Internet Engineering Task Force (IETF) L. Law Request for Comments: 6379 J. Solinas Obsoletes: 4869 NSA Category: Informational October 2011 ISSN: 2070-1721
Internet Engineering Task Force (IETF) L. Law Request for Comments: 6379 J. Solinas Obsoletes: 4869 NSA Category: Informational October 2011 ISSN: 2070-1721
Suite B Cryptographic Suites for IPsec
用于IPsec的套件B加密套件
Abstract
摘要
This document proposes four cryptographic user interface suites ("UI suites") for IP Security (IPsec), similar to the two suites specified in RFC 4308. The four new suites provide compatibility with the United States National Security Agency's Suite B specifications. This document obsoletes RFC 4869, which presented earlier versions of these suites.
本文档提出了四个用于IP安全(IPsec)的加密用户界面套件(“UI套件”),类似于RFC 4308中指定的两个套件。四个新套件与美国国家安全局的套件B规范兼容。本文档淘汰了RFC 4869,后者提供了这些套件的早期版本。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for informational purposes.
本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6379.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc6379.
Copyright Notice
版权公告
Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2011 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction ....................................................2 2. Requirements Terminology ........................................2 3. New UI Suites ...................................................2 3.1. Suite "Suite-B-GCM-128" ....................................3 3.2. Suite "Suite-B-GCM-256" ....................................3 3.3. Suite "Suite-B-GMAC-128" ...................................4 3.4. Suite "Suite-B-GMAC-256" ...................................4 4. Security Considerations .........................................4 5. IANA Considerations .............................................5 6. Changes from RFC 4869 ...........................................5 7. References ......................................................5 7.1. Normative References .......................................5 7.2. Informative References .....................................6
1. Introduction ....................................................2 2. Requirements Terminology ........................................2 3. New UI Suites ...................................................2 3.1. Suite "Suite-B-GCM-128" ....................................3 3.2. Suite "Suite-B-GCM-256" ....................................3 3.3. Suite "Suite-B-GMAC-128" ...................................4 3.4. Suite "Suite-B-GMAC-256" ...................................4 4. Security Considerations .........................................4 5. IANA Considerations .............................................5 6. Changes from RFC 4869 ...........................................5 7. References ......................................................5 7.1. Normative References .......................................5 7.2. Informative References .....................................6
[RFC4308] proposes two optional cryptographic user interface suites ("UI suites") for IPsec. The two suites, VPN-A and VPN-B, represent commonly used present day corporate VPN security choices and anticipated future choices, respectively. [RFC4869] proposed four new UI suites based on implementations of the United States National Security Agency's Suite B algorithms (see [SuiteB]).
[RFC4308]为IPsec提出了两个可选的加密用户界面套件(“UI套件”)。VPN-A和VPN-B这两个套件分别代表了当前常用的企业VPN安全选择和预期的未来选择。[RFC4869]基于美国国家安全局套件B算法的实现,提出了四个新的UI套件(见[SuiteB])。
As with the VPN suites, the Suite B suites are simply collections of values for some options in IPsec. Use of UI suites does not change the IPsec protocols in any way.
与VPN套件一样,套件B套件只是IPsec中某些选项的值的集合。使用UI套件不会以任何方式更改IPsec协议。
This document reduces the scope of the suites in [RFC4869] while retaining the original suite names. A detailed list of the changes is given in Section 6. This document obsoletes RFC 4869.
本文档缩小了[RFC4869]中套件的范围,同时保留了原始套件名称。第6节给出了变更的详细清单。本文件淘汰了RFC 4869。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
Each of the following UI suites provides choices for ESP (see [RFC4303]) and for Internet Key Exchange (IKEv2) (see [RFC5996]). The four suites are differentiated by the choice of cryptographic algorithm strengths, and a choice of whether the Encapsulating Security Payload (ESP) is to provide both confidentiality and integrity or integrity only. The suite names are based on the
以下每个UI套件都为ESP(请参见[RFC4303])和Internet密钥交换(IKEv2)(请参见[RFC5996])提供了选择。这四个套件的区别在于选择了加密算法的优势,以及选择了封装安全负载(ESP)是提供机密性和完整性还是仅提供完整性。套件名称基于
Advanced Encryption Standard [AES] mode and AES key length specified for ESP.
为ESP指定的高级加密标准[AES]模式和AES密钥长度。
IPsec implementations that use these UI suites MUST use the suite names listed here. IPsec implementations SHOULD NOT use names different than those listed here for the suites that are described, and MUST NOT use the names listed here for suites that do not match these values. These requirements are necessary for interoperability.
使用这些UI套件的IPsec实现必须使用此处列出的套件名称。IPsec实现不应使用与此处列出的用于所述套件的名称不同的名称,也不得使用此处列出的用于与这些值不匹配的套件的名称。这些要求对于互操作性是必要的。
This suite provides ESP integrity protection and confidentiality using 128-bit AES-GCM (see [RFC4106]). This suite or the following suite should be used when ESP integrity protection and encryption are both needed.
该套件使用128位AES-GCM(参见[RFC4106])提供ESP完整性保护和机密性。当同时需要ESP完整性保护和加密时,应使用此套件或以下套件。
ESP: Encryption AES with 128-bit keys and 16-octet Integrity Check Value (ICV) in GCM mode [RFC4106] Integrity NULL
ESP:GCM模式下具有128位密钥和16个八位完整性检查值(ICV)的加密AES[RFC4106]完整性空值
IKEv2: Encryption AES with 128-bit keys in CBC mode [RFC3602] Pseudo-random function HMAC-SHA-256 [RFC4868] Integrity HMAC-SHA-256-128 [RFC4868] Diffie-Hellman group 256-bit random ECP group [RFC5903]
IKEv2: Encryption AES with 128-bit keys in CBC mode [RFC3602] Pseudo-random function HMAC-SHA-256 [RFC4868] Integrity HMAC-SHA-256-128 [RFC4868] Diffie-Hellman group 256-bit random ECP group [RFC5903]
This suite provides ESP integrity protection and confidentiality using 256-bit AES-GCM (see [RFC4106]). This suite or the preceding suite should be used when ESP integrity protection and encryption are both needed.
该套件使用256位AES-GCM(参见[RFC4106])提供ESP完整性保护和机密性。当同时需要ESP完整性保护和加密时,应使用此套件或之前的套件。
ESP: Encryption AES with 256-bit keys and 16-octet ICV in GCM mode [RFC4106] Integrity NULL
ESP:GCM模式下带256位密钥和16个八位ICV的加密AES[RFC4106]完整性空值
IKEv2: Encryption AES with 256-bit keys in CBC mode [RFC3602] Pseudo-random function HMAC-SHA-384 [RFC4868] Integrity HMAC-SHA-384-192 [RFC4868] Diffie-Hellman group 384-bit random ECP group [RFC5903]
IKEv2: Encryption AES with 256-bit keys in CBC mode [RFC3602] Pseudo-random function HMAC-SHA-384 [RFC4868] Integrity HMAC-SHA-384-192 [RFC4868] Diffie-Hellman group 384-bit random ECP group [RFC5903]
This suite provides ESP integrity protection using 128-bit AES-GMAC (see [RFC4543]) but does not provide confidentiality. This suite or the following suite should be used only when there is no need for ESP encryption.
该套件使用128位AES-GMAC(参见[RFC4543])提供ESP完整性保护,但不提供机密性。仅当不需要ESP加密时,才应使用此套件或以下套件。
ESP: Encryption NULL Integrity AES with 128-bit keys in GMAC mode [RFC4543]
ESP:GMAC模式下128位密钥的加密空完整性AES[RFC4543]
IKEv2: Encryption AES with 128-bit keys in CBC mode [RFC3602] Pseudo-random function HMAC-SHA-256 [RFC4868] Integrity HMAC-SHA-256-128 [RFC4868] Diffie-Hellman group 256-bit random ECP group [RFC5903]
IKEv2: Encryption AES with 128-bit keys in CBC mode [RFC3602] Pseudo-random function HMAC-SHA-256 [RFC4868] Integrity HMAC-SHA-256-128 [RFC4868] Diffie-Hellman group 256-bit random ECP group [RFC5903]
This suite provides ESP integrity protection using 256-bit AES-GMAC (see [RFC4543]) but does not provide confidentiality. This suite or the preceding suite should be used only when there is no need for ESP encryption.
该套件使用256位AES-GMAC(参见[RFC4543])提供ESP完整性保护,但不提供机密性。仅当不需要ESP加密时,才应使用此套件或之前的套件。
ESP: Encryption NULL Integrity AES with 256-bit keys in GMAC mode [RFC4543]
ESP:GMAC模式下256位密钥的加密空完整性AES[RFC4543]
IKEv2: Encryption AES with 256-bit keys in CBC mode [RFC3602] Pseudo-random function HMAC-SHA-384 [RFC4868] Integrity HMAC-SHA-384-192 [RFC4868] Diffie-Hellman group 384-bit random ECP group [RFC5903]
IKEv2: Encryption AES with 256-bit keys in CBC mode [RFC3602] Pseudo-random function HMAC-SHA-384 [RFC4868] Integrity HMAC-SHA-384-192 [RFC4868] Diffie-Hellman group 384-bit random ECP group [RFC5903]
This document inherits all of the security considerations of the IPsec and IKEv2 documents.
本文档继承了IPsec和IKEv2文档的所有安全注意事项。
Some of the security options specified in these suites may be found in the future to have properties significantly weaker than those that were believed at the time this document was produced.
这些套件中指定的某些安全选项在将来可能会发现其属性明显弱于本文档生成时所认为的属性。
IANA maintains a registry called "Cryptographic Suites for IKEv1, IKEv2, and IPsec" (see [IANA-Suites]). The registry consists of a text string and an RFC number that lists the associated transforms. The four suites in this document have been listed with this document as the RFC reference. These entries will be updated upon approval of this document.
IANA维护一个名为“IKEv1、IKEv2和IPsec的加密套件”的注册表(请参见[IANA套件])。注册表由一个文本字符串和一个列出关联转换的RFC编号组成。本文件中的四个套件与本文件一起列出,作为RFC参考。这些条目将在本文件批准后更新。
The updated values for the registry are:
注册表的更新值为:
Identifier Defined in Suite-B-GCM-128 RFC 6379 Suite-B-GCM-256 RFC 6379 Suite-B-GMAC-128 RFC 6379 Suite-B-GMAC-256 RFC 6379
在套件B-GCM-128 RFC 6379套件B-GCM-256 RFC 6379套件B-GMAC-128 RFC 6379套件B-GMAC-256 RFC 6379中定义的标识符
The changes from [RFC4869] are:
[RFC4869]的变化如下:
1. Removed definitions of the suites for IKEv1.
1. 删除了IKEv1套件的定义。
2. Removed IKE authentication methods from the suite definitions. These now appear in [RFC6380].
2. 已从套件定义中删除IKE身份验证方法。这些现在出现在[RFC6380]中。
3. Removed the requirements on rekeying in IKEv2.
3. 删除了在IKEv2中重新键入的要求。
[IANA-Suites] Internet Assigned Numbers Authority, "Cryptographic Suites for IKEv1, IKEv2, and IPsec", <http://www.iana.org/assignments/crypto-suites>.
[IANA套件]互联网分配号码管理局,“IKEv1、IKEv2和IPsec的加密套件”<http://www.iana.org/assignments/crypto-suites>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC3602] Frankel, S., Glenn, R., and S. Kelly, "The AES-CBC Cipher Algorithm and Its Use with IPsec", RFC 3602, September 2003.
[RFC3602]Frankel,S.,Glenn,R.,和S.Kelly,“AES-CBC密码算法及其在IPsec中的使用”,RFC 3602,2003年9月。
[RFC4106] Viega, J. and D. McGrew, "The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)", RFC 4106, June 2005.
[RFC4106]Viega,J.和D.McGrew,“在IPsec封装安全有效负载(ESP)中使用Galois/计数器模式(GCM)”,RFC 4106,2005年6月。
[RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", RFC 4303, December 2005.
[RFC4303]Kent,S.,“IP封装安全有效载荷(ESP)”,RFC 4303,2005年12月。
[RFC4308] Hoffman, P., "Cryptographic Suites for IPsec", RFC 4308, December 2005.
[RFC4308]Hoffman,P.,“IPsec加密套件”,RFC 4308,2005年12月。
[RFC4543] McGrew, D. and J. Viega, "The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH", RFC 4543, May 2006.
[RFC4543]McGrew,D.和J.Viega,“Galois消息认证码(GMAC)在IPsec ESP和AH中的使用”,RFC 4543,2006年5月。
[RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec", RFC 4868, May 2007.
[RFC4868]Kelly,S.和S.Frankel,“在IPsec中使用HMAC-SHA-256、HMAC-SHA-384和HMAC-SHA-512”,RFC 4868,2007年5月。
[RFC4869] Law, L. and J. Solinas, "Suite B Cryptographic Suites for IPsec", RFC 4869, May 2007.
[RFC4869]Law,L.和J.Solinas,“用于IPsec的套件B加密套件”,RFC 4869,2007年5月。
[RFC5903] Fu, D. and J. Solinas, "Elliptic Curve Groups modulo a Prime (ECP Groups) for IKE and IKEv2", RFC 5903, June 2010.
[RFC5903]Fu,D.和J.Solinas,“IKE和IKEv2的模素数的椭圆曲线群(ECP群)”,RFC 5903,2010年6月。
[RFC5996] Kaufman, C., Hoffman, P., Nir, Y., and P. Eronen, "Internet Key Exchange Protocol Version 2 (IKEv2)", RFC 5996, September 2010.
[RFC5996]Kaufman,C.,Hoffman,P.,Nir,Y.,和P.Eronen,“互联网密钥交换协议版本2(IKEv2)”,RFC 59962010年9月。
[AES] U.S. Department of Commerce/National Institute of Standards and Technology, "Advanced Encryption Standard (AES)", FIPS PUB 197, November 2001, <http://csrc.nist.gov/publications/fips/index.html>.
[AES]美国商务部/国家标准与技术研究所,“高级加密标准(AES)”,FIPS PUB 197,2001年11月<http://csrc.nist.gov/publications/fips/index.html>.
[RFC6380] Burgin, K. and M. Peck, "Suite B Profile for Internet Protocol Security (IPsec)", RFC 6380, October 2011.
[RFC6380]Burgin,K.和M.Peck,“互联网协议安全(IPsec)的套件B配置文件”,RFC 63802011年10月。
[SuiteB] U.S. National Security Agency, "NSA Suite B Cryptography", January 2009, <http://www.nsa.gov/ ia/programs/suiteb_cryptography/>.
[SuiteB]美国国家安全局,“NSA套件B加密”,2009年1月<http://www.nsa.gov/ ia/programs/suiteb_cryptography/>。
Authors' Addresses
作者地址
Laurie E. Law National Security Agency
Laurie E.Law国家安全局
EMail: lelaw@orion.ncsc.mil
EMail: lelaw@orion.ncsc.mil
Jerome A. Solinas National Security Agency
Jerome A.Solinas国家安全局
EMail: jasolin@orion.ncsc.mil
EMail: jasolin@orion.ncsc.mil