rfc2040.txt

中、英文RFC文档大全打包下载完全版 .

                    BB,
                    ptv->iv);
    (void) RC5_CBC_Encrypt_Init (pAlg, pKey);
    ptv->cipher_length = 0;
    (void) RC5_CBC_Encrypt_Update (pAlg,
                    ptv->plain_length, ptv->plain,
                    &(numBytesOut),
                    MAX_CIPHER_LENGTH - ptv->cipher_length,
                    &(ptv->cipher[ptv->cipher_length]));



Baldwin & Rivest             Informational                     [Page 22]

RFC 2040         RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS     October 1996


    ptv->cipher_length += numBytesOut;
    (void) RC5_CBC_Encrypt_Final (pAlg,
                    &(numBytesOut),
                    MAX_CIPHER_LENGTH - ptv->cipher_length,
                    &(ptv->cipher[ptv->cipher_length]));
    ptv->cipher_length += numBytesOut;
    bytes_to_hex (ptv->cipher, ptv->cipher_length,
                 ptv->ciphertext);
    RC5_Key_Destroy (pKey);
    RC5_CBC_Destroy (pAlg);
  }

  void show_results (ptv)
    test_vector *ptv;
  {
    if (ptv->padding_mode)
        printf ("RC5_CBC_Pad ");
    else
        printf ("RC5_CBC     ");
    printf ("R = %2d ", ptv->rounds);
    printf ("Key = %s ", ptv->keytext);
    printf ("IV = %s ", ptv->ivtext);
    printf ("P = %s ", ptv->plaintext);
    printf ("C = %s", ptv->ciphertext);
    printf ("\n");
  }

  int main(argc, argv)
    int argc;
    char *argv[];
  {
    test_vector tv;
    test_vector *ptv = &tv;

    show_banner();
    while (get_test_vector(ptv))  {
        run_test(ptv);
        show_results(ptv);
    }
    return (0);
  }










Baldwin & Rivest             Informational                     [Page 23]

RFC 2040         RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS     October 1996


9.2 Test vectors

   The following text is an input file to the test program presented in
   the previous subsection.  The output is given in the next subsection.

  0 00 00                 0000000000000000 0000000000000000
  0 00 00                 0000000000000000 ffffffffffffffff
  0 00 00                 0000000000000001 0000000000000000
  0 00 00                 0000000000000000 0000000000000001
  0 00 00                 0102030405060708 1020304050607080
  0 01 11                 0000000000000000 0000000000000000
  0 02 00                 0000000000000000 0000000000000000
  0 02 00000000           0000000000000000 0000000000000000
  0 08 00                 0000000000000000 0000000000000000
  0 08 00                 0102030405060708 1020304050607080
  0 12 00                 0102030405060708 1020304050607080
  0 16 00                 0102030405060708 1020304050607080
  0 08 01020304           0000000000000000 ffffffffffffffff
  0 12 01020304           0000000000000000 ffffffffffffffff
  0 16 01020304           0000000000000000 ffffffffffffffff
  0 12 0102030405060708   0000000000000000 ffffffffffffffff
  0 08 0102030405060708   0102030405060708 1020304050607080
  0 12 0102030405060708   0102030405060708 1020304050607080
  0 16 0102030405060708   0102030405060708 1020304050607080
  0 08 01020304050607081020304050607080
                          0102030405060708 1020304050607080
  0 12 01020304050607081020304050607080
                          0102030405060708 1020304050607080
  0 16 01020304050607081020304050607080
                          0102030405060708 1020304050607080

  0 12 0102030405         0000000000000000 ffffffffffffffff
  0 08 0102030405         0000000000000000 ffffffffffffffff
  0 08 0102030405         7875dbf6738c6478 0808080808080808
  1 08 0102030405         0000000000000000 ffffffffffffffff

  0 08 0102030405         0000000000000000 0000000000000000
  0 08 0102030405         7cb3f1df34f94811 1122334455667701

  1 08 0102030405         0000000000000000
  ffffffffffffffff7875dbf6738c647811223344556677










Baldwin & Rivest             Informational                     [Page 24]

RFC 2040         RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS     October 1996


9.3 Test results

   The following text is the output produced by the test program run on
   the inputs given in the previous subsection.

  RC5 CBC Tester.
  Each input line should contain the following
  test parameters separated by a single space:
  - Padding mode flag.  Use 1 for RC5_CBC_Pad, else 0.
  - Number of rounds for RC5.
  - Key bytes in hexadecimal.  Two characters per byte
    like '01'.
  - IV bytes in hexadecimal.  Must be 16 hex characters.
  - Plaintext bytes in hexadecimal.
  An end of file or format error terminates the tester.

  RC5_CBC     R =  0 Key = 00 IV = 0000000000000000
   P = 0000000000000000 C = 7a7bba4d79111d1e
  RC5_CBC     R =  0 Key = 00 IV = 0000000000000000
   P = ffffffffffffffff C = 797bba4d78111d1e
  RC5_CBC     R =  0 Key = 00 IV = 0000000000000001
   P = 0000000000000000 C = 7a7bba4d79111d1f
  RC5_CBC     R =  0 Key = 00 IV = 0000000000000000
   P = 0000000000000001 C = 7a7bba4d79111d1f
  RC5_CBC     R =  0 Key = 00 IV = 0102030405060708
   P = 1020304050607080 C = 8b9ded91ce7794a6
  RC5_CBC     R =  1 Key = 11 IV = 0000000000000000
   P = 0000000000000000 C = 2f759fe7ad86a378
  RC5_CBC     R =  2 Key = 00 IV = 0000000000000000
   P = 0000000000000000 C = dca2694bf40e0788
  RC5_CBC     R =  2 Key = 00000000 IV = 0000000000000000
   P = 0000000000000000 C = dca2694bf40e0788
  RC5_CBC     R =  8 Key = 00 IV = 0000000000000000
   P = 0000000000000000 C = dcfe098577eca5ff
  RC5_CBC     R =  8 Key = 00 IV = 0102030405060708
   P = 1020304050607080 C = 9646fb77638f9ca8
  RC5_CBC     R = 12 Key = 00 IV = 0102030405060708
   P = 1020304050607080 C = b2b3209db6594da4
  RC5_CBC     R = 16 Key = 00 IV = 0102030405060708
   P = 1020304050607080 C = 545f7f32a5fc3836
  RC5_CBC     R =  8 Key = 01020304 IV = 0000000000000000
   P = ffffffffffffffff C = 8285e7c1b5bc7402
  RC5_CBC     R = 12 Key = 01020304 IV = 0000000000000000
   P = ffffffffffffffff C = fc586f92f7080934
  RC5_CBC     R = 16 Key = 01020304 IV = 0000000000000000
   P = ffffffffffffffff C = cf270ef9717ff7c4
  RC5_CBC     R = 12 Key = 0102030405060708 IV = 0000000000000000
   P = ffffffffffffffff C = e493f1c1bb4d6e8c



Baldwin & Rivest             Informational                     [Page 25]

RFC 2040         RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS     October 1996


  RC5_CBC     R =  8 Key = 0102030405060708 IV = 0102030405060708
   P = 1020304050607080 C = 5c4c041e0f217ac3
  RC5_CBC     R = 12 Key = 0102030405060708 IV = 0102030405060708
   P = 1020304050607080 C = 921f12485373b4f7
  RC5_CBC     R = 16 Key = 0102030405060708 IV = 0102030405060708
   P = 1020304050607080 C = 5ba0ca6bbe7f5fad
  RC5_CBC     R =  8 Key = 01020304050607081020304050607080
   IV = 0102030405060708
   P = 1020304050607080 C = c533771cd0110e63
  RC5_CBC     R = 12 Key = 01020304050607081020304050607080
   IV = 0102030405060708
   P = 1020304050607080 C = 294ddb46b3278d60
  RC5_CBC     R = 16 Key = 01020304050607081020304050607080
   IV = 0102030405060708
   P = 1020304050607080 C = dad6bda9dfe8f7e8
  RC5_CBC     R = 12 Key = 0102030405 IV = 0000000000000000
   P = ffffffffffffffff C = 97e0787837ed317f
  RC5_CBC     R =  8 Key = 0102030405 IV = 0000000000000000
   P = ffffffffffffffff C = 7875dbf6738c6478
  RC5_CBC     R =  8 Key = 0102030405 IV = 7875dbf6738c6478
   P = 0808080808080808 C = 8f34c3c681c99695
  RC5_CBC_Pad R =  8 Key = 0102030405 IV = 0000000000000000
   P = ffffffffffffffff C = 7875dbf6738c64788f34c3c681c99695
  RC5_CBC     R =  8 Key = 0102030405 IV = 0000000000000000
   P = 0000000000000000 C = 7cb3f1df34f94811
  RC5_CBC     R =  8 Key = 0102030405 IV = 7cb3f1df34f94811
   P = 1122334455667701 C = 7fd1a023a5bba217
  RC5_CBC_Pad R =  8 Key = 0102030405 IV = 0000000000000000
   P = ffffffffffffffff7875dbf6738c647811223344556677
   C = 7875dbf6738c64787cb3f1df34f948117fd1a023a5bba217

10. Security Considerations

   The RC5 cipher is relatively new so critical reviews are still being
   performed.  However, the cipher's simple structure makes it easy to
   analyze and hopefully easier to assess its strength.  Reviews so far
   are very promising.

   Early results [1] suggest that for RC5 with a 64 bit block size (32
   bit word size), 12 rounds will suffice to resist linear and
   differential cyptanalysis.  The 128 bit block version has not been
   studied as much as the 64 bit version, but it appears that 16 rounds
   would be an appropriate minimum.  Block sizes less than 64 bits are
   academically interesting but should not be used for cryptographic
   security.  Greater security can be achieved by increasing the number
   of rounds at the cost of decreasing the throughput of the cipher.





Baldwin & Rivest             Informational                     [Page 26]

RFC 2040         RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS     October 1996


   The length of the secret key helps determine the cipher's resistance
   to brute force key searching attacks.  A key length of 128 bits
   should give adequate protection against brute force key searching by
   a well funded opponent for a couple decades [7].  For RC5 with 12
   rounds, the key setup time and data encryption time are the same for
   all key lengths less than 832 bits, so there is no performance reason
   for choosing short keys.  For larger keys, the key expansion step
   will run slower because the user key table, L, will be longer than
   the expanded key table, S.  However, the encryption time will be
   unchanged since it is only a function of the number of rounds.

   To comply with export regulations it may be necessary to choose keys
   that only have 40 unknown bits.  A poor way to do this would be to
   choose a simple 5 byte key.  This should be avoided because it would
   be easy for an opponent to pre-compute key searching information.
   Another common mechanism is to pick a 128 bit key and publish the
   first 88 bits.  This method reveals a large number of the entries in
   the user key table, L, and the question of whether RC5 key expansion
   provides adequate security in this situation has not been studied,
   though it may be fine.  A conservative way to conform to a 40 bit
   limitation is to pick a seed value of 128 bits, publish 88 bits of
   this seed, run the entire seed through a hash function like MD5 [4],
   and use the 128 bit output of the hash function as the RC5 key.

   In the case of 40 unknown key bits with 88 known key bits (i.e., 88
   salt bits) there should still be 12 or more rounds for the 64 bit
   block version of RC5, otherwise the value of adding salt bits to the
   key is likely to be lost.

   The lifetime of the key also influences security.  For high security
   applications, the key to any 64 bit block cipher should be changed
   after encrypting 2**32 blocks (2**64 blocks for a 128 bit block
   cipher).  This helps to guard against linear and differential
   cryptanalysis.  For the case of 64 bit blocks, this rule would
   recommend changing the key after 2**40 (i.e. 10**12) bytes are
   encrypted.  See Schneier [6] page 183 for further discussion.















Baldwin & Rivest             Informational                     [Page 27]

RFC 2040         RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS     October 1996


11. ASN.1 Identifiers

   For applications that use ASN.1 descriptions, it is necessary to
   define the algorithm identifier for these ciphers along with their
   parameter block formats.  The ASN.1 definition of an algorithm
   identifier already exists and is listed below for reference.

  AlgorithmIdentifier ::= SEQUENCE {
    algorithm    OBJECT IDENTIFIER,
    parameters   ANY DEFINED BY algorithm OPTIONAL
  }

  The values for the algorithm field are:

  RC5_CBC  OBJECT IDENTIFIER ::=
    { iso (1) member-body (2) US (840) rsadsi (113549)
      encryptionAlgorithm (3) RC5CBC (8) }

  RC5_CBC_Pad OBJECT IDENTIFIER ::=
  { iso (1) member-body (2) US (840) rsadsi (113549)
    encryptionAlgorithm (3) RC5CBCPAD (9) }

   The structure of the parameters field for these algorithms is given
   below.  NOTE: if the iv field is not included, then the
   initialization vector defaults to a block of zeros whose size depends
   on the blockSizeInBits field.

  RC5_CBC_Parameters ::= SEQUENCE {
    version           INTEGER (v1_0(16)),
    rounds            INTEGER (8..127),
    blockSizeInBits   INTEGER (64, 128),
    iv                OCTET STRING OPTIONAL
  }

References

   [1] Kaliski, Burton S., and Yinqun Lisa Yin, "On Differential and
   Linear Cryptanalysis of the RC5 Encryption Algorithm", In Advances
   in Cryptology - Crypto '95, pages 171-184, Springer-Verlag, New
   York, 1995.

   [2] Rivest, Ronald L., "The RC5 Encryption Algorithm", In
   Proceedings of the Second International Workshop on Fast Software
   Encryption, pages 86-96, Leuven Belgium, December 1994.

   [3] Rivest, Ronald L., "RC5 Encryption Algorithm", In Dr. Dobbs
   Journal, number 226, pages 146-148, January 1995.




Baldwin & Rivest             Informational                     [Page 28]

RFC 2040         RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS     October 1996


   [4] Rivest, Ronald L., "The MD5 Message-Digest Algorithm", RFC
   1321.

   [5] RSA Laboratories, "Public Key Cryptography Standards (PKCS)",
   RSA Data Security Inc.  See ftp.rsa.com.

   [6] Schneier, Bruce, "Applied Cryptography", Second Edition, John
   Wiley and Sons, New York, 1996.  Errata: on page 195, line 13, the
   reference number should be [402].

   [7] Business Software Alliance, Matt Blaze et al., "Minimum Key
   Length for Symmetric Ciphers to Provide Adequate Commercial
   Security", http://www.bsa.org/bsa/cryptologists.html.

   [8] RSA Data Security Inc., "RC5 Reference Code in C", See the web
   site: www.rsa.com, for availability.  Not available with the first
   draft of this document.

Authors' Addresses

   Robert W. Baldwin
   RSA Data Security, Inc.
   100 Marine Parkway
   Redwood City, CA 94065

   Phone: (415) 595-8782
   Fax:   (415) 595-1873
   EMail: baldwin@rsa.com, or baldwin@lcs.mit.edu


   Ronald L. Rivest
   Massachusetts Institute of Technology
   Laboratory for Computer Science
   NE43-324
   545 Technology Square
   Cambridge, MA 02139-1986

   Phone: (617) 253-5880
   EMail: rivest@theory.lcs.mit.edu












Baldwin & Rivest             Informational                     [Page 29]