📄 rfcrfc2040.txt
字号:
ptv->cipher_length += numBytesOut;
(void) RC5_CBC_Encrypt_Final (pAlg,
&(numBytesOut),
MAX_CIPHER_LENGTH - ptv->cipher_length,
&(ptv->cipher[ptv->cipher_length]));
ptv->cipher_length += numBytesOut;
bytes_to_hex (ptv->cipher, ptv->cipher_length,
ptv->ciphertext);
RC5_Key_Destroy (pKey);
RC5_CBC_Destroy (pAlg);
}
void show_results (ptv)
test_vector *ptv;
{
if (ptv->padding_mode)
printf ("RC5_CBC_Pad ");
else
printf ("RC5_CBC ");
printf ("R = %2d ", ptv->rounds);
printf ("Key = %s ", ptv->keytext);
printf ("IV = %s ", ptv->ivtext);
printf ("P = %s ", ptv->plaintext);
printf ("C = %s", ptv->ciphertext);
printf ("\n");
}
int main(argc, argv)
int argc;
char *argv[];
{
test_vector tv;
test_vector *ptv = &tv;
show_banner();
while (get_test_vector(ptv)) {
run_test(ptv);
show_results(ptv);
}
return (0);
}
9.2 测试向量
下面的文本是前一节测试程序的输入文件。输出在下一节中给出。
0 00 00 0000000000000000 0000000000000000
0 00 00 0000000000000000 ffffffffffffffff
0 00 00 0000000000000001 0000000000000000
0 00 00 0000000000000000 0000000000000001
0 00 00 0102030405060708 1020304050607080
0 01 11 0000000000000000 0000000000000000
0 02 00 0000000000000000 0000000000000000
0 02 00000000 0000000000000000 0000000000000000
0 08 00 0000000000000000 0000000000000000
0 08 00 0102030405060708 1020304050607080
0 12 00 0102030405060708 1020304050607080
0 16 00 0102030405060708 1020304050607080
0 08 01020304 0000000000000000 ffffffffffffffff
0 12 01020304 0000000000000000 ffffffffffffffff
0 16 01020304 0000000000000000 ffffffffffffffff
0 12 0102030405060708 0000000000000000 ffffffffffffffff
0 08 0102030405060708 0102030405060708 1020304050607080
0 12 0102030405060708 0102030405060708 1020304050607080
0 16 0102030405060708 0102030405060708 1020304050607080
0 08 01020304050607081020304050607080
0102030405060708 1020304050607080
0 12 01020304050607081020304050607080
0102030405060708 1020304050607080
0 16 01020304050607081020304050607080
0102030405060708 1020304050607080
0 12 0102030405 0000000000000000 ffffffffffffffff
0 08 0102030405 0000000000000000 ffffffffffffffff
0 08 0102030405 7875dbf6738c6478 0808080808080808
1 08 0102030405 0000000000000000 ffffffffffffffff
0 08 0102030405 0000000000000000 0000000000000000
0 08 0102030405 7cb3f1df34f94811 1122334455667701
1 08 0102030405 0000000000000000
ffffffffffffffff7875dbf6738c647811223344556677
9.3 测试结果
下面的文本是测试程序运行于前一节给定输入的输出文本。
RC5 CBC 测试器。
每个输入行应该包含下面用空格号分隔的测试参数:
-填充模式标志。使用1表示RC5-CBC-Pad,其余用0表示。
-RC5的轮数。
-16进制的密钥。每字节两个字符像‘01’。
-16进制的初始向量。必须是16进制的字节。
-16进制的明文字节。
到达文件末尾或格式错误终止测试器。
RC5_CBC R = 0 Key = 00 IV = 0000000000000000
P = 0000000000000000 C = 7a7bba4d79111d1e
RC5_CBC R = 0 Key = 00 IV = 0000000000000000
P = ffffffffffffffff C = 797bba4d78111d1e
RC5_CBC R = 0 Key = 00 IV = 0000000000000001
P = 0000000000000000 C = 7a7bba4d79111d1f
RC5_CBC R = 0 Key = 00 IV = 0000000000000000
P = 0000000000000001 C = 7a7bba4d79111d1f
RC5_CBC R = 0 Key = 00 IV = 0102030405060708
P = 1020304050607080 C = 8b9ded91ce7794a6
RC5_CBC R = 1 Key = 11 IV = 0000000000000000
P = 0000000000000000 C = 2f759fe7ad86a378
RC5_CBC R = 2 Key = 00 IV = 0000000000000000
P = 0000000000000000 C = dca2694bf40e0788
RC5_CBC R = 2 Key = 00000000 IV = 0000000000000000
P = 0000000000000000 C = dca2694bf40e0788
RC5_CBC R = 8 Key = 00 IV = 0000000000000000
P = 0000000000000000 C = dcfe098577eca5ff
RC5_CBC R = 8 Key = 00 IV = 0102030405060708
P = 1020304050607080 C = 9646fb77638f9ca8
RC5_CBC R = 12 Key = 00 IV = 0102030405060708
P = 1020304050607080 C = b2b3209db6594da4
RC5_CBC R = 16 Key = 00 IV = 0102030405060708
P = 1020304050607080 C = 545f7f32a5fc3836
RC5_CBC R = 8 Key = 01020304 IV = 0000000000000000
P = ffffffffffffffff C = 8285e7c1b5bc7402
RC5_CBC R = 12 Key = 01020304 IV = 0000000000000000
P = ffffffffffffffff C = fc586f92f7080934
RC5_CBC R = 16 Key = 01020304 IV = 0000000000000000
P = ffffffffffffffff C = cf270ef9717ff7c4
RC5_CBC R = 12 Key = 0102030405060708 IV = 0000000000000000
P = ffffffffffffffff C = e493f1c1bb4d6e8c
RC5_CBC R = 8 Key = 0102030405060708 IV = 0102030405060708
P = 1020304050607080 C = 5c4c041e0f217ac3
RC5_CBC R = 12 Key = 0102030405060708 IV = 0102030405060708
P = 1020304050607080 C = 921f12485373b4f7
RC5_CBC R = 16 Key = 0102030405060708 IV = 0102030405060708
P = 1020304050607080 C = 5ba0ca6bbe7f5fad
RC5_CBC R = 8 Key = 01020304050607081020304050607080
IV = 0102030405060708
P = 1020304050607080 C = c533771cd0110e63
RC5_CBC R = 12 Key = 01020304050607081020304050607080
IV = 0102030405060708
P = 1020304050607080 C = 294ddb46b3278d60
RC5_CBC R = 16 Key = 01020304050607081020304050607080
IV = 0102030405060708
P = 1020304050607080 C = dad6bda9dfe8f7e8
RC5_CBC R = 12 Key = 0102030405 IV = 0000000000000000
P = ffffffffffffffff C = 97e0787837ed317f
RC5_CBC R = 8 Key = 0102030405 IV = 0000000000000000
P = ffffffffffffffff C = 7875dbf6738c6478
RC5_CBC R = 8 Key = 0102030405 IV = 7875dbf6738c6478
P = 0808080808080808 C = 8f34c3c681c99695
RC5_CBC_Pad R = 8 Key = 0102030405 IV = 0000000000000000
P = ffffffffffffffff C = 7875dbf6738c64788f34c3c681c99695
RC5_CBC R = 8 Key = 0102030405 IV = 0000000000000000
P = 0000000000000000 C = 7cb3f1df34f94811
RC5_CBC R = 8 Key = 0102030405 IV = 7cb3f1df34f94811
P = 1122334455667701 C = 7fd1a023a5bba217
RC5_CBC_Pad R = 8 Key = 0102030405 IV = 0000000000000000
P = ffffffffffffffff7875dbf6738c647811223344556677
C = 7875dbf6738c64787cb3f1df34f948117fd1a023a5bba217
10.安全考虑
RC5密码相对来说是比较新的所以鉴定的评论仍在进行。然而,密码的简单结构使
它易于分析而且有希望更容易的评定它的的强度。迄今为止的评论是有前途的。
早期的结果暗示12轮64位块大小的RC5将有足够的能力抗拒线性和差分密码分
析。128位的块版本还未像64位的块版本进行多次研究。但是明显的16轮是一个合适的最
小值。小于64位的块尺寸学术上的兴趣但是不应被用于密码安全。更大的安全可以通过增
加轮数获得其代价是减少密码的吞吐量。
密钥的长度帮助决定密码对穷举攻击的抵抗力。一个128位的密钥长度应该几十年
的时间里为抗拒资金雄厚的对手的穷举攻击提供保护。12轮的RC5,密钥的建立时间和数据
加密时间对于所有长度小于832位的密钥来说都是相同的。因此没有因为不需要为了性能要
求而选择短密钥。对于大的密钥,因为用户的密钥表,L,将比扩展密钥表,S,长所以密钥
扩展的步骤会运行的比较慢。然而,加密时间将不会改变因此它只是一个轮数的函数。
未了配合出口规则可能需要选择密钥只有40个未知位。进行这一步处理的简单方
式是选择一个简单的5个字节的密钥。这应该被避免因为对手可以容易的预计算密钥搜索信
息。另一个一般的机制是选择128位的密钥出版头88位。这个方法揭示了大量的通往用户
密钥表,L,的路径。且是否RC5密钥扩展表在这种情况下提供了足够的安全还未进行研究。
尽管它可能是好的。一个与40位密钥限制一致的一种保守的方法是选择128位的种子值,
出版这个种子的前88位,通过像MD5的散列函数运行整个种子值,使用这个散列函数的128
位的输出作为RC5的密钥。
在有40位未知密钥和88位已知密钥的情况下,对于64位RC5块版本应该有12
轮或更高的轮数,否则增加给密钥的88位的值可能被丢失。
密钥的生存期也是影响安全的关键。对于高安全的应用,任何64位块密码的密钥
应该在加密了2**32个块后被改变(2**64个块对于128位的块密码)。这将帮助防范线性
和差分密码分析。对于64位的块,这个规则将推荐在2**40个字节被加密后改变密钥。进
一步的讨论见Schneier应用密码学183页。
11. ASN.1标识符
对于使用ASN.1描述的应用,有必要为这些与他们参数块格式相一致的密码定义算
法标识符。一个算法标识符的ASN.1的定义已经存在,以下列出作为参考。
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL
}
The values for the algorithm field are:
RC5_CBC OBJECT IDENTIFIER ::=
{ iso (1) member-body (2) US (840) rsadsi (113549)
encryptionAlgorithm (3) RC5CBC (8) }
RC5_CBC_Pad OBJECT IDENTIFIER ::=
{ iso (1) member-body (2) US (840) rsadsi (113549)
encryptionAlgorithm (3) RC5CBCPAD (9) }
The structure of the parameters field for these algorithms is given
below. NOTE: if the iv field is not included, then the
initialization vector defaults to a block of zeros whose size depends
on the blockSizeInBits field.
RC5_CBC_Parameters ::= SEQUENCE {
version INTEGER (v1_0(16)),
rounds INTEGER (8..127),
blockSizeInBits INTEGER (64, 128),
iv OCTET STRING OPTIONAL
}
12.参考
[1] Kaliski, Burton S., and Yinqun Lisa Yin, "On Differential and
Linear Cryptanalysis of the RC5 Encryption Algorithm", In Advances
in Cryptology - Crypto '95, pages 171-184, Springer-Verlag, New
York, 1995.
[2] Rivest, Ronald L., "The RC5 Encryption Algorithm", In
Proceedings of the Second International Workshop on Fast Software
Encryption, pages 86-96, Leuven Belgium, December 1994.
[3] Rivest, Ronald L., "RC5 Encryption Algorithm", In Dr. Dobbs
Journal, number 226, pages 146-148, January 1995.
[4] Rivest, Ronald L., "The MD5 Message-Digest Algorithm", RFC
1321.
[5] RSA Laboratories, "Public Key Cryptography Standards (PKCS)",
RSA Data Security Inc. See ftp.rsa.com.
[6] Schneier, Bruce, "Applied Cryptography", Second Edition, John
Wiley and Sons, New York, 1996. Errata: on page 195, line 13, the
reference number should be [402].
[7] Business Software Alliance, Matt Blaze et al., "Minimum Key
Length for Symmetric Ciphers to Provide Adequate Commercial
Security", http://www.bsa.org/bsa/cryptologists.html.
[8] RSA Data Security Inc., "RC5 Reference Code in C", See the web
site: www.rsa.com, for availability. Not available with the first
draft of this document.
13.作者地址
Robert W. Baldwin
RSA Data Security, Inc.
100 Marine Parkway
Redwood City, CA 94065
Phone: (415) 595-8782
Fax: (415) 595-1873
EMail: baldwin@rsa.com, or baldwin@lcs.mit.edu
Ronald L. Rivest
Massachusetts Institute of Technology
Laboratory for Computer Science
NE43-324
545 Technology Square
Cambridge, MA 02139-1986
Phone: (617) 253-5880
EMail: rivest@theory.lcs.mit.edu
RFC2040——The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms
RC5,RC5-CBC,RC5-CBC-PAD和RC5-CTS算法
2
RFC文档中文翻译计划
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -