ANSI INCITS 496-2012 Information Technology C Fibre Channel C Security Protocols - 2 (FC-SP-2).pdf

上传人:孙刚 文档编号:435807 上传时间:2018-11-14 格式:PDF 页数:314 大小:1.59MB
下载 相关 举报
ANSI INCITS 496-2012 Information Technology C Fibre Channel C Security Protocols - 2 (FC-SP-2).pdf_第1页
第1页 / 共314页
ANSI INCITS 496-2012 Information Technology C Fibre Channel C Security Protocols - 2 (FC-SP-2).pdf_第2页
第2页 / 共314页
ANSI INCITS 496-2012 Information Technology C Fibre Channel C Security Protocols - 2 (FC-SP-2).pdf_第3页
第3页 / 共314页
ANSI INCITS 496-2012 Information Technology C Fibre Channel C Security Protocols - 2 (FC-SP-2).pdf_第4页
第4页 / 共314页
ANSI INCITS 496-2012 Information Technology C Fibre Channel C Security Protocols - 2 (FC-SP-2).pdf_第5页
第5页 / 共314页
亲,该文档总共314页,到这儿已超出免费预览范围,如果喜欢就下载吧!
资源描述

1、American National StandardDeveloped byfor Information Technology Fibre Channel Security Protocols - 2 (FC-SP-2)INCITS 496-2012INCITS 496-2012INCITS 496-2012American National Standardfor Information Technology Fibre Channel Security Protocols - 2 (FC-SP-2)SecretariatInformation Technology Industry Co

2、uncilApproved October 25, 2012American National Standards Institute, Inc.AbstractThis standard describes the protocols used to implement security in a Fibre Channel fabric. This stan-dard includes the definition of protocols to authenticate Fibre Channel entities, protocols to set up ses-sion keys,

3、protocols to negotiate the parameters required to ensure frame-by-frame integrity andconfidentiality, and protocols to establish and distribute policies across a Fibre Channel fabric.Approval of an American National Standard requires review by ANSI that therequirements for due process, consensus, an

4、d other criteria for approval havebeen met by the standards developer.Consensus is established when, in the judgement of the ANSI Board ofStandards Review, substantial agreement has been reached by directly andmaterially affected interests. Substantial agreement means much more thana simple majority

5、, but not necessarily unanimity. Consensus requires that allviews and objections be considered, and that a concerted effort be madetowards their resolution.The use of American National Standards is completely voluntary; theirexistence does not in any respect preclude anyone, whether he has approvedt

6、he standards or not, from manufacturing, marketing, purchasing, or usingproducts, processes, or procedures not conforming to the standards.The American National Standards Institute does not develop standards andwill in no circumstances give an interpretation of any American NationalStandard. Moreove

7、r, no person shall have the right or authority to issue aninterpretation of an American National Standard in the name of the AmericanNational Standards Institute. Requests for interpretations should beaddressed to the secretariat or sponsor whose name appears on the titlepage of this standard.CAUTIO

8、N NOTICE: This American National Standard may be revised orwithdrawn at any time. The procedures of the American National StandardsInstitute require that action be taken periodically to reaffirm, revise, orwithdraw this standard. Purchasers of American National Standards mayreceive current informati

9、on on all standards by calling or writing the AmericanNational Standards Institute.American National StandardPublished byAmerican National Standards Institute, Inc.25 West 43rd Street, New York, NY 10036Copyright 2012 by Information Technology Industry Council (ITI)All rights reserved.No part of thi

10、s publication may be reproduced in anyform, in an electronic retrieval system or otherwise,without prior written permission of ITI, 1101 K Street NW, Suite 610, Washington, DC 20005. Printed in the United States of AmericaCAUTION: The developers of this standard have requested that holders of patent

11、s that may be re-quired for the implementation of the standard disclose such patents to the publisher. However, nei-ther the developers nor the publisher have undertaken a patent search in order to identify which, ifany, patents may apply to this standard. As of the date of publication of this stand

12、ard, followingcalls for the identification of patents that may be required for the implementation of the standard,notice of one or more such claims has been received. By publication of this standard, no positionis taken with respect to the validity of this claim or of any rights in connection therew

13、ith. The knownpatent holder(s) has (have), however, filed a statement of willingness to grant a license underthese rights on reasonable and nondiscriminatory terms and conditions to applicants desiring to ob-tain such a license. Details may be obtained from the publisher. No further patent search is

14、 con-ducted by the developer or publisher in respect to any standard it processes. No representation ismade or implied that this is the only license that may be required to avoid infringement in the use ofthis standard.iContents PageForeword . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

15、. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvIntroduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi1 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

16、. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Normative References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

17、. . . . . . . . . . . . . . . . 22.2 Approved references . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22.3 References under development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22.4 Other Referenc

18、es . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Definitions and conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63.1 Overview . . . . . . . . . . . . . . . . . . . . . . .

19、. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63.2 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63.3 Editorial Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

20、. . . . . . . . . . . . . . . . . . . . . 93.4 Abbreviations, acronyms, and symbols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113.5 Keywords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123.6 T

21、10 Vendor ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133.7 Sorting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133.7.1 Sorting alphabetic keys . . .

22、 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133.7.2 Sorting numeric keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133.8 Terminate Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

23、. . . . . . . . . . . . 133.9 State Machine notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143.10 Using numbers in hash functions and concatenation functions . . . . . . . . . . . . . . . . . 154 Structure and Concepts . . . . . . . . . . .

24、 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164.2 FC-SP-2 Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

25、 . . . . . . . . . . . . . . . . . . . . . 164.3 Fabric Security Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164.4 Authentication Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164.5

26、Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174.6 Security Associations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184.7 Cryptographic Integrity and Confidentia

27、lity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184.7.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184.7.2 ESP_Header Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

28、. . . . . . . 194.7.3 CT_Authentication Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204.8 Authorization (Access Control) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224.8.1 Policy Definition . . . . . . . . . . . .

29、. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224.8.2 Policy Enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234.8.3 Policy Distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

30、 . . . . . . . . . 234.8.4 Policy Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234.9 Name Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235 Authentication Protoco

31、ls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245.2 Authentication Messages Structure . . . . . . . . . .

32、. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255.2.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255.2.2 SW_ILS Authentication Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255.

33、2.3 ELS Authentication Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275.2.4 Fields Common to All AUTH Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285.2.5 Vendor Specific Messages . . . . . . . . . . . . . . . . . . . . . . . . . . .

34、. . . . . . . . . . . . . . 295.3 Authentication Messages Common to Authentication Protocols . . . . . . . . . . . . . . . . . . 295.3.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29ii5.3.2 AUTH_Negotiate Message . . . . . .

35、 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305.3.3 Names used in Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315.3.4 Hash Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

36、 . 325.3.5 Diffie-Hellman Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325.3.6 Accepting an AUTH_Negotiate Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335.3.7 AUTH_Reject Message . . . . . . . . . . . . . . . . . . . . . . . . .

37、 . . . . . . . . . . . . . . . . . . 335.3.8 AUTH_Done Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365.4 DH-CHAP Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375.4.1 Protocol Operati

38、ons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375.4.2 AUTH_Negotiate DH-CHAP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395.4.3 DHCHAP_Challenge Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

39、 . 405.4.4 DHCHAP_Reply Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415.4.5 DHCHAP_Success Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435.4.6 Key Generation for the Security Association Management Protocol . . . . .

40、 . . . . 445.4.7 Reuse of Diffie-Hellman Exponential . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445.4.8 DH-CHAP Security Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445.5 FCAP Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . .

41、 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475.5.1 Protocol Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475.5.2 AUTH_Negotiate FCAP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505.5.3 FCAP_Reque

42、st Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515.5.4 FCAP_Acknowledge Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545.5.5 FCAP_Confirm Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

43、 . . . . . . 565.5.6 Key Generation for the Security Association Management Protocol . . . . . . . . . 565.5.7 Reuse of Diffie-Hellman Exponential . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565.6 FCPAP Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

44、. . . . . . . . . . . . . . . . . . . . . 575.6.1 Protocol Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 575.6.2 AUTH_Negotiate FCPAP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605.6.3 FCPAP_Init Message . . . .

45、 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 615.6.4 FCPAP_Accept Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 625.6.5 FCPAP_Complete Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

46、 635.6.6 Key Generation for the Security Association Management Protocol . . . . . . . . . 635.6.7 Reuse of Diffie-Hellman Exponential . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 635.7 FCEAP Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

47、. . . . . . . . . . . . . . . 645.7.1 Protocol Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 645.7.2 AUTH_Negotiate FCEAP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 645.7.3 FCEAP_Request Message . . . . . . . .

48、. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 655.7.4 FCEAP_Response Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 655.7.5 FCEAP_Success Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 665.7.6 FCEAP_Fai

49、lure Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 665.7.7 AUTH_Reject Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 675.7.8 AUTH_ELS and AUTH_ILS Size Requirements . . . . . . . . . . . . . . . . . . . . . . . . 675.7.9 Supported EAP Methods . . . . . . . . . . . . . . . . . . . . .

展开阅读全文
相关资源
  • ANSI Z97 1-2009 American National Standard for Safety Glazing Materials used in Buildings - Safety Performance Specifications and Methods of Test《建筑物中窗用玻璃材料安全性用.pdfANSI Z97 1-2009 American National Standard for Safety Glazing Materials used in Buildings - Safety Performance Specifications and Methods of Test《建筑物中窗用玻璃材料安全性用.pdf
  • ANSI Z97 1 ERTA-2010 Re ANSI Z97 1 - 2009 Errata《修订版 美国国家标准学会Z97 1-2009标准的勘误表》.pdfANSI Z97 1 ERTA-2010 Re ANSI Z97 1 - 2009 Errata《修订版 美国国家标准学会Z97 1-2009标准的勘误表》.pdf
  • ANSI Z21 40 2a-1997 Gas-Fired Work Activated Air-Conditioning and Heat Pump Appliances (Same as CGA 2 92a)《燃气、工作激活空气调节和热泵器具(同 CGA 2 92a)》.pdfANSI Z21 40 2a-1997 Gas-Fired Work Activated Air-Conditioning and Heat Pump Appliances (Same as CGA 2 92a)《燃气、工作激活空气调节和热泵器具(同 CGA 2 92a)》.pdf
  • ANSI Z124 9-2004 American National Standard for Plastic Urinal Fixtures《塑料小便器用美国国家标准》.pdfANSI Z124 9-2004 American National Standard for Plastic Urinal Fixtures《塑料小便器用美国国家标准》.pdf
  • ANSI Z124 4-2006 American National Standard for Plastic Water Closet Bowls and Tanks《塑料抽水马桶和水箱用美国国家标准》.pdfANSI Z124 4-2006 American National Standard for Plastic Water Closet Bowls and Tanks《塑料抽水马桶和水箱用美国国家标准》.pdf
  • ANSI Z124 3-2005 American National Standard for Plastic Lavatories《塑料洗脸盆用美国国家标准》.pdfANSI Z124 3-2005 American National Standard for Plastic Lavatories《塑料洗脸盆用美国国家标准》.pdf
  • ANSI T1 659-1996 Telecommunications - Mobility Management Application Protocol (MMAP) RCF-RACF Operations《电信 可移动管理应用协议(MMAP) RCF-RACF操作》.pdfANSI T1 659-1996 Telecommunications - Mobility Management Application Protocol (MMAP) RCF-RACF Operations《电信 可移动管理应用协议(MMAP) RCF-RACF操作》.pdf
  • ANSI T1 651-1996 Telecommunications – Mobility Management Application Protocol (MMAP)《电信 可移动性管理应用协议》.pdfANSI T1 651-1996 Telecommunications – Mobility Management Application Protocol (MMAP)《电信 可移动性管理应用协议》.pdf
  • ANSI T1 609-1999 Interworking between the ISDN User-Network Interface Protocol and the Signalling System Number 7 ISDN User Part《电信 ISDN用户间网络接口协议和7号信令系统ISDN用户部分.pdfANSI T1 609-1999 Interworking between the ISDN User-Network Interface Protocol and the Signalling System Number 7 ISDN User Part《电信 ISDN用户间网络接口协议和7号信令系统ISDN用户部分.pdf
  • ANSI T1 605-1991 Integrated Services Digital Network (ISDN) - Basic Access Interface for S and T Reference Points (Layer 1 Specification)《综合服务数字网络(ISDN) S和T基准点的.pdfANSI T1 605-1991 Integrated Services Digital Network (ISDN) - Basic Access Interface for S and T Reference Points (Layer 1 Specification)《综合服务数字网络(ISDN) S和T基准点的.pdf
  • 猜你喜欢
    相关搜索

    当前位置:首页 > 标准规范 > 国际标准 > ANSI

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1