rfc4492.Elliptic Curve Cryptography (ECC) Cipher S

┣阿瑞斯┫
2 ℃
2020-06-29

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

NetworkWorkingGroupS.Blake-WilsonRequestforComments:4492SafeNetCategory:InformationalN.BolyardSunMicrosystemsV.GuptaSunLabsC.HawkCorrienteB.MoellerRuhr-UniBochumMay2006EllipticCurveCryptography(ECC)CipherSuitesforTransportLayerSecurity(TLS)StatusofThisMemoThismemoprovidesinformationfortheInternetcommunity.ItdoesnotspecifyanInternetstandardofanykind.Distributionofthismemoisunlimited.CopyrightNoticeCopyright(C)TheInternetSociety(2006).AbstractThisdocumentdescribesnewkeyexchangealgorithmsbasedonEllipticCurveCryptography(ECC)fortheTransportLayerSecurity(TLS)protocol.Inparticular,itspecifiestheuseofEllipticCurveDiffie-Hellman(ECDH)keyagreementinaTLShandshakeandtheuseofEllipticCurveDigitalSignatureAlgorithm(ECDSA)asanewauthenticationmechanism.Blake-Wilson,etal.Informational[Page1]RFC4492ECCCipherSuitesforTLSMay2006TableofContents1.Introduction....................................................32.KeyExchangeAlgorithms.........................................42.1.ECDH_ECDSA.................................................62.2.ECDHE_ECDSA................................................62.3.ECDH_RSA...................................................72.4.ECDHE_RSA..................................................72.5.ECDH_anon..................................................73.ClientAuthentication...........................................83.1.ECDSA_sign.................................................83.2.ECDSA_fixed_ECDH...........................................93.3.RSA_fixed_ECDH.............................................94.TLSExtensionsforECC..........................................95.DataStructuresandComputations...............................105.1.ClientHelloExtensions...................................105.1.1.SupportedEllipticCurvesExtension................125.1.2.SupportedPointFormatsExtension..................135.2.ServerHelloExtension....................................145.3.ServerCertificate........................................155.4.ServerKeyExchange.......................................175.5.CertificateRequest.......................................215.6.ClientCertificate........................................225.7.ClientKeyExchange.......................................235.8.CertificateVerify........................................255.9.EllipticCurveCertificates...............................265.10.ECDH,ECDSA,andRSAComputations........................266.CipherSuites..................................................277.SecurityConsiderations........................................288.IANAConsiderations............................................299.Acknowledgements...............................................2910.References....................................................3010.1.NormativeReferences.....................................3010.2.InformativeReferences...................................31AppendixA.EquivalentCurves(Informative)......................32Blake-Wilson,etal.Informational[Page2]RFC4492ECCCipherSuitesforTLSMay20061.IntroductionEllipticCurveCryptography(ECC)isemergingasanattractivepublic-keycryptosystem,inparticularformobile(i.e.,wireless)environments.ComparedtocurrentlyprevalentcryptosystemssuchasRSA,ECCoffersequivalentsecuritywithsmallerkeysizes.Thisisillustratedinthefollowingtable,basedon[18],whichgivesapproximatecomparablekeysizesforsymmetric-andasymmetric-keycryptosystemsbasedonthebest-knownalgorithmsforattackingthem.Symmetric|ECC|DH/DSA/RSA------------+---------+-------------80|163|1024112|233|2048128|283|3072192|409|7680256|571|15360Table1:ComparableKeySizes(inbits)Smallerkeysizesresultinsavingsforpower,memory,bandwidth,andcomputationalcostthatmakeECCespeciallyattractiveforconstrainedenvironments.ThisdocumentdescribesadditionstoTLStosupportECC,applicablebothtoTLSVersion1.0[2]andtoTLSVersion1.1[3].Inparticular,itdefinesotheuseoftheEllipticCurveDiffie-Hellman(ECDH)keyagreementschemewithlong-termorephemeralkeystoestablishtheTLSpremastersecret,andotheuseoffixed-ECDHcertificatesandECDSAforauthenticationofTLSpeers.Theremainderofthisdocumentisorganizedasfollows.Section2providesanoverviewofECC-basedkeyexchangealgorithmsforTLS.Section3describestheuseofECCcertificatesforclientauthentication.TLSextensionsthatallowaclienttonegotiatetheuseofspecificcurvesandpointformatsarepresentedinSection4.Section5specifiesvariousdatastructuresneededforanECC-basedhandshake,theirencodinginTLSmessages,andtheprocessingofthosemessages.Section6definesnewECC-basedciphersuitesandidentifiesasmallsubsetoftheseasrecommendedforallimplementationsofthisspecification.Section7discussessecurityconsiderations.Section8describesIANAconsiderationsforthenamespacescreatedbythisdocument.Section9givesacknowledgements.Blake-Wilson,etal.Informational[Page3]RFC4492ECCCipherSuitesforTLSMay2006Thisisfollowedbythelistsofnormativeandinformativereferencescitedinthisdocument,theauthors’contactinformation,andstatementsonintellectualpropertyrightsandcopyrights.ImplementationofthisspecificationrequiresfamiliaritywithTLS[2][3],TLSe