite TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA = { 0x00,0x46 };
CipherSuite TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = { 0x00,0x84 };
CipherSuite TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = { 0x00,0x85 };
CipherSuite TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = { 0x00,0x86 };
CipherSuite TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = { 0x00,0x87 };
CipherSuite TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = { 0x00,0x88 };
CipherSuite TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA = { 0x00,0x89 };
CipherSuite TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = { 0x00,0x84 };
CipherSuite TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = { 0x00,0x85 };
CipherSuite TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = { 0x00,0x86 };
CipherSuite TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = { 0x00,0x87 };
CipherSuite TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = { 0x00,0x88 };
CipherSuite TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA = { 0x00,0x89 };
All the cipher suites described here use Camellia in cipher block chaining (CBC) mode as a bulk cipher algorithm. Camellia is a 128- bit block cipher with 128-, 192-, and 256-bit key sizes; i.e., it supports the same block and key sizes as the Advanced Encryption Standard (AES). However, this document only defines cipher suites for 128- and 256-bit keys as well as AES cipher suites for TLS [AES-TLS]. These cipher suites are efficient and practical enough for most uses, including high-security applications.
这里描述的所有密码套件都使用密码块链接(CBC)模式中的Camellia作为批量密码算法。Camelia是一种128位的分组密码,密钥大小为128、192和256位;i、 例如,它支持与高级加密标准(AES)相同的块和密钥大小。但是,本文档仅定义128位和256位密钥的密码套件以及TLS[AES-TLS]的AES密码套件。这些密码套件对于大多数应用(包括高安全性应用)来说都非常有效和实用。
Key Expanded Effective IV Block Cipher Type Material Key Material Key Bits Size Size
密钥扩展有效IV分组密码类型材质密钥材质密钥位大小
CAMELLIA_128_CBC Block 16 16 128 16 16 CAMELLIA_256_CBC Block 32 32 256 16 16
CAMELLIA_128_CBC区块16 16 128 16 CAMELLIA_256_CBC区块32 32 256 16
All the cipher suites described here use SHA-1 [SHA-1] in a Hashed Message Authentication Code (HMAC) construction, as described in section 5 of [TLS].
如[TLS]第5节所述,此处描述的所有密码套件在散列消息身份验证码(HMAC)构造中使用SHA-1[SHA-1]。
The cipher suites defined here differ in the type of certificate and key exchange method. They use the following options:
此处定义的密码套件在证书类型和密钥交换方法上有所不同。他们使用以下选项:
Cipher Suite Key Exchange Algorithm
密码套件密钥交换算法
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA RSA TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA DH_DSS TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA DH_RSA TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE_DSS TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE_RSA TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA DH_anon
带茶花的RSA带茶花的DSS带茶花的CBC带茶花的DSS带茶花的DSS带茶花的CBC带茶花的RSA带茶花的DSS带茶花的CBC带茶花的RSA带茶花的DSS带茶花的CBC带茶花的DSS
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA RSA TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA DH_DSS TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA DH_RSA TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE_DSS TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE_RSA TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA DH_anon
带茶花的RSA带茶花的DSS带茶花的CBC带茶花的DSS带茶花的CBC带茶花的RSA带茶花的CBC带茶花的DSS带茶花的CBC带茶花的RSA带茶花的RSA带茶花的DSS带茶花的CBC带茶花
For the meanings of the terms RSA, DH_DSS, DH_RSA, DHE_DSS, DHE_RSA, and DH_anon, please refer to sections 7.4.2 and 7.4.3 of [TLS].
有关术语RSA、DH_DSS、DH_RSA、DHE_DSS、DHE_RSA和DH_anon的含义,请参考[TLS]第7.4.2节和第7.4.3节。
It is not believed that the new cipher suites are ever less secure than the corresponding older ones. Camellia is considered secure, and it has withstood extensive cryptanalytic efforts in several open, worldwide cryptographic evaluation projects [CRYPTREC][NESSIE].
人们并不认为新的密码套件比相应的旧密码套件更不安全。Camellia被认为是安全的,并且在几个开放的全球密码评估项目[CRYPTREC][NESSIE]中经受了广泛的密码分析工作。
At the time of writing this document, there are no known weak keys for Camellia.
在编写本文档时,没有已知的Camellia的弱键。
For other security considerations, please refer to the security considerations of the corresponding older cipher suites described in [TLS] and [AES-TLS].
有关其他安全注意事项,请参阅[TLS]和[AES-TLS]中描述的相应旧密码套件的安全注意事项。
[Camellia-Desc] Matsui, M., Nakajima, J., and S. Moriai, "A Description of the Camellia Encryption Algorithm", RFC 3713, April 2004.
[Camellia Desc]Matsui,M.,Nakajima,J.,和S.Moraii,“茶花加密算法的描述”,RFC 3713,2004年4月。
[TLS] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC 2246, January 1999.
[TLS]Dierks,T.和C.Allen,“TLS协议版本1.0”,RFC 2246,1999年1月。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[CamelliaTech] Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., and Tokita, T., "Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis -", In Selected Areas in Cryptography, 7th Annual International Workshop, SAC 2000, August 2000, Proceedings, Lecture Notes in Computer Science 2012, pp.39-56, Springer-Verlag, 2001.
[CamelliaTech]青木,K.,一川,T.,神田,M.,松井,M.,森爱,S.,中岛,J.,和Tokita,T.,“茶花:一种适用于多平台的128位分组密码-设计和分析-”,在密码学的选定领域,第七届年度国际研讨会,SAC 2000,2000年8月,会议记录,2012年计算机科学讲稿,第39-56页,斯普林格·维拉格,2001年。
[Camellia-CMS] Moriai, S. and A. Kato, "Use of the Camellia Encryption Algorithm in Cryptographic Message Syntax (CMS)", RFC 3657, January 2004.
[Camellia CMS]Moraii,S.和A.Kato,“加密消息语法(CMS)中Camellia加密算法的使用”,RFC 3657,2004年1月。
[AES] NIST, FIPS PUB 197, "Advanced Encryption Standard (AES)", November 2001. http://csrc.nist.gov/publications/fips/fips197/fips-197.{ps,pdf}.
[AES]NIST,FIPS PUB 197,“高级加密标准(AES)”,2001年11月。http://csrc.nist.gov/publications/fips/fips197/fips-197.{ps,pdf}。
[AES-TLS] Chown, P., "Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)", RFC 3268, June 2002.
[AES-TLS]Chown,P.,“用于传输层安全(TLS)的高级加密标准(AES)密码套件”,RFC 326822002年6月。
[SHA-1] FIPS PUB 180-1, "Secure Hash Standard", National Institute of Standards and Technology, U.S. Department of Commerce, April 17, 1995.
[SHA-1]FIPS PUB 180-1,“安全哈希标准”,美国商务部国家标准与技术研究所,1995年4月17日。
[CRYPTREC] Information-technology Promotion Agency (IPA), Japan, CRYPTREC, http://www.ipa.go.jp/security/enc/CRYPTREC/index-e.html.
[CRYPTREC]信息技术促进机构(IPA),日本,CRYPTREC,http://www.ipa.go.jp/security/enc/CRYPTREC/index-e.html.
[NESSIE] The NESSIE project (New European Schemes for Signatures, Integrity and Encryption), http://www.cosic.esat.kuleuven.ac.be/nessie/.
[NESSIE]NESSIE项目(新的欧洲签名、完整性和加密方案),http://www.cosic.esat.kuleuven.ac.be/nessie/.
[TV-ANYTIME] TV-Anytime Forum, http://www.tv-anytime.org/.
[TV-ANYTIME]TV-ANYTIME论坛,http://www.tv-anytime.org/.
Authors' Addresses
作者地址
Shiho Moriai Sony Computer Entertainment Inc.
索尼电脑娱乐公司。
Phone: +81-3-6438-7523
Fax: +81-3-6438-8629
EMail: shiho@rd.scei.sony.co.jp
Phone: +81-3-6438-7523
Fax: +81-3-6438-8629
EMail: shiho@rd.scei.sony.co.jp
Akihiro Kato NTT Software Corporation
加藤昭宏NTT软件公司
Phone: +81-45-212-7094
Fax: +81-45-212-7506
EMail: akato@po.ntts.co.jp
Phone: +81-45-212-7094
Fax: +81-45-212-7506
EMail: akato@po.ntts.co.jp
Masayuki Kanda Nippon Telegraph and Telephone Corporation
神田正佑电报电话公司
Phone: +81-46-859-2437
Fax: +81-46-859-3365
EMail: kanda.masayuki@lab.ntt.co.jp
camellia@lab.ntt.co.jp (Camellia team)
Phone: +81-46-859-2437
Fax: +81-46-859-3365
EMail: kanda.masayuki@lab.ntt.co.jp
camellia@lab.ntt.co.jp (Camellia team)
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2005).
版权所有(C)互联网协会(2005年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。