| < draft-kanno-ipsecme-camellia-xcbc-00.txt | draft-kanno-ipsecme-camellia-xcbc-01.txt > | |||
|---|---|---|---|---|
| Network Working Group S. Kanno | Network Working Group S. Kanno | |||
| Internet-Draft NTT Software Corporation | Internet-Draft A. Kato | |||
| Intended status: Standards Track M. Kanda | Intended status: Standards Track NTT Software Corporation | |||
| Expires: October 7, 2009 Nippon Telegraph and Telephone | Expires: March 13, 2010 M. Kanda | |||
| Corporation | NTT | |||
| April 5, 2009 | September 9, 2009 | |||
| The Camellia-XCBC-96 and Camellia-XCBC-PRF-128 Algorithms and Its Use | The Camellia-XCBC-96 and Camellia-XCBC-PRF-128 Algorithms and Its Use | |||
| with IPsec | with IPsec | |||
| draft-kanno-ipsecme-camellia-xcbc-00 | draft-kanno-ipsecme-camellia-xcbc-01 | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted to IETF in full conformance with the | This Internet-Draft is submitted to IETF in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
| Drafts. | Drafts. | |||
| skipping to change at page 1, line 35 ¶ | skipping to change at page 1, line 35 ¶ | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on October 7, 2009. | This Internet-Draft will expire on March 13, 2010. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2009 IETF Trust and the persons identified as the | Copyright (c) 2009 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents in effect on the date of | Provisions Relating to IETF Documents in effect on the date of | |||
| publication of this document (http://trustee.ietf.org/license-info). | publication of this document (http://trustee.ietf.org/license-info). | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 2, line 22 ¶ | skipping to change at page 2, line 22 ¶ | |||
| Internet Key Exchange. This algorithm is called Camellia-XCBC-PRF- | Internet Key Exchange. This algorithm is called Camellia-XCBC-PRF- | |||
| 128. | 128. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Camellia-XCBC-96 and Camellia-XCBC-PRF-128 . . . . . . . . . . 4 | 2. Camellia-XCBC-96 and Camellia-XCBC-PRF-128 . . . . . . . . . . 4 | |||
| 3. Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 3. Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 3.1. Camellia-XCBC-96 . . . . . . . . . . . . . . . . . . . . . 5 | 3.1. Camellia-XCBC-96 . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 3.2. Camellia-XCBC-PRF-128 . . . . . . . . . . . . . . . . . . 7 | 3.2. Camellia-XCBC-PRF-128 . . . . . . . . . . . . . . . . . . 5 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | 4. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10 | 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11 | 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 7.1. Normative . . . . . . . . . . . . . . . . . . . . . . . . 11 | 7.1. Normative . . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 7.2. Informative . . . . . . . . . . . . . . . . . . . . . . . 11 | 7.2. Informative . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 1. Introduction | 1. Introduction | |||
| This document specifies two new algorithms. One is the usage of XCBC | This document specifies two new algorithms. One is the usage of XCBC | |||
| based on Camellia block cipher on the authentication mechanism of the | based on Camellia block cipher on the authentication mechanism of the | |||
| IPsec Encapsulating Security Payload (ESP) [7] and Authentication | IPsec Encapsulating Security Payload (ESP) [7] and Authentication | |||
| Header protocols (AH) [6]. This algorithm is called | Header protocols (AH) [6]. This algorithm is called | |||
| Camellia-XCBC-96. Latter is Pseudo-Random Function (PRF) based on | Camellia-XCBC-96. Latter is Pseudo-Random Function (PRF) based on | |||
| XCBC with Camellia block cipher for Internet Key Exchange (IKEv2) | XCBC with Camellia block cipher for Internet Key Exchange (IKEv2) | |||
| [8]. This algorithm is called Camellia-XCBC-PRF-128. | [8]. This algorithm is called Camellia-XCBC-PRF-128. | |||
| skipping to change at page 5, line 9 ¶ | skipping to change at page 5, line 9 ¶ | |||
| 2. Camellia-XCBC-96 and Camellia-XCBC-PRF-128 | 2. Camellia-XCBC-96 and Camellia-XCBC-PRF-128 | |||
| The Camellia-XCBC-96 comply with [3]. Also, The Camellia-XCBC-PRF- | The Camellia-XCBC-96 comply with [3]. Also, The Camellia-XCBC-PRF- | |||
| 128 comply with [4]. | 128 comply with [4]. | |||
| 3. Test Vectors | 3. Test Vectors | |||
| 3.1. Camellia-XCBC-96 | 3.1. Camellia-XCBC-96 | |||
| This section contains seven test vectors(TV), which can be used to | This section contains three test vectors(TV), which can be used to | |||
| confirm that an implementation has correctly implemented Camellia- | confirm that an implementation has correctly implemented Camellia- | |||
| XCBC-96. | XCBC-96. | |||
| Test Case #1 : Camellia-XCBC-MAC-96 with 0-byte input | Test Case #1 : Camellia-XCBC-MAC-96 with 20-byte input | |||
| Key (K) : 000102030405060708090a0b0c0d0e0f | Key (K) : 000102030405060708090a0b0c0d0e0f | |||
| Message (M) : <empty string< | Message (M) : 000102030405060708090a0b0c0d0e0f10111213 | |||
| Camellia-XCBC-MAC : <TBD> | Camellia-XCBC-MAC : 3d042dd4e7bc791cee320415c5e326d6 | |||
| Camellia-XCBC-MAC-96: <TBD> | Camellia-XCBC-MAC-96: 3d042dd4e7bc791cee320415 | |||
| Test Case #2 : Camellia-XCBC-MAC-96 with 3-byte input | ||||
| Key (K) : 000102030405060708090a0b0c0d0e0f | ||||
| Message (M) : 000102 | ||||
| Camellia-XCBC-MAC : <TBD> | ||||
| Camellia-XCBC-MAC-96: <TBD> | ||||
| Test Case #3 : Camellia-XCBC-MAC-96 with 16-byte input | ||||
| Key (K) : 000102030405060708090a0b0c0d0e0f | ||||
| Message (M) : 00102030405060708090a0b0c0d0e0f | ||||
| Camellia-XCBC-MAC : <TBD> | ||||
| Camellia-XCBC-MAC-96: <TBD> | ||||
| Test Case #4 : Camellia-XCBC-MAC-96 with 20-byte input | ||||
| Key (K) : 000102030405060708090a0b0c0d0e0f | ||||
| Message (M) : 000102030405060708090a0b0c0d0e0f10111213 | ||||
| Camellia-XCBC-MAC : <TBD> | ||||
| Camellia-XCBC-MAC-96: <TBD> | ||||
| Test Case #5 : Camellia-XCBC-MAC-96 with 32-byte input | ||||
| Key (K) : 000102030405060708090a0b0c0d0e0f | ||||
| Message (M) : 000102030405060708090a0b0c0d0e0f1011121314151 | ||||
| 61718191a1b1c1d1e1f | ||||
| Camellia-XCBC-MAC : <TBD> | ||||
| Camellia-XCBC-MAC-96: <TBD> | ||||
| Test Case #6 : Camellia-XCBC-MAC-96 with 34-byte input | Test Case #2 : Camellia-XCBC-MAC-96 with 20-byte input | |||
| Key (K) : 000102030405060708090a0b0c0d0e0f | Key (K) : 00010203040506070809 | |||
| Message (M) : 000102030405060708090a0b0c0d0e0f1011121314151 | Message (M) : 000102030405060708090a0b0c0d0e0f10111213 | |||
| 61718191a1b1c1d1e1f2021 | Camellia-XCBC-MAC : b916b423420a906cd7d7b672a24e976f | |||
| Camellia-XCBC-MAC : <TBD> | Camellia-XCBC-MAC-96: b916b423420a906cd7d7b672 | |||
| Camellia-XCBC-MAC-96: <TBD> | ||||
| Test Case #7 : Camellia-XCBC-MAC-96 with 1000-byte input | Test Case #3 : Camellia-XCBC-MAC-96 with 20-byte input | |||
| Key (K) : 000102030405060708090a0b0c0d0e0f | Key (K) : 000102030405060708090a0b0c0d0e0fedcb | |||
| Message (M) : 00000000000000000000 ... 00000000000000000000 | Message (M) : 000102030405060708090a0b0c0d0e0f10111213 | |||
| [1000 bytes] | Camellia-XCBC-MAC : b97146369d31940ff57a0ddf2233c1d2 | |||
| Camellia-XCBC-MAC : <TBD> | Camellia-XCBC-MAC-96: b97146369d31940ff57a0ddf | |||
| Camellia-XCBC-MAC-96: <TBD> | ||||
| 3.2. Camellia-XCBC-PRF-128 | 3.2. Camellia-XCBC-PRF-128 | |||
| This section contains three test vectors(TV), which can be used to | This section contains three test vectors(TV), which can be used to | |||
| confirm that an implementation has correctly implemented Camellia- | confirm that an implementation has correctly implemented Camellia- | |||
| XCBC-PRF-128. | XCBC-PRF-128. | |||
| Test Case #1 : Camellia-XCBC-PRF-128 with 20-byte input | Test Case #1 : Camellia-XCBC-PRF-128 with 20-byte input | |||
| Key : 000102030405060708090a0b0c0d0e0f | Key : 000102030405060708090a0b0c0d0e0f | |||
| Key Length : 16 | Key Length : 16 | |||
| Message : 000102030405060708090a0b0c0d0e0f10111213 | Message : 000102030405060708090a0b0c0d0e0f10111213 | |||
| PRF Output : <TBD> | PRF Output : fb8f550070b5e6a51aa2404ff8bbcf7d3d042dd4e7bc791cee320415c5e326d6 | |||
| Test Case #2 : Camellia-XCBC-PRF-128 with 20-byte input | Test Case #2 : Camellia-XCBC-PRF-128 with 20-byte input | |||
| Key : 00010203040506070809 | Key : 00010203040506070809 | |||
| Key Length : 10 | Key Length : 10 | |||
| Message : 000102030405060708090a0b0c0d0e0f10111213 | Message : 000102030405060708090a0b0c0d0e0f10111213 | |||
| PRF Output : <TBD> | PRF Output : e8243b0105b3a3b93fd6cedae0ca8ab6b916b423420a906cd7d7b672a24e976f | |||
| Test Case #3 : Camellia-XCBC-PRF-128 with 20-byte input | Test Case #3 : Camellia-XCBC-PRF-128 with 20-byte input | |||
| Key : 000102030405060708090a0b0c0d0e0fedcb | Key : 000102030405060708090a0b0c0d0e0fedcb | |||
| Key Length : 18 | Key Length : 18 | |||
| Message : 000102030405060708090a0b0c0d0e0f10111213 | Message : 000102030405060708090a0b0c0d0e0f10111213 | |||
| PRF Output : <TBD> | PRF Output : bd75834d3452f9087d1597a87a33bc33b97146369d31940ff57a0ddf2233c1d2 | |||
| 4. Security Considerations | 4. Security Considerations | |||
| At the time of writing this document there are no known weak keys for | At the time of writing this document there are no known weak keys for | |||
| Camellia. And no security problem has been found on Camellia [10], | Camellia. And no security problem has been found on Camellia [10], | |||
| [11] | [11] | |||
| For other security considerations, please refer to the security | For other security considerations, please refer to the security | |||
| considerations of the previous use of XCBC mode document described in | considerations of the previous use of XCBC mode document described in | |||
| [3] and [4]. | [3] and [4]. | |||
| skipping to change at page 12, line 12 ¶ | skipping to change at page 11, line 12 ¶ | |||
| Research and Evaluation Committees", | Research and Evaluation Committees", | |||
| <http://www.ipa.go.jp/security/enc/CRYPTREC/index-e.html>. | <http://www.ipa.go.jp/security/enc/CRYPTREC/index-e.html>. | |||
| Authors' Addresses | Authors' Addresses | |||
| Satoru Kanno | Satoru Kanno | |||
| NTT Software Corporation | NTT Software Corporation | |||
| Phone: +81-45-212-7577 | Phone: +81-45-212-7577 | |||
| Fax: +81-45-212-9800 | Fax: +81-45-212-9800 | |||
| Email: kanno-s@po.ntts.co.jp | Email: kanno.satoru@po.ntts.co.jp | |||
| Akihiro Kato | ||||
| NTT Software Corporation | ||||
| Phone: +81-45-212-7577 | ||||
| Fax: +81-45-212-9800 | ||||
| Email: kato.akihiro@po.ntts.co.jp | ||||
| Masayuki Kanda | Masayuki Kanda | |||
| Nippon Telegraph and Telephone Corporation | NTT | |||
| Phone: +81-422-59-3456 | Phone: +81-422-59-3456 | |||
| Fax: +81-422-59-4015 | Fax: +81-422-59-4015 | |||
| Email: kanda.masayuki@lab.ntt.co.jp | Email: kanda.masayuki@lab.ntt.co.jp | |||
| End of changes. 13 change blocks. | ||||
| 75 lines changed or deleted | 55 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||