Network Working Group                                           H.J. Lee
Request for Comments: 4196                                     J.H. Yoon
Category: Standards Track                                       S.L. Lee
                                                                J.I. Lee
                                                                    KISA
                                                            October 2005
        
Network Working Group                                           H.J. Lee
Request for Comments: 4196                                     J.H. Yoon
Category: Standards Track                                       S.L. Lee
                                                                J.I. Lee
                                                                    KISA
                                                            October 2005
        

The SEED Cipher Algorithm and Its Use with IPsec

种子密码算法及其在IPsec中的应用

Status of This Memo

关于下段备忘

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。

Copyright Notice

版权公告

Copyright (C) The Internet Society (2005).

版权所有(C)互联网协会(2005年)。

Abstract

摘要

This document describes the use of the SEED block cipher algorithm in the Cipher Block Chaining Mode, with an explicit IV, as a confidentiality mechanism within the context of the IPsec Encapsulating Security Payload (ESP).

本文档描述了在密码块链接模式下使用种子块密码算法(带有显式IV)作为IPsec封装安全负载(ESP)上下文中的保密机制。

1. Introduction
1. 介绍
1.1. SEED
1.1. 种子

SEED is a national industrial association standard [TTASSEED] and is widely used in South Korea for electronic commerce and financial services that are operated on wired and wireless communications.

SEED是国家工业协会标准[TTASSEED],在韩国广泛用于有线和无线通信的电子商务和金融服务。

SEED is a 128-bit symmetric key block cipher that has been developed by KISA (Korea Information Security Agency) and a group of experts since 1998. The input/output block size of SEED is 128-bit and the key length is also 128-bit. SEED has the 16-round Feistel structure. A 128-bit input is divided into two 64-bit blocks, and the right 64- bit block is an input to the round function with a 64-bit subkey that is generated from the key scheduling.

SEED是一种128位对称密钥分组密码,由KISA(韩国信息安全局)和一组专家自1998年以来开发。种子的输入/输出块大小为128位,密钥长度也为128位。种子具有16个圆形的Feistel结构。128位输入分为两个64位块,右64位块是round函数的输入,其中包含一个64位子键,该子键由键调度生成。

SEED is easily implemented in various software and hardware, and it can be effectively adopted to a computing environment with restricted resources, such as mobile devices and smart cards.

SEED易于在各种软件和硬件中实现,可以有效地应用于资源受限的计算环境,如移动设备和智能卡。

SEED is robust against known attacks including DC (Differential cryptanalysis), LC (Linear cryptanalysis), and related key attacks. SEED has gone through wide public scrutinizing procedures. It has been evaluated and is considered cryptographically secure by credible organizations such as ISO/IEC JTC 1/SC 27 and Japan CRYPTREC (Cryptography Research and Evaluation Committees)[ISOSEED][CRYPTREC].

SEED对已知的攻击具有鲁棒性,包括DC(差分密码分析)、LC(线性密码分析)和相关的密钥攻击。SEED已经通过了广泛的公众审查程序。ISO/IEC JTC 1/SC 27和日本CRYPTREC(密码学研究和评估委员会)[ISOSEED][CRYPTREC]等可靠组织已经对其进行了评估,并认为其加密安全。

The remainder of this document specifies the use of SEED within the context of IPsec ESP. For further information on how the various pieces of ESP fit together to provide security services, please refer to [ARCH], [ESP], and [ROAD].

本文档的其余部分指定了在IPsec ESP的上下文中使用SEED。有关ESP的各个部分如何组合在一起以提供安全服务的更多信息,请参阅[ARCH]、[ESP]和[ROAD]。

1.2. Terminology
1.2. 术语

The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document (in uppercase, as shown) are to be interpreted as described in RFC 2119 [KEYWORDS].

本文件中的关键词“必须”、“不得”、“必需”、“应该”、“不应该”、“建议”、“可以”和“可选”(大写,如图所示)应按照RFC 2119[关键词]中所述进行解释。

2. The SEED Cipher Algorithm
2. 种子密码算法

All symmetric block cipher algorithms share common characteristics and variables, including mode, key size, weak keys, block size, and rounds. The following sections contain descriptions of the relevant characteristics of SEED.

所有对称分组密码算法都具有共同的特征和变量,包括模式、密钥大小、弱密钥、块大小和轮数。以下各节包含种子相关特性的说明。

The algorithm specification and object identifiers are described in [ISOSEED] [SEED]. The SEED homepage, http://www.kisa.or.kr/seed/seed_eng.html, contains a wealth of information about SEED, including a detailed specification, evaluation report, test vectors, and so on.

[ISOSEED][SEED]中描述了算法规范和对象标识符。种子主页,http://www.kisa.or.kr/seed/seed_eng.html,包含有关种子的丰富信息,包括详细的规范、评估报告、测试向量等。

2.1. Mode
2.1. 模式

NIST has defined 5 modes of operation for the Advanced Encryption Standard (AES) [AES] and other FIPS-approved ciphers [MODES]: CBC (Cipher Block Chaining), ECB (Electronic Codebook), CFB (Cipher FeedBack), OFB (Output FeedBack), and CTR (Counter). The CBC mode is well-defined and well-understood for symmetric ciphers, and is currently required for all other ESP ciphers. This document specifies the use of the SEED cipher in the CBC mode within ESP. This mode requires an Initialization Vector (IV) that is the same size as the block size. Use of a randomly generated IV prevents generation of identical ciphertext from packets that have identical data that spans the first block of the cipher algorithm's block size

NIST为高级加密标准(AES)[AES]和其他FIPS批准的密码[模式]定义了5种操作模式:CBC(密码块链接)、ECB(电子码本)、CFB(密码反馈)、OFB(输出反馈)和CTR(计数器)。CBC模式对于对称密码是定义良好且易于理解的,目前所有其他ESP密码都需要CBC模式。本文件规定了ESP中CBC模式下种子密码的使用。该模式需要与块大小相同的初始化向量(IV)。使用随机生成的IV可防止从具有跨越密码算法块大小的第一个块的相同数据的数据包生成相同的密文

The IV is XOR'd with the first plaintext block before it is encrypted. Then for successive blocks, the previous ciphertext block is XOR'd with the current plaintext before it is encrypted.

IV在加密前与第一个明文块异或。然后,对于连续的块,前一个密文块在加密之前与当前明文异或。

More information on the CBC mode can be obtained in [MODES] [CRYPTO-S]. For use of the CBC mode in ESP with 64-bit ciphers, please see [CBC].

有关CBC模式的更多信息,请访问[模式][加密-S]。有关在64位密码ESP中使用CBC模式的信息,请参阅[CBC]。

2.2. Key Size and Numbers of Rounds
2.2. 关键尺寸和轮数

SEED supports 128-bit key and has the 16-round Feistel structure.

SEED支持128位密钥,具有16轮Feistel结构。

2.3. Weak Keys
2.3. 软键

At the time this document was written, there were no known weak keys for SEED.

在编写本文档时,SEED没有已知的弱键。

2.4. Block Size and Padding
2.4. 块大小和填充

SEED uses a block size of 16 octets (128 bits).

SEED使用16个八位字节(128位)的块大小。

Padding is required by SEED to maintain a 16-octet (128-bit) blocksize. Padding MUST be added, as specified in [ESP], such that the data to be encrypted (which includes the ESP Pad Length and Next Header fields) has a length that is a multiple of 16 octets.

SEED需要填充以保持16个八位组(128位)的块大小。必须按照[ESP]中的规定添加填充,以便要加密的数据(包括ESP填充长度和下一个标头字段)的长度为16个八位字节的倍数。

Because of the algorithm specific padding requirement, no additional padding is required to ensure that the ciphertext terminates on a 4- octet boundary (i.e., maintaining a 16-octet blocksize guarantees that the ESP Pad Length and Next Header fields will be right aligned within a 4-octet word). Additional padding MAY be included, as specified in [ESP], as long as the 16-octet blocksize is maintained.

由于算法特定的填充要求,不需要额外的填充来确保密文在4个八位字节的边界上终止(即,保持16个八位字节的块大小可以保证ESP填充长度和下一个标头字段在4个八位字节的字内右对齐)。按照[ESP]中的规定,只要保持16个八位组的块大小,就可以包括额外的填充。

2.5. Performance
2.5. 表演
   Performance figures of SEED are available at
   http://www.kisa.or.kr/seed/seed_eng.html
        
   Performance figures of SEED are available at
   http://www.kisa.or.kr/seed/seed_eng.html
        
3. ESP Payload
3. ESP有效载荷

The ESP Payload is made up of the Initialization Vector(IV) of 16 octets followed by the encrypted payload. Thus, the payload field, as defined in [ESP], is broken down according to the following diagram:

ESP有效负载由16个八位字节的初始化向量(IV)和加密有效负载组成。因此,[ESP]中定义的有效载荷字段根据下图进行分解:

      +---------------+---------------+---------------+---------------+
      |                                                               |
      +               Initialization Vector (16 octets)               +
      |                                                               |
      +---------------+---------------+---------------+---------------+
      |                                                               |
      ~ Encrypted Payload (variable length, a multiple of 16 octets)  ~
      |                                                               |
      +---------------------------------------------------------------+
        
      +---------------+---------------+---------------+---------------+
      |                                                               |
      +               Initialization Vector (16 octets)               +
      |                                                               |
      +---------------+---------------+---------------+---------------+
      |                                                               |
      ~ Encrypted Payload (variable length, a multiple of 16 octets)  ~
      |                                                               |
      +---------------------------------------------------------------+
        

The IV field MUST be the same size as the block size of the cipher algorithm being used. The IV MUST be chosen at random and MUST be unpredictable.

IV字段的大小必须与所用密码算法的块大小相同。静脉注射必须随机选择,而且必须是不可预测的。

Including the IV in each datagram ensures that decryption of each received datagram can be performed, even when some datagrams are dropped or re-ordered in transit.

在每个数据报中包括IV确保可以对每个接收到的数据报进行解密,即使在传输过程中丢弃或重新排序一些数据报。

To avoid CBC encryption of very similar plaintext blocks in different packets, implementations MUST NOT use a counter or other low-hamming distance source for IVs.

为了避免对不同数据包中非常相似的明文块进行CBC加密,实现过程中不得使用计数器或其他用于IVs的低汉明距离源。

4. Test Vectors
4. 测试向量

The first 2 test cases test SEED-CBC encryption. Each test case includes key, the plaintext, and the resulting ciphertext. All data are hexadecimal numbers (not prefixed by "0x").

前两个测试用例测试SEED-CBC加密。每个测试用例包括密钥、明文和生成的密文。所有数据都是十六进制数(不以“0x”作为前缀)。

The last 4 test cases illustrate sample ESP packets using SEED-CBC for encryption. All data are hexadecimal numbers (not prefixed by "0x").

最后4个测试用例演示了使用SEED-CBC进行加密的示例ESP数据包。所有数据都是十六进制数(不以“0x”作为前缀)。

Case #1 : Encrypting 32 bytes (2 blocks) using SEED-CBC with 128-bit key Key : ed2401ad 22fa2559 91bafdb0 1fefd697 IV : 93eb149f 92c9905b ae5cd34d a06c3c8e PlainText : b40d7003 d9b6904b 35622750 c91a2457 5bb9a632 364aa26e 3ac0cf3a 9c9d0dcb CipherText : f072c5b1 a0588c10 5af8301a dcd91dd0 67f68221 55304bf3 aad75ceb 44341c25

案例#1:使用带128位密钥的SEED-CBC加密32个字节(2个块):ed2401ad 22fa2559 91bafdb0 1fefd697 IV:93eb149f 92c9905b ae5cd34d a06c3c8e明文:b40d7003 d9b6904b 35622750 c91a2457 5bb9a632 364aa26e 3ac0cf3a 9c9d0dcb密文:f072c5b1 a0588c10 5AF1A dcd91dd0 67F6855303 aad75ceb 4425

Case #2 : Encrypting 64 bytes (4 blocks) using SEED-CBC with 128-bit key Key : 88e34f8f 081779f1 e9f39437 0ad40589 IV : 268d66a7 35a81a81 6fbad9fa 36162501 PlainText : d76d0d18 327ec562 b15e6bc3 65ac0c0f 8d41e0bb 938568ae ebfd92ed 1affa096 394d20fc 5277ddfc 4de8b0fc e1eb2b93 d4ae40ef 4768c613 b50b8942 f7d4b9b3 CipherText : a293eae9 d9aebfac 37ba714b d774e427 e8b706d7 e7d9a097 228639e0 b62b3b34 ced11609 cef2abaa ec2edf97 9308f379 c31527a8 267783e5 cba35389 82b48d06

案例2:加密64字节(4个块)使用带128位密钥密钥的SEED-CBC:88e34f8f 081779f1 e9f39437 0ad40589 IV:268d66a7 35a81a81 6fbad9fa 36162501明文:d76d0d18 327ec562 b15e6bc3 65AC0F 8d41e0bb 938568ae ebfd92ed 1affa096 394d20fc 5277ddfc 4de8b0fc e1eb2b93 d4ae40ef 4768c613 B8942 f7d4b9b3密文:A293EA9 D9EBFAC 37BA717E40E407E40E40E407D7E407D7E407D7D7E407E407D7D7B7E297D7D7D7D7E937D7D7E937D7E937E937D7D7Eb62b3b34 ced11609 cef2abaa ec2edf97 9308f379 c31527a8 267783e5 cba35389 82b48d06

Case #3 : Sample transport-mode ESP packet (ping 192.168.123.100) Key : 90d382b4 10eeba7a d938c46c ec1a82bf SPI : 4321 Source address : 192.168.123.3 Destination address : 192.168.123.100 Sequence number : 1 IV : e96e8c08 ab465763 fd098d45 dd3ff893

案例3:样本传输模式ESP数据包(ping 192.168.123.100)密钥:90d382b4 10eeba7a d938c46c ec1a82bf SPI:4321源地址:192.168.123.3目标地址:192.168.123.100序列号:1 IV:e96e8c08 ab465763 fd098d45 dd3ff893

Original packet : IP header (20 bytes) : 45000054 08f20000 4001f9fe c0a87b03 c0a87b64 Data (64 bytes) : 08000ebd a70a0000 8e9c083d b95b0700 08090a0b 0c0d0e0f 10111213 14151617 18191a1b 1c1d1e1f 20212223 24252627 28292a2b 2c2d2e2f 30313233 34353637

原始数据包:IP头(20字节):45000054 08f20000 4001f9fe c0a87b03 c0a87b64数据(64字节):08000ebd a70a0000 8e9c083d b95b0700 08090a0b 0c0d0e0f 10111213 14151617 18191a1b 1C1D1F 20212223 24252627 28292B 2C2E2F 30313233 34353637

Augment data with : Padding : 01020304 05060708 090a0b0c 0d0e Pad length : 0e Next header : 01 (ICMP)

增加数据:填充:01020304 05060708 090a0b0c 0d0e填充长度:0e下一个标题:01(ICMP)

Pre-encryption Data with padding, pad length and next header(80 bytes): 08000ebd a70a0000 8e9c083d b95b0700 08090a0b 0c0d0e0f 10111213 14151617 18191a1b 1c1d1e1f 20212223 24252627 28292a2b 2c2d2e2f 30313233 34353637 01020304 05060708 090a0b0c 0d0e0e01

带填充、焊盘长度和下一个标头(80字节)的预加密数据:08000ebd a70a0000 8e9c083d b95b0700 08090a0b 0c0d0e0f 10111213 14151617 18191a1b 1C1D1E1 1F 20212223 24252627 28292B 2C2E2F 30313233 34353637 01020304 05060708 090a0b0c 0D0E01

Post-encryption packet with SPI, Sequence number, IV : IP Header : 45000054 08f20000 4001f9fe c0a87b03 c0a87b64 SPI/Seq # : 00004321 00000001 IV : e96e8c08 ab465763 fd098d45 dd3ff893 Encrypted Data (80 bytes) : e7ebaa03 cf45ef09 021b3011 b40d3769 be96ebae cd4222f6 b6f84ce5 b2d5cdd1 60eb6b0e 5a47d16a 501a4d10 7b2d7cc8 ab86ba03 9a000972 66374fa8 f87ee0fb ef3805db faa144a2 334a34db 0b0f81ca

带SPI的加密后数据包,序列号,IV:IP头:45000054 08f20000 4001f9fe c0a87b03 c0a87b64 SPI/Seq#:000043210000000 1 IV:e96e8c08 ab465763 fd098d45 dd3ff893加密数据(80字节):e7ebaa03 cf45ef09 021b3011 b40d3769 be96ebae CD422F6 b6f84ce5 B2D5CD1 60eb6b0e 5a47d16a 501a4d10 7b2d7cc8 ab86ba03 9A0000972 66374fa8 f87ee0fb ef3805db faa144a2 33DA34DB 0b0f81ca

   Case #4 : Sample transport-mode ESP packet
   (ping -p 77 -s 20 192.168.123.100)
   Key : 90d382b4 10eeba7a d938c46c ec1a82bf
   SPI                 : 4321
   Source address      : 192.168.123.3
   Destination address : 192.168.123.100
   Sequence number     : 8
   IV : 69d08df7 d203329d b093fc49 24e5bd80
        
   Case #4 : Sample transport-mode ESP packet
   (ping -p 77 -s 20 192.168.123.100)
   Key : 90d382b4 10eeba7a d938c46c ec1a82bf
   SPI                 : 4321
   Source address      : 192.168.123.3
   Destination address : 192.168.123.100
   Sequence number     : 8
   IV : 69d08df7 d203329d b093fc49 24e5bd80
        

Original packet: IP header (20 bytes) : 45000030 08fe0000 4001fa16 c0a87b03 c0a87b64 Data (28 bytes) : 0800b5e8 a80a0500 a69c083d 0b660e00 77777777 77777777 77777777

原始数据包:IP头(20字节):45000030 08fe0000 4001fa16 c0a87b03 c0a87b64数据(28字节):0800b5e8 a80a0500 a69c083d 0b660e00 7777

Augment data with : Padding : 0102 Pad length : 02 Next header : 01 (ICMP)

增加数据:Padding:0102 Pad length:02下一个标题:01(ICMP)

Pre-encryption Data with padding, pad length and next header(32 bytes): 0800b5e8 a80a0500 a69c083d 0b660e00 77777777 77777777 77777777 01020201

带填充、焊盘长度和下一个标头(32字节)的预加密数据:0800b5e8 a80a0500 a69c083d 0b660e00 777777 01020201

Post-encryption packet with SPI, Sequence number, IV : IP header : 4500004c 08fe0000 4032f9c9 c0a87b03 c0a87b64 SPI/Seq # : 00004321 00000008 IV : 69d08df7 d203329d b093fc49 24e5bd80 Encrypted Data (32 bytes) : b9ad6e19 e9a6a2fa 02569160 2c0af541 db0b0807 e1f660c7 3ae2700b 5bb5efd1

带SPI的加密后数据包,序列号,IV:IP头:4500004c 08fe0000 4032f9c9 c0a87b03 c0a87b64 SPI/序列号:000043210000000 8 IV:69d08df7 d203329d b093fc49 24e5bd80加密数据(32字节):b9ad6e19 E9A6A2F2FA 02569160 2c0af541 db0b0807 e1f660c7 3ae2700b 5BEFD1

Case #5 : Sample tunnel-mode ESP packet (ping 192.168.123.200) Key : 01234567 89abcdef 01234567 89abcdef SPI : 8765 Source address : 192.168.123.3 Destination address : 192.168.123.200 Sequence number : 2 IV : f4e76524 4f6407ad f13dc138 0f673f37

案例5:示例隧道模式ESP数据包(ping 192.168.123.200)密钥:01234567 89abcdef 01234567 89abcdef SPI:8765源地址:192.168.123.3目标地址:192.168.123.200序列号:2 IV:f4e76524 4f6407ad f13dc138 0f673f37

Original packet : IP header (20 bytes) : 45000054 09040000 4001f988 c0a87b03 c0a87bc8 Data (64 bytes) : 08009f76 a90a0100 b49c083d 02a20400 08090a0b 0c0d0e0f 10111213 14151617 18191a1b 1c1d1e1f 20212223 24252627 28292a2b 2c2d2e2f 30313233 34353637

原始数据包:IP头(20字节):45000054 09040000 4001f988 c0a87b03 c0a87bc8数据(64字节):08009f76 a90a0100 b49c083d 02a20400 08090a0b 0c0d0e0f 10111213 14151617 18191a1b 1C1D11F 20212223 24252627 2829A2B 2C2E2F 30313233 34353637

Augment data with : Padding : 01020304 05060708 090a Pad length : 0a Next header : 04 (IP-in-IP)

使用以下内容扩充数据:Padding:01020304 05060708 090a Pad length:0a Next header:04(IP中的IP)

Pre-encryption Data with original IP header, padding, pad length and next header (96 bytes) : 45000054 09040000 4001f988 c0a87b03 c0a87bc8 08009f76 a90a0100 b49c083d 02a20400 08090a0b 0c0d0e0f 10111213 14151617 18191a1b 1c1d1e1f 20212223 24252627 28292a2b 2c2d2e2f 30313233 34353637 01020304 05060708 090a0a04

带有原始IP头、填充、焊盘长度和下一个头(96字节)的预加密数据:45000054 09040000 4001f988 c0a87b03 c0a87bc8 08009f76 a90a0100 b49c083d 02a20400 0809A0B 0C0E0F 10111213 14151617 18191a1b 1C1F1F 20212223 24252627 28292B 2C2E2F 30313233 34353637 01020304 05060708 090A04

Post-encryption packet with SPI, Sequence number, IV : IP header : 4500008c 09050000 4032f91e c0a87b03 c0a87bc8 SPI/Seq # : 00008765 00000002 IV : f4e76524 4f6407ad f13dc138 0f673f37 Encrypted Data (96 bytes): 2638aa7b 05e71b54 9348082b 67b47b26 c565aed4 737f0bcb 439c0f00 73e7913c 3c8a3e4f 5f7a5062 003b78ed 7ca54a08 c7ce047d 5bec14e4 8cba1005 32a12097 8d7f5503 204ef661 729b4ea1 ae6a9178 59a5caac 46e810bd 7875bd13 d6f57b3d

带SPI的加密后数据包,序列号,IV:IP头:4500008c 09050000 4032f91e c0a87b03 c0a87bc8 SPI/Seq#:0000876500002 IV:f4e76524 4f6407ad f13dc138 0f673f37加密数据(96字节):2638aa7b 05e71b54 9348082b 67b47b26 c565aed4 737f0bcb 439c0f00 73e7913c 3c8a3e4f 5f7a5062 003b78ed 7ca54a08 c7ce047d 5bec14e4 8cba1005 32a12097 8D7F503 204ef661 729b4ea1 ae6a9178 59a5caac 46e810bd 7875bd13 d6f57b3d

   Case #6 : Sample tunnel-mode ESP packet
   (ping -p ff -s 40 192.168.123.200)
   Key : 01234567  89abcdef  01234567  89abcdef
   SPI : 8765
   Source address      : 192.168.123.3
   Destination address : 192.168.123.200
   Sequence number     : 5
   IV : 85d47224  b5f3dd5d  2101d4ea  8dffab22
        
   Case #6 : Sample tunnel-mode ESP packet
   (ping -p ff -s 40 192.168.123.200)
   Key : 01234567  89abcdef  01234567  89abcdef
   SPI : 8765
   Source address      : 192.168.123.3
   Destination address : 192.168.123.200
   Sequence number     : 5
   IV : 85d47224  b5f3dd5d  2101d4ea  8dffab22
        

Original packet : IP header (20 bytes) : 45000044 090c0000 4001f990 c0a87b03 c0a87bc8 Data (48 bytes) : 0800d63c aa0a0200 c69c083d a3de0300 ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff

原始数据包:IP头(20字节):45000044 090c0000 4001f990 c0a87b03 c0a87bc8数据(48字节):0800d63c aa0a0200 c69c083d a3de0300 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

Augment data with : Padding : 01020304 05060708 090a Pad length : 0a Next header : 04 (IP-in-IP)

使用以下内容扩充数据:Padding:01020304 05060708 090a Pad length:0a Next header:04(IP中的IP)

Pre-encryption Data with original IP header, padding, pad length and next header (80 bytes): 45000044 090c0000 4001f990 c0a87b03 c0a87bc8 0800d63c aa0a0200 c69c083d a3de0300 ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff 01020304 05060708 090a0a04

带有原始IP头、填充、焊盘长度和下一个头(80字节)的预加密数据:45000044 090C00000 4001f990 c0a87b03 c0a87bc8 0800d63c aa0a0200 c69c083d a3de0300 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF01020304 05060708 090A04

Post-encryption packet with SPI, Sequence number, IV : IP header : 4500007c 090d0000 4032f926 c0a87b03 c0a87bc8 SPI/Seq # : 00008765 00000005 IV : 85d47224 b5f3dd5d 2101d4ea 8dffab22 Encrypted Data (80 bytes) : 311168e0 bc36ac4e 59802bd5 192c5734 8f3d29c8 90bab276 e9db4702 91f79ac7 79571929 c170f902 ffb2f08b d448f782 31671414 ff29b7e0 168e1c87 09ba2b67 a56e0fbc 4ff6a936 d859ed57 6c16ef1b

带SPI的加密后数据包,序列号,IV:IP头:4500007c 090d0000 4032f926 c0a87b03 c0a87bc8 SPI/Seq#:0000876500005 IV:85d47224 b5f3dd5d 2101d4ea 8dffab22加密数据(80字节):31168E0 bc36ac4e 59802bd5 192c5734 8f3d29c8 90bab276 e9db4702 91f79ac7 79571929 c170f902 ffb2f08b d448f782 31671414 ff29b7e0 168e1c87 09ba2b67 a56e0fbc 4ff6a936 d859ed57 6c16ef1b

5. Interaction with IKE
5. 与IKE的互动

This section describes the use of IKE [IKE] to establish IPsec ESP security associations (SAs) that employ SEED in CBC mode.

本节介绍如何使用IKE[IKE]建立IPsec ESP安全关联(SA),这些关联在CBC模式下使用SEED。

5.1. Phase 1 Identifier
5.1. 阶段1标识符

For Phase 1 negotiations, the object identifier of SEED-CBC is defined in [SEED].

对于阶段1协商,SEED-CBC的对象标识符在[SEED]中定义。

   algorithm OBJECT IDENTIFIER ::= { iso(1) member-body(2) korea(410)
   kisa(200004) algorithm(1) }
        
   algorithm OBJECT IDENTIFIER ::= { iso(1) member-body(2) korea(410)
   kisa(200004) algorithm(1) }
        
   id-seedCBC OBJECT IDENTIFIER ::= { algorithm seedCBC(4) }
        
   id-seedCBC OBJECT IDENTIFIER ::= { algorithm seedCBC(4) }
        
5.2. Phase 2 Identifier
5.2. 第2阶段标识符

For Phase 2 negotiations, IANA has assigned an ESP Transform Identifier of (21) for ESP_SEED_CBC.

对于第2阶段协商,IANA为ESP_SEED_CBC分配了ESP转换标识符(21)。

5.3. Key Length Attribute
5.3. 键长度属性

Since the SEED supports 128-bit key lengths, the Key Length attribute is set with 128 bits.

由于种子支持128位密钥长度,因此密钥长度属性设置为128位。

5.4. Hash Algorithm Considerations
5.4. 哈希算法注意事项

HMAC-SHA-1 [HMAC-SHA] and HMAC-MD5 [HMAC-MD5] are currently considered of sufficient strength to serve both as IKE generators of 128-bit SEED keys and as ESP authenticators for SEED encryption using 128-bit keys.

HMAC-SHA-1[HMAC-SHA]和HMAC-MD5[HMAC-MD5]目前被认为具有足够的强度,既可以作为128位种子密钥的IKE生成器,也可以作为使用128位密钥进行种子加密的ESP认证器。

6. Security Considerations
6. 安全考虑

No security problem has been found on SEED. SEED is secure against all known attacks including Differential cryptanalysis, Linear cryptanalysis, and related key attacks. The best known attack is only an exhaustive search for the key (by [CRYPTREC]). For further security considerations, the reader is encouraged to read [CRYPTREC], [ISOSEED], and [SEED-EVAL].

在SEED上未发现任何安全问题。SEED对所有已知的攻击都是安全的,包括差分密码分析、线性密码分析和相关的密钥攻击。最著名的攻击只是(通过[CRYPTREC])彻底搜索密钥。出于进一步的安全考虑,鼓励读者阅读[CRYPTREC]、[ISOSEED]和[SEED-EVAL]。

7. IANA Considerations
7. IANA考虑

IANA has assigned ESP Transform Identifier (21) to ESP_SEED_CBC.

IANA已将ESP转换标识符(21)分配给ESP_SEED_CBC。

8. Acknowledgments
8. 致谢

The authors want to thank Ph.D Haesuk Kim of Future Systems Inc. and Brian Kim of OULLIM Information Technology Inc. for providing expert advice on Test Vector examples.

作者要感谢Future Systems Inc.的Haesuk Kim博士和OULLIM Information Technology Inc.的Brian Kim博士为测试向量示例提供了专家建议。

9. References
9. 工具书类
9.1. Normative References
9.1. 规范性引用文件

[CBC] Pereira, R. and R. Adams, "The ESP CBC-Mode Cipher Algorithms", RFC 2451, November 1998.

[CBC]Pereira,R.和R.Adams,“ESP CBC模式密码算法”,RFC 2451,1998年11月。

[ESP] Kent, S. and R. Atkinson, "IP Encapsulating Security Payload (ESP)", RFC 2406, November 1998.

[ESP]Kent,S.和R.Atkinson,“IP封装安全有效负载(ESP)”,RFC 2406,1998年11月。

[IKE] Harkins, D. and D. Carrel, "The Internet Key Exchange (IKE)", RFC 2409, November 1998.

[IKE]Harkins,D.和D.Carrel,“互联网密钥交换(IKE)”,RFC 2409,1998年11月。

[KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[关键词]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[SEED] Park, J., Lee, S., Kim, J., and J. Lee, "The SEED Encryption Algorithm", RFC 4009, February 2005.

[SEED]Park,J.,Lee,S.,Kim,J.,和J.Lee,“种子加密算法”,RFC 4009,2005年2月。

   [TTASSEED]  Telecommunications Technology Association (TTA), South
               Korea, "128-bit Symmetric Block Cipher (SEED)", TTAS.KO-
               12.0004, September, 1998 (In Korean)
               http://www.tta.or.kr/English/new/main/index.htm
        
   [TTASSEED]  Telecommunications Technology Association (TTA), South
               Korea, "128-bit Symmetric Block Cipher (SEED)", TTAS.KO-
               12.0004, September, 1998 (In Korean)
               http://www.tta.or.kr/English/new/main/index.htm
        
9.2. Informative Reference
9.2. 资料性参考
   [AES]       NIST, FIPS PUB 197, "Advanced Encryption Standard(AES),
               November 2001.
               http://csrc.nist.gov/publications/fips/fips197/fips-197.
               {ps,pdf}
        
   [AES]       NIST, FIPS PUB 197, "Advanced Encryption Standard(AES),
               November 2001.
               http://csrc.nist.gov/publications/fips/fips197/fips-197.
               {ps,pdf}
        

[ARCH] Kent, S. and R. Atkinson, "Security Architecture for the Internet Protocol", RFC 2401, November 1998.

[ARCH]Kent,S.和R.Atkinson,“互联网协议的安全架构”,RFC 2401,1998年11月。

[CRYPTO-S] Schneier, B., "Applied Cryptography Second Edition", John Wiley & Sons, New York, NY, 1995, ISBN 0-471-12845-7.

[CRYPTO-S]Schneier,B.,“应用密码学第二版”,约翰·威利父子出版社,纽约,1995年,ISBN 0-471-12845-7。

   [CRYPTREC]  Information-technology Promotion Agency (IPA), Japan,
               CRYPTREC. "SEED Evaluation Report", February, 2002
               http://www.kisa.or.kr/seed/seed_eng.html
        
   [CRYPTREC]  Information-technology Promotion Agency (IPA), Japan,
               CRYPTREC. "SEED Evaluation Report", February, 2002
               http://www.kisa.or.kr/seed/seed_eng.html
        

[HMAC-MD5] Madson, C. and R. Glenn, "The Use of HMAC-MD5-96 within ESP and AH", RFC 2403, November 1998.

[HMAC-MD5]Madson,C.和R.Glenn,“HMAC-MD5-96在ESP和AH中的使用”,RFC 2403,1998年11月。

[HMAC-SHA] Madson, C. and R. Glenn, "The Use of HMAC-SHA-1-96 within ESP and AH", RFC 2404, November 1998.

[HMAC-SHA]Madson,C.和R.Glenn,“在ESP和AH中使用HMAC-SHA-1-96”,RFC 2404,1998年11月。

[ISOSEED] ISO/IEC JTC 1/SC 27 N3979, "IT Security techniques - Encryption Algorithms - Part3 : Block ciphers", June 2004.

[ISOSEED]ISO/IEC JTC 1/SC 27 N3979,“IT安全技术-加密算法-第3部分:分组密码”,2004年6月。

[MODES] Symmetric Key Block Cipher Modes of Operation, http://www.nist.gov/modes/.

[模式]对称密钥分组密码操作模式,http://www.nist.gov/modes/.

[ROAD] Thayer, R., N. Doraswamy and R. Glenn, "IP Security Document Roadmap", RFC 2411, November 1998.

[ROAD]Thayer,R.,N.Doraswamy和R.Glenn,“IP安全文档路线图”,RFC 24111998年11月。

   [SEED-EVAL] KISA, "Self Evaluation Report",
               http://www.kisa.or.kr/seed/data/Document_pdf/
               SEED_Self_Evaluation.pdf"
        
   [SEED-EVAL] KISA, "Self Evaluation Report",
               http://www.kisa.or.kr/seed/data/Document_pdf/
               SEED_Self_Evaluation.pdf"
        

Authors' Address

作者地址

Hyangjin Lee Korea Information Security Agency Phone: +82-2-405-5446 Fax : +82-2-405-5319 EMail : jiinii@kisa.or.kr

韩国信息安全局电话:+82-2-405-5446传真:+82-2-405-5319电子邮件:jiinii@kisa.or.kr

Jaeho Yoon Korea Information Security Agency Phone: +82-2-405-5434 Fax : +82-2-405-5219 EMail : jhyoon@kisa.or.kr

Jaeho Yoon韩国信息安全局电话:+82-2-405-5434传真:+82-2-405-5219电子邮件:jhyoon@kisa.or.kr

Seoklae Lee Korea Information Security Agency Phone: +82-2-405-5230 Fax : +82-2-405-5219 EMail : sllee@kisa.or.kr

Seoklae Lee韩国信息安全局电话:+82-2-405-5230传真:+82-2-405-5219电子邮件:sllee@kisa.or.kr

Jaeil Lee Korea Information Security Agency Phone: +82-2-405-5200 Fax : +82-2-405-5219 EMail: jilee@kisa.or.kr

Jaeil Lee韩国信息安全局电话:+82-2-405-5200传真:+82-2-405-5219电子邮件:jilee@kisa.or.kr

Full Copyright Statement

完整版权声明

Copyright (C) The Internet Society (2005).

版权所有(C)互联网协会(2005年)。

This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.

本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。

This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。

Intellectual Property

知识产权

The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.

IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。

Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.

向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.

IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.

Acknowledgement

确认

Funding for the RFC Editor function is currently provided by the Internet Society.

RFC编辑功能的资金目前由互联网协会提供。