1、American National StandardDeveloped byfor Information Technology Fibre Channel Security Protocols - 2/Amendment 1 (FC-SP-2/AM1)INCITS 496-2012/AM1-2015INCITS 496-2012/AM1-2015INCITS 496-2012/AM1-2015Supplement toINCITS 496-2012American National Standardfor Information Technology Fibre Channel Securi
2、ty Protocols - 2/Amendment 1(FC-SP-2/AM1)SecretariatInformation Technology Industry CouncilApproved May 19, 2015American National Standards Institute, Inc.AbstractThis amendment updates ANSI INCITS 496-2012, FC-SP-2, to support additional cryptographic algo-rithms.Approval of an American National St
3、andard requires review by ANSI that therequirements for due process, consensus, and other criteria for approval havebeen met by the standards developer.Consensus is established when, in the judgement of the ANSI Board ofStandards Review, substantial agreement has been reached by directly andmaterial
4、ly affected interests. Substantial agreement means much more thana simple majority, but not necessarily unanimity. Consensus requires that allviews and objections be considered, and that a concerted effort be madetowards their resolution.The use of American National Standards is completely voluntary
5、; theirexistence does not in any respect preclude anyone, whether he has approvedthe standards or not, from manufacturing, marketing, purchasing, or usingproducts, processes, or procedures not conforming to the standards.The American National Standards Institute does not develop standards andwill in
6、 no circumstances give an interpretation of any American NationalStandard. Moreover, no person shall have the right or authority to issue aninterpretation of an American National Standard in the name of the AmericanNational Standards Institute. Requests for interpretations should beaddressed to the
7、secretariat or sponsor whose name appears on the titlepage of this standard.CAUTION NOTICE: This American National Standard may be revised orwithdrawn at any time. The procedures of the American National StandardsInstitute require that action be taken periodically to reaffirm, revise, orwithdraw thi
8、s standard. Purchasers of American National Standards mayreceive current information on all standards by calling or writing the AmericanNational Standards Institute.American National StandardPublished byAmerican National Standards Institute, Inc.25 West 43rd Street, New York, NY 10036Copyright 2015
9、by Information Technology Industry Council (ITI)All rights reserved.No part of this publication may be reproduced in anyform, in an electronic retrieval system or otherwise,without prior written permission of ITI, 1101 K Street NW, Suite 610, Washington, DC 20005. Printed in the United States of Ame
10、ricaCAUTION: The developers of this standard have requested that holders of patents that may be re-quired for the implementation of the standard disclose such patents to the publisher. However, nei-ther the developers nor the publisher have undertaken a patent search in order to identify which, ifan
11、y, patents may apply to this standard. As of the date of publication of this standard, followingcalls for the identification of patents that may be required for the implementation of the standard,notice of one or more such claims has been received. By publication of this standard, no positionis take
12、n with respect to the validity of this claim or of any rights in connection therewith. The knownpatent holder(s) has (have), however, filed a statement of willingness to grant a license underthese rights on reasonable and nondiscriminatory terms and conditions to applicants desiring to ob-tain such
13、a license. Details may be obtained from the publisher. No further patent search is con-ducted by the developer or publisher in respect to any standard it processes. No representation ismade or implied that this is the only license that may be required to avoid infringement in the use ofthis standard
14、.iContents PageForeword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iiiIntroduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
15、. vii1 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22.1 Sub
16、clause 2.4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22.2 Subclause 3.4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52.3 Subclause 5.3.4 . . . . . . . . . . .
17、 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52.4 Subclause 5.5.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52.5 Subclause 5.5.3.2 . . . . . . . . . . . . . . . . . . . . . . . . . . .
18、 . . . . . . . . . . . . . . . . . . . . . . . . . . . 62.6 Subclause 5.5.4.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82.7 Subclause 6.4.7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
19、 . . . . . . . . . 92.8 Subclause 7.1.3.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92.9 Subclause A.2.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92.10 Subclause A.2
20、.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102.11 Subclause A.2.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102.12 Subclause A.2.4 . . . . . . . . . . . . . . . . . . . .
21、 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102.13 Subclause A.3.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112.14 Subclause A.3.4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
22、 . . . . . . . . . . . . 112.15 Subclause A.3.5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112.16 Subclause A.3.6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122.17 Subclause
23、D.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12iiTable PageTable 14 Hash Functions Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5Table 32 FCAP Certificate Format . . . . .
24、 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6Table 33 Certificate Formats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Table 34 FCAP usage of X.509v3 Certificate fields . . . . . . . . . . . . . .
25、. . . . . . . . . . . . . . . . . . . . . 6Table 38 FCAP Signature Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8Table 39 Signature Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
26、. . 8Table A.8 Hash Functions Support for AUTH-A. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Table A.12 Hash Functions Support for AUTH-B1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Table A.16 Hash Functions Support for AUTH-B2. . . .
27、 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Table A.20 Hash Functions Support for AUTH-B3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Table A.32 Authentication Hash Functions Support for SA-B . . . . . . . . . . . . . . . . . . . . . . . . . .
28、. . 11Table A.37 Authentication Hash Functions Support for SA-C1 . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Table A.42 Authentication Hash Functions Support for SA-C2 . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Table A.47 Authentication Hash Functions Support for SA-C3 . . .
29、 . . . . . . . . . . . . . . . . . . . . . . . . 12iiiForeword (This foreword is not part of American National Standard INCITS 496-2012/AM1-2015.)This amendment updates ANSI INCITS 496-2012, FC-SP-2, to support additionalcryptographic algorithms.This amendment was developed by Task Group T11 of Accr
30、edited Standards Com-mittee INCITS during 2013. The amendment approval process started in 2013.Requests for interpretation, suggestions for improvements or addenda, or defect re-ports are welcome. They should be sent to the INCITS Secretariat, Information Tech-nology Industry Council, 1101 K Street,
31、 NW, Suite 610, Washington, DC 20005.This amendment was processed and approved for submittal to ANSI by the Interna-tional Committee for Information Technology Standards (INCITS). Committee ap-proval of the standard does not necessarily imply that all committee members votedfor its approval. At the
32、time it approved this standard, INCITS had the following mem-bers:Philip Wennblom, ChairJennifer Garner, SecretaryOrganization Represented Name of RepresentativeAdobe Systems Inc. Scott FosheeSteve Zilles (Alt.)AIM Global, Inc. Steve HallidayChuck Evanhoe (Alt.)Mary Lou Bosco (Alt.)Dan Kimball (Alt.
33、)Apple Helene WorkmanMarc Braner (Alt.)David Singer (Alt.)Distributed Management Task Force John Crandall Jeff Hilland (Alt.)Lawrence Lamers (Alt.)EMC Corporation . Gary Robinson Stephen Diamond (Alt.)Farance, Inc Frank Farance Timothy Schoechle (Alt.)Futurewei Technologies, Inc. Yi ZhaoWilbert Adam
34、s (Alt.)Timothy Jeffries (Alt.)GS1GO. Frank SharkeyCharles Biss (Alt.)Hewlett-Packard Company Karen Higginbottom Paul Jeran (Alt.)IBM Corporation Steve HolbrookAlexander Tarpinian (Alt.)IEEE . Jodi HaaszDon Wright (Alt.)Noelle Humerick (Alt.)Christy Bahn (Alt.)Justin Casto (Alt.)Intel Philip Wennblo
35、m Grace Wei (Alt.)Stephen Balogh (Alt.)Microsoft Corporation . Laura LindsayJohn Calhoon (Alt.)ivOrganization Represented Name of RepresentativeNational Institute of Standards (310) 822-1511 or (310) 823-6714 (fax).RFC 1321, The MD5 Message-Digest Algorithm, April 1992RFC 1994, PPP Challenge Handsha
36、ke Authentication Protocol (CHAP), August 1996RFC 2104, HMAC: Keyed-Hashing for Message Authentication, February 1997RFC 2246, The TLS Protocol Version 1.0, January 1999RFC 2401, Security Architecture for the Internet Protocol, November 1998RFC 2403, The Use of HMAC-MD5-96 within ESP and AH, Novembe
37、r 1998RFC 2404, The Use of HMAC-SHA-1-96 within ESP and AH, November 1998RFC 2410, The NULL Encryption Algorithm and Its Use With IPsec, November 1998RFC 2434, Guidelines for Writing an IANA Considerations Section in RFCs, October 1998RFC 2451, The ESP CBC-Mode Cipher Algorithms, November 1998RFC 25
38、60, X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP,June 1999RFC 2616, Hypertext Transfer Protocol - HTTP/1.1, June 1999RFC 2631, Diffie-Hellman Key Agreement Method, June 1999RFC 2865, Remote Authentication Dial In User Service (RADIUS), June 2000RFC 2945, The SRP
39、 Authentication and Key Exchange System, September 2000RFC 3279, Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificateand Certificate Revocation List (CRL) Profile, April 2002RFC 3526, More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange(I
40、KE), May 2003RFC 3602, The AES-CBC Cipher Algorithm and Its Use with IPsec, September 2003RFC 3686, Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulat-ing Security Payload (ESP), January 2004RFC 3723, Securing Block Storage Protocols over IP, April 2004INCITS 496-2012/AM1-20
41、153RFC 3748, Extensible Authentication Protocol (EAP), June 2004RFC 3852, Cryptographic Message Syntax (CMS), July 2004RFC 3986, Uniform Resource Identifier (URI): Generic Syntax, January 2005RFC 4072, Diameter Extensible Authentication Protocol (EAP) Application, August 2005RFC 4086, Randomness Req
42、uirements for Security, June 2005RFC 4106, The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload(ESP), June 2005RFC 4303, IP Encapsulating Security Payload (ESP), December 2005RFC 4434, The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE),February 2006RF
43、C 4543, The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH,May 2006RFC 4346, The Transport Layer Security (TLS) Protocol Version 1.1, April 2006RFC 5246, The Transport Layer Security (TLS) Protocol Version 1.2, August 2008RFC 5280, Internet X.509 Public Key Infrastructure Certi
44、ficate and Certificate Revocation List(CRL) Profile, May 2008RFC 5433, Extensible Authentication Protocol - Generalized Pre-Shared Key (EAP-GPSK)Method, February 2009RFC 5996, Internet Key Exchange Protocol Version 2 (IKEv2), September 2010RFC 6614, TLS encryption for RADIUS, May 2012RFC 6818, Updat
45、es to the Internet X.509 Public Key Infrastructure Certificate and Certificate Re-vocation List (CRL) Profile, January 2013The following documents are available from http:/grouper.ieee.org/groups/1363/passwdPK/contribu-tions.html#Wu:SRP-6, Improvements and Refinements to the Secure Remote Password P
46、rotocol, Submission to the IEEE P1363 Working Group, Oct 2002The following documents are available from ITU-T. The ITU-T recommendations may be obtainedfrom International Telecommunication Union, Sales and Marketing Service, Place des Nations, CH-1211 Geneva, Switzerland. Copies of the ITU-T documen
47、ts may be ordered on line via the WorldWide Web site (http:/www.itu.int/rec/recommendation.asp):X.509v3, ITU-T Recommendation X.509 (1997 E), Information Technology - Open Systems In-terconnection - The Directory: Authentication Framework, June 1997X.501, ITU-T Recommendation X.501, Information Tech
48、nology - Open Systems Interconnection- The Directory: Models, 1993INCITS 496-2012/AM1-2015 4The following documents are Federal Information Processing Standards (FIPS) and NIST SpecialPublications. Information regarding the current state of these standards may be requested from De-partment of Commer
49、ce, National Institute of Standards and Technology, Computer Systems Labora-tory, Washington, D.C. 20234. Copies of Federal Information Processing Standards (FIPS)documents may be obtained via the World Wide Web site (http:/www.itl.nist.gov/fipspubs/). In theevent that FIPS World Wide Web site is no longer active, access may be possible via the InformationTechnology Laboratory World Wide Web site (http:/www.itl.nist.gov/) or the National Institute ofStandards and Technology site (http:/www.nis
