idnits 2.17.1 draft-katagi-tls-clefia-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (May 2, 2012) is 4370 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) -- Obsolete informational reference (is this intentional?): RFC 2246 (Obsoleted by RFC 4346) -- Obsolete informational reference (is this intentional?): RFC 4346 (Obsoleted by RFC 5246) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group M. Katagi 3 Internet-Draft Sony Corporation 4 Intended status: Informational May 2, 2012 5 Expires: November 3, 2012 7 CLEFIA Cipher Suites for Transport Layer Security (TLS) 8 draft-katagi-tls-clefia-02 10 Abstract 12 This document specifies a set of cipher suites for the Transport 13 Security Layer (TLS) protocol to support the CLEFIA encryption 14 algorithm as a block cipher. CLEFIA is a lightweight block cipher 15 and suitable for constrained devices. 17 Status of this Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at http://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on November 3, 2012. 34 Copyright Notice 36 Copyright (c) 2012 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents 41 (http://trustee.ietf.org/license-info) in effect on the date of 42 publication of this document. Please review these documents 43 carefully, as they describe your rights and restrictions with respect 44 to this document. Code Components extracted from this document must 45 include Simplified BSD License text as described in Section 4.e of 46 the Trust Legal Provisions and are provided without warranty as 47 described in the Simplified BSD License. 49 Table of Contents 51 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 52 1.1. CLEFIA . . . . . . . . . . . . . . . . . . . . . . . . . . 3 53 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 54 2. Proposed Cipher Suites . . . . . . . . . . . . . . . . . . . . 4 55 2.1. SHA-1 based Cipher Suites . . . . . . . . . . . . . . . . 4 56 2.2. CBC + HMAC based Cipher Suites . . . . . . . . . . . . . . 4 57 2.3. GCM based Cipher Suites . . . . . . . . . . . . . . . . . 5 58 2.4. PSK based Cipher Suites . . . . . . . . . . . . . . . . . 5 59 3. Cipher Suite Definitions . . . . . . . . . . . . . . . . . . . 7 60 3.1. Key Exchange . . . . . . . . . . . . . . . . . . . . . . . 7 61 3.2. Cipher . . . . . . . . . . . . . . . . . . . . . . . . . . 7 62 3.3. Hash and PRFs . . . . . . . . . . . . . . . . . . . . . . 7 63 3.3.1. Hash and PRFs prior to TLS 1.2 . . . . . . . . . . . . 7 64 3.3.2. Hash and PRFs for TLS 1.2 . . . . . . . . . . . . . . 7 65 3.4. PSK cipher suites . . . . . . . . . . . . . . . . . . . . 7 66 4. Security Considerations . . . . . . . . . . . . . . . . . . . 8 67 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 68 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11 69 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 70 7.1. Normative References . . . . . . . . . . . . . . . . . . . 12 71 7.2. Informative References . . . . . . . . . . . . . . . . . . 13 72 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 15 74 1. Introduction 76 This document specifies cipher suites for the Transport Layer 77 Security (TLS) [RFC5246] protocol to support the CLEFIA [RFC6114] 78 encryption algorithm as a block cipher algorithm. The proposed 79 ciphersuites include variants using the SHA-2 family of cryptographic 80 hash functions [FIPS180-3] and Galois/Counter Mode (GCM) [GCM]. 81 Elliptic Curve Cryptography (ECC) cipher suites and Pre-Shared Key 82 (PSK) [RFC4279] cipher suites are also included. 84 1.1. CLEFIA 86 CLEFIA is a 128-bit blockcipher algorithm, with key lengths of 128, 87 192, and 256 bits, which is compatible with the interface of the 88 Advanced Encryption Standard (AES) [FIPS-197]. The algorithm of 89 CLEFIA was published in 2007 [FSE07]. Since AES was designed, 90 cryptographic technologies have been advancing: new techniques on 91 attack, design and implementation are extensively studied. CLEFIA is 92 designed based on the state-of-the-art techniques on design and 93 analysis of block ciphers. The security of CLEFIA has been 94 scrutinized in the public community, and no security weaknesses have 95 been reported so far. 97 CLEFIA is a general purpose blockcipher, and offers high performance 98 in software and hardware. Especially, CLEFIA has an advantage in 99 efficient hardware implementation over AES, Camellia, and SEED, which 100 can be used in TLS. Its gate efficiency, which is defined as the 101 ratio of speed to gate size, is superior to these ciphers [ISCAS08]. 103 CLEFIA is standardized in ISO/IEC 29192-2 [ISO29192-2]. ISO/IEC 104 29192 is a standardization project of "LightWeight Cryptography 105 (LWC)", which is a cryptographic algorithm or protocol tailored for 106 implementation in constrained environments including RFID tags, 107 sensors, contactless smart cards and so on. LWC contributes to the 108 security of the constrained devices connecting with IP. CLEFIA is 109 also proposed in the CRYPTREC project for the revision of the 110 e-Government recommended ciphers list in Japan [CRYPTREC]. 112 The algorithm specification is described in RFC6114 [RFC6114]. 113 Further information about CLEFIA, which includes design rationale, 114 security evaluations, implementation results, and a reference code, 115 is available from [CLEFIAWEB]. 117 1.2. Terminology 119 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 120 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 121 document are to be interpreted as described in RFC2119 [RFC2119]. 123 2. Proposed Cipher Suites 125 2.1. SHA-1 based Cipher Suites 127 The eight cipher suites use CLEFIA [RFC6114] in Cipher Block Chaining 128 (CBC) mode with SHA-1 [FIPS180-3]. 130 CipherSuite TLS_RSA_WITH_CLEFIA_128_CBC_SHA = {TBD,TBD}; 131 CipherSuite TLS_DHE_DSS_WITH_CLEFIA_128_CBC_SHA = {TBD,TBD}; 132 CipherSuite TLS_DHE_RSA_WITH_CLEFIA_128_CBC_SHA = {TBD,TBD}; 133 CipherSuite TLS_DH_anon_WITH_CLEFIA_128_CBC_SHA = {TBD,TBD}; 134 CipherSuite TLS_ECDHE_ECDSA_WITH_CLEFIA_128_CBC_SHA = {TBD,TBD}; 135 CipherSuite TLS_ECDHE_RSA_WITH_CLEFIA_128_CBC_SHA = {TBD,TBD}; 136 CipherSuite TLS_PSK_WITH_CLEFIA_128_CBC_SHA = {TBD,TBD}; 137 CipherSuite TLS_DHE_PSK_WITH_CLEFIA_128_CBC_SHA = {TBD,TBD}; 139 2.2. CBC + HMAC based Cipher Suites 141 The twenty cipher suites use CLEFIA in Cipher Block Chaining (CBC) 142 mode with Hash-based Message Authentication Code (HMAC) with the 143 SHA-2 family. Eight out of twenty use elliptic curves cryptography. 145 CipherSuite TLS_RSA_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 146 CipherSuite TLS_DH_DSS_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 147 CipherSuite TLS_DH_RSA_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 148 CipherSuite TLS_DHE_DSS_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 149 CipherSuite TLS_DHE_RSA_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 150 CipherSuite TLS_DH_anon_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 151 CipherSuite TLS_RSA_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 152 CipherSuite TLS_DH_DSS_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 153 CipherSuite TLS_DH_RSA_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 154 CipherSuite TLS_DHE_DSS_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 155 CipherSuite TLS_DHE_RSA_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 156 CipherSuite TLS_DH_anon_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 158 CipherSuite TLS_ECDHE_ECDSA_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 159 CipherSuite TLS_ECDH_ECDSA_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 160 CipherSuite TLS_ECDHE_RSA_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 161 CipherSuite TLS_ECDH_RSA_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 162 CipherSuite TLS_ECDHE_ECDSA_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 163 CipherSuite TLS_ECDH_ECDSA_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 164 CipherSuite TLS_ECDHE_RSA_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 165 CipherSuite TLS_ECDH_RSA_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 167 2.3. GCM based Cipher Suites 169 The twenty cipher suites use the same asymmetric key algorithms as 170 those in the previous section but use the authenticated encryption 171 modes defined in TLS 1.2 [RFC5246] with CLEFIA in GCM [GCM]. 173 CipherSuite TLS_RSA_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 174 CipherSuite TLS_DHE_RSA_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 175 CipherSuite TLS_DH_RSA_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 176 CipherSuite TLS_DHE_DSS_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 177 CipherSuite TLS_DH_DSS_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 178 CipherSuite TLS_DH_anon_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 179 CipherSuite TLS_RSA_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 180 CipherSuite TLS_DHE_RSA_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 181 CipherSuite TLS_DH_RSA_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 182 CipherSuite TLS_DHE_DSS_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 183 CipherSuite TLS_DH_DSS_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 184 CipherSuite TLS_DH_anon_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 186 CipherSuite TLS_ECDHE_ECDSA_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 187 CipherSuite TLS_ECDH_ECDSA_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 188 CipherSuite TLS_ECDHE_RSA_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 189 CipherSuite TLS_ECDH_RSA_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 190 CipherSuite TLS_ECDHE_ECDSA_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 191 CipherSuite TLS_ECDH_ECDSA_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 192 CipherSuite TLS_ECDHE_RSA_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 193 CipherSuite TLS_ECDH_RSA_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 195 2.4. PSK based Cipher Suites 197 The fourteen cipher suites describe PSK cipher suites. The first 198 eight cipher suites use the CLEFIA in CBC mode with HMAC with the 199 SHA-2 family and the next six cipher suites use CLEFIA in GCM. 201 CipherSuite TLS_PSK_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 202 CipherSuite TLS_DHE_PSK_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 203 CipherSuite TLS_RSA_PSK_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 204 CipherSuite TLS_ECDHE_PSK_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 205 CipherSuite TLS_PSK_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 206 CipherSuite TLS_DHE_PSK_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 207 CipherSuite TLS_RSA_PSK_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 208 CipherSuite TLS_ECDHE_PSK_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 210 CipherSuite TLS_PSK_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 211 CipherSuite TLS_DHE_PSK_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 212 CipherSuite TLS_RSA_PSK_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 213 CipherSuite TLS_PSK_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 214 CipherSuite TLS_DHE_PSK_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 215 CipherSuite TLS_RSA_PSK_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 217 3. Cipher Suite Definitions 219 3.1. Key Exchange 221 The RSA, DHE_RSA, DH_RSA, DHE_DSS, DH_DSS, ECDH, DH_anon, and ECDHE 222 key exchanges are performed as defined in RFC5246 [RFC5246]. 224 3.2. Cipher 226 The CLEFIA_128_CBC cipher suites use CLEFIA [RFC6114] in CBC mode 227 with a 128-bit key and 128-bit Initialization Vector (IV); the 228 CLEFIA_256_CBC cipher suites use a 256-bit key and 128-bit IV. 230 AES-authenticated encryption with associated data algorithms, 231 AEAD_AES_128_GCM and AEAD_AES_256_GCM are described in RFC5116 232 [RFC5116]. AES GCM cipher suites for TLS are described in RFC5288 233 [RFC5288]. AES and CLEFIA share common characteristics, including 234 key sizes and block length. CLEFIA_128_GCM and CLEFIA_256_GCM are 235 defined according to those characteristics of AES. 237 3.3. Hash and PRFs 239 3.3.1. Hash and PRFs prior to TLS 1.2 241 The cipher suites ending with _SHA use HMAC-SHA1 as the MAC 242 algorithm. 244 When used with TLS versions prior to TLS 1.2 ( TLS 1.0 [RFC2246] and 245 TLS 1.1 [RFC4346]), the PRF is calculated as specified in the 246 appropriate version of the TLS specification. 248 3.3.2. Hash and PRFs for TLS 1.2 250 The hash algorithms and pseudorandom function (PRF) algorithms for 251 TLS 1.2 [RFC5246] SHALL be as follows: 253 a) The cipher suites ending with _SHA256 use HMAC-SHA-256 [RFC2104] 254 as the MAC algorithm, The PRF is the TLS PRF [RFC5246] with SHA-256 255 [FIPS180-3] as the hash function, 256 b) The cipher suites ending with _SHA384 use HMAC-SHA-384 [RFC2104] 257 as the MAC algorithm, The PRF is the TLS PRF [RFC5246] with SHA-384 258 [FIPS180-3] as the hash function. 260 3.4. PSK cipher suites 262 PSK cipher suites for TLS are described in RFC4279 [RFC4279], RFC4785 263 [RFC4785], RFC5487 [RFC5487], and RFC5489 [RFC5489]. 265 4. Security Considerations 267 The security of CLEFIA algorithm has been scrutinized in the public 268 community since the algorithm was proposed, but no security 269 weaknesses have been reported so far. 271 The cipher suites with SHA-1 are included in this document for 272 interoperability with TLS prior to 1.2. NIST SP 800-131A describes 273 that SHA-1 for non-digital signature applications (including HMAC- 274 SHA-1) is acceptable; no security risk is currently known. The use 275 of SHA-1 for digital signature generation by US Federal government 276 agencies is allowed through 2013, but the user must accept some risk 277 [SP800-131A]. SHA-1 may be used for digital signature verification 278 in legacy-use, but there may be risk in doing so. Methods for 279 mitigating this risk should be considered [SP800-131A]. 281 For other security considerations, please refer to the security 282 considerations in previous RFCs ([RFC4279], [RFC4785], [RFC5116], 283 [RFC5288], [RFC5289], [RFC5487], and [GCM]). These apply to this 284 document as well. 286 5. IANA Considerations 288 IANA is requested to allocate (has allocated) the following numbers 289 in the TLS Cipher Suite Registry: 291 CipherSuite TLS_RSA_WITH_CLEFIA_128_CBC_SHA = {TBD,TBD}; 292 CipherSuite TLS_DHE_DSS_WITH_CLEFIA_128_CBC_SHA = {TBD,TBD}; 293 CipherSuite TLS_DHE_RSA_WITH_CLEFIA_128_CBC_SHA = {TBD,TBD}; 294 CipherSuite TLS_DH_anon_WITH_CLEFIA_128_CBC_SHA = {TBD,TBD}; 295 CipherSuite TLS_ECDHE_ECDSA_WITH_CLEFIA_128_CBC_SHA = {TBD,TBD}; 296 CipherSuite TLS_ECDHE_RSA_WITH_CLEFIA_128_CBC_SHA = {TBD,TBD}; 297 CipherSuite TLS_PSK_WITH_CLEFIA_128_CBC_SHA = {TBD,TBD}; 298 CipherSuite TLS_DHE_PSK_WITH_CLEFIA_128_CBC_SHA = {TBD,TBD}; 300 CipherSuite TLS_RSA_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 301 CipherSuite TLS_DH_DSS_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 302 CipherSuite TLS_DH_RSA_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 303 CipherSuite TLS_DHE_DSS_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 304 CipherSuite TLS_DHE_RSA_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 305 CipherSuite TLS_DH_anon_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 306 CipherSuite TLS_RSA_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 307 CipherSuite TLS_DH_DSS_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 308 CipherSuite TLS_DH_RSA_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 309 CipherSuite TLS_DHE_DSS_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 310 CipherSuite TLS_DHE_RSA_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 311 CipherSuite TLS_DH_anon_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 313 CipherSuite TLS_ECDHE_ECDSA_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 314 CipherSuite TLS_ECDH_ECDSA_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 315 CipherSuite TLS_ECDHE_RSA_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 316 CipherSuite TLS_ECDH_RSA_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 317 CipherSuite TLS_ECDHE_ECDSA_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 318 CipherSuite TLS_ECDH_ECDSA_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 319 CipherSuite TLS_ECDHE_RSA_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 320 CipherSuite TLS_ECDH_RSA_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 322 CipherSuite TLS_RSA_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 323 CipherSuite TLS_DHE_RSA_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 324 CipherSuite TLS_DH_RSA_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 325 CipherSuite TLS_DHE_DSS_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 326 CipherSuite TLS_DH_DSS_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 327 CipherSuite TLS_DH_anon_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 328 CipherSuite TLS_RSA_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 329 CipherSuite TLS_DHE_RSA_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 330 CipherSuite TLS_DH_RSA_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 331 CipherSuite TLS_DHE_DSS_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 332 CipherSuite TLS_DH_DSS_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 333 CipherSuite TLS_DH_anon_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 334 CipherSuite TLS_ECDHE_ECDSA_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 335 CipherSuite TLS_ECDH_ECDSA_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 336 CipherSuite TLS_ECDHE_RSA_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 337 CipherSuite TLS_ECDH_RSA_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 338 CipherSuite TLS_ECDHE_ECDSA_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 339 CipherSuite TLS_ECDH_ECDSA_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 340 CipherSuite TLS_ECDHE_RSA_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 341 CipherSuite TLS_ECDH_RSA_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 343 CipherSuite TLS_PSK_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 344 CipherSuite TLS_DHE_PSK_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 345 CipherSuite TLS_RSA_PSK_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 346 CipherSuite TLS_ECDHE_PSK_WITH_CLEFIA_128_CBC_SHA256 = {TBD,TBD}; 347 CipherSuite TLS_PSK_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 348 CipherSuite TLS_DHE_PSK_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 349 CipherSuite TLS_RSA_PSK_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 350 CipherSuite TLS_ECDHE_PSK_WITH_CLEFIA_256_CBC_SHA384 = {TBD,TBD}; 352 CipherSuite TLS_PSK_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 353 CipherSuite TLS_DHE_PSK_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 354 CipherSuite TLS_RSA_PSK_WITH_CLEFIA_128_GCM_SHA256 = {TBD,TBD}; 355 CipherSuite TLS_PSK_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 356 CipherSuite TLS_DHE_PSK_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 357 CipherSuite TLS_RSA_PSK_WITH_CLEFIA_256_GCM_SHA384 = {TBD,TBD}; 359 6. Acknowledgements 361 We would like to thank Shoichi Sakane for providing valuable 362 comments. 364 7. References 366 7.1. Normative References 368 [FIPS180-3] 369 National Institute of Standards and Technology, "Secure 370 Hash Standard (SHS)", FIPS PUB 180-3, October 2008, . 374 [GCM] Dworkin, M., "Recommendation for Block Cipher Modes of 375 Operation: Galois/Counter Mode (GCM) for Confidentiality 376 and Authentication", April 2006, . 380 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 381 Hashing for Message Authentication", RFC 2104, 382 February 1997. 384 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 385 Requirement Levels", BCP 14, RFC 2119, March 1997. 387 [RFC4279] Eronen, P. and H. Tschofenig, "Pre-Shared Key Ciphersuites 388 for Transport Layer Security (TLS)", RFC 4279, 389 December 2005. 391 [RFC4785] Blumenthal, U. and P. Goel, "Pre-Shared Key (PSK) 392 Ciphersuites with NULL Encryption for Transport Layer 393 Security (TLS)", RFC 4785, January 2007. 395 [RFC5116] McGrew, D., "An Interface and Algorithms for Authenticated 396 Encryption", RFC 5116, January 2008. 398 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 399 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 401 [RFC5288] Salowey, J., Choudhury, A., and D. McGrew, "AES Galois 402 Counter Mode (GCM) Cipher Suites for TLS", RFC 5288, 403 August 2008. 405 [RFC5289] Rescorla, E., "TLS Elliptic Curve Cipher Suites with SHA- 406 256/384 and AES Galois Counter Mode (GCM)", RFC 5289, 407 August 2008. 409 [RFC5487] Badra, M., "Pre-Shared Key Cipher Suites for TLS with SHA- 410 256/384 and AES Galois Counter Mode", RFC 5487, 411 March 2009. 413 [RFC5489] Badra, M. and I. Hajjeh, "ECDHE_PSK Cipher Suites for 414 Transport Layer Security (TLS)", RFC 5489, March 2009. 416 [RFC6114] Katagi, M. and S. Moriai, "The 128-Bit Blockcipher 417 CLEFIA", RFC 6114, March 2011. 419 7.2. Informative References 421 [CLEFIAWEB] 422 Sony Corporation, "The 128-bit blockcipher CLEFIA", 423 . 425 [CRYPTREC] 426 Cryptography Research and Evaluation Committees, "the 427 revision of the e-Government Recommended Ciphers List", 428 . 430 [FIPS-197] 431 National Institute of Standards and Technology, "Advanced 432 Encryption Standard (AES)", FIPS PUB 197, November 2001, < 433 http://csrc.nist.gov/publications/fips/fips197/ 434 fips-197.pdf>. 436 [FSE07] Shirai, T., Shibutani, K., Akishita, T., Moriai, S., and 437 T. Iwata, "The 128-bit Blockcipher CLEFIA", proceedings of 438 Fast Software Encryption 2007 - FSE 2007, 439 LNCS4593, pp.181-195, Springer-Verlag, 2007. 441 [ISCAS08] Sugawara, T., Homma, N., Aoki, T., and A. Satoh, "High- 442 performance ASIC implementations of the 128-bit block 443 cipher CLEFIA", ISCAS 2008, pp.2925-2928, IEEE, 2008. 445 [ISO29192-2] 446 ISO/IEC 29192-2, "Information technology - Security 447 techniques - Lightweight cryptography - Part 2: Block 448 ciphers", . 451 [RFC2246] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", 452 RFC 2246, January 1999. 454 [RFC4346] Dierks, T. and E. Rescorla, "The Transport Layer Security 455 (TLS) Protocol Version 1.1", RFC 4346, April 2006. 457 [SP800-131A] 458 National Institute of Standards and Technology, 459 "Transitions: Recommendation for Transitioning the Use of 460 Cryptographic Algorithms and Key Lengths", SP 800-131A, 461 January 2011, . 464 Author's Address 466 Masanobu Katagi 467 Sony Corporation 469 Phone: +81-3-5448-3701 470 Fax: +81-3-5448-6438 471 Email: Masanobu.Katagi@jp.sony.com