| < draft-kato-ipsec-ciph-camellia-00.txt | draft-kato-ipsec-ciph-camellia-01.txt > | |||
|---|---|---|---|---|
| Network Working Group | Network Working Group | |||
| Internet Draft A. Kato | Internet Draft A. Kato | |||
| January 2005 NTT Software Corporation | March 2005 NTT Software Corporation | |||
| Expiration Date: June 2005 S. Moriai | Expiration Date: June 2005 S. Moriai | |||
| Sony Computer Entertainment Inc. | Sony Computer Entertainment Inc. | |||
| M. Kanda | M. Kanda | |||
| Nippon Telegraph and Telephone Corporation | Nippon Telegraph and Telephone Corporation | |||
| January 2005 | March 2005 | |||
| The Camellia Cipher Algorithm and Its Use With IPsec | The Camellia Cipher Algorithm and Its Use With IPsec | |||
| <draft-kato-ipsec-ciph-camellia-00.txt> | <draft-kato-ipsec-ciph-camellia-01.txt> | |||
| Status of this Memo | Status of this Memo | |||
| This document is an Internet-Draft and is subject to all provisions | This document is an Internet-Draft and is subject to all provisions | |||
| of section 3 of RFC 3667. By submitting this Internet-Draft, each | of section 3 of RFC 3667. By submitting this Internet-Draft, each | |||
| author represents that any applicable patent or other IPR claims of | author represents that any applicable patent or other IPR claims of | |||
| which he or she is aware have been or will be disclosed, and any of | which he or she is aware have been or will be disclosed, and any of | |||
| which he or she become aware will be disclosed, in accordance with | which he or she become aware will be disclosed, in accordance with | |||
| RFC 3668. | RFC 3668. | |||
| skipping to change at page 2, line 32 ¶ | skipping to change at page 2, line 32 ¶ | |||
| Camellia was also designed to have suitability for both software | Camellia was also designed to have suitability for both software | |||
| and hardware implementations and to cover all possible encryption | and hardware implementations and to cover all possible encryption | |||
| applications that range from low-cost smart cards to high-speed | applications that range from low-cost smart cards to high-speed | |||
| network systems. Compared to the AES, Camellia offers at least | network systems. Compared to the AES, Camellia offers at least | |||
| comparable encryption speed in software and hardware. Camellia has a | comparable encryption speed in software and hardware. Camellia has a | |||
| Feistel structure, which is different from AES. It is rich for the | Feistel structure, which is different from AES. It is rich for the | |||
| IPsec community that has block cipher in which was well verified by | IPsec community that has block cipher in which was well verified by | |||
| the cryptographic expert with another structure. In addition, a | the cryptographic expert with another structure. In addition, a | |||
| distinguishing feature is its small hardware design. | distinguishing feature is its small hardware design. | |||
| Camellia perfectly meets one of the current IPsec market | ||||
| requirements, where low power consumption is a mandatory | ||||
| condition. | ||||
| The remainder of this document specifies the use of Camellia within | ||||
| the context of IPsec ESP. For further information on how the various | ||||
| pieces of ESP fit together to provide security services, please refer | ||||
| to [ARCH], [ESP], and [ROAD]. | ||||
| The Camellia homepage, http://info.isl.ntt.co.jp/camellia/, | The Camellia homepage, http://info.isl.ntt.co.jp/camellia/, | |||
| contains a wealth of information about camellia, including | contains a wealth of information about camellia, including | |||
| detailed specification, security analysis, performance figures, | detailed specification, security analysis, performance figures, | |||
| reference implementation, test vectors, and intellectual property | reference implementation, test vectors, and intellectual property | |||
| information. | information. | |||
| The remainder of this document specifies the use of Camellia within | ||||
| the context of IPsec ESP. For further information on how the various | ||||
| pieces of ESP fit together to provide security services, please refer | ||||
| to [ARCH], [ESP], and [ROAD]. | ||||
| 1.1. Specification of Requirements | 1.1. Specification of Requirements | |||
| The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" that | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" that | |||
| appear in this document are to be interpreted as described in | appear in this document are to be interpreted as described in | |||
| [RFC-2119]. | [RFC-2119]. | |||
| 2. The Camellia Cipher Algorithm | 2. The Camellia Cipher Algorithm | |||
| All symmetric block cipher algorithms share common characteristics | All symmetric block cipher algorithms share common characteristics | |||
| skipping to change at page 3, line 8 ¶ | skipping to change at page 3, line 4 ¶ | |||
| [RFC-2119]. | [RFC-2119]. | |||
| 2. The Camellia Cipher Algorithm | 2. The Camellia Cipher Algorithm | |||
| All symmetric block cipher algorithms share common characteristics | All symmetric block cipher algorithms share common characteristics | |||
| and variables, including mode, key size, weak keys, block size, and | and variables, including mode, key size, weak keys, block size, and | |||
| rounds. The following sections contain descriptions of the relevant | rounds. The following sections contain descriptions of the relevant | |||
| characteristics of Camellia. | characteristics of Camellia. | |||
| The algorithm specification and object identifiers are described in | The algorithm specification and object identifiers are described in | |||
| [Camellia-Desc]. | [Camellia-Desc]. | |||
| 2.1. Mode | 2.1. Mode | |||
| NIST has defined 5 modes of operation for AES and other FIPS-approved | NIST has defined 5 modes of operation for AES and other FIPS-approved | |||
| ciphers [MODES]: CBC (Cipher Block Chaining), ECB (Electronic | ciphers [SP800-38a]: CBC (Cipher Block Chaining), ECB (Electronic | |||
| CodeBook), CFB (Cipher FeedBack), OFB (Output FeedBack) and CTR | CodeBook), CFB (Cipher FeedBack), OFB (Output FeedBack) and CTR | |||
| (Counter). The CBC mode is well defined and well understood for | (Counter). The CBC mode is well defined and well understood for | |||
| symmetric ciphers, and is currently required for all other ESP | symmetric ciphers, and is currently required for all other ESP | |||
| ciphers. This document specifies the use of the Camellia cipher in | ciphers. This document specifies the use of the Camellia cipher in | |||
| CBC mode within ESP. This mode requires an Initialization Vector | CBC mode within ESP. This mode requires an Initialization Vector | |||
| (IV) that is the same size as the block size. Use of a randomly | (IV) that is the same size as the block size. Use of a randomly | |||
| generated IV prevents generation of identical cipher text from | generated IV prevents generation of identical cipher text from | |||
| packets, which have identical data that spans the first block of the | packets, which have identical data that spans the first block of the | |||
| cipher algorithm's block size. | cipher algorithm's block size. | |||
| The IV is XOR'd with the first plaintext block before it is | The CBC IV is XOR'd with the first plaintext block before it is | |||
| encrypted. Then for successive blocks, the previous cipher text | encrypted. Then for successive blocks, the previous cipher text | |||
| block is XOR'd with the current plain text, before it is encrypted. | block is XOR'd with the current plain text, before it is encrypted. | |||
| More information on CBC mode can be obtained in [MODES, CRYPTO-S]. | More information on CBC mode can be obtained in [MODES, CRYPTO-S]. | |||
| For the use of CBC mode in ESP with 64-bit ciphers, please see [CBC]. | For the use of CBC mode in ESP with 64-bit ciphers, please see [CBC]. | |||
| 2.2. Key Size | 2.2. Key Size | |||
| Camellia supports three key sizes: 128 bits, 192 bits, and 256 bits. | Camellia supports three key sizes: 128 bits, 192 bits, and 256 bits. | |||
| The default key size is 128 bits, and all implementations MUST | The default key size is 128 bits, and all implementations MUST | |||
| skipping to change at page 5, line 6 ¶ | skipping to change at page 4, line 55 ¶ | |||
| Currently, there are no known issues regarding interactions between | Currently, there are no known issues regarding interactions between | |||
| the Camellia and other aspects of ESP, such as use of certain | the Camellia and other aspects of ESP, such as use of certain | |||
| authentication schemes. | authentication schemes. | |||
| 3.2. Keying Material | 3.2. Keying Material | |||
| The minimum number of bits sent from the key exchange protocol to the | The minimum number of bits sent from the key exchange protocol to the | |||
| ESP algorithm must be greater than or equal to the key size. | ESP algorithm must be greater than or equal to the key size. | |||
| The cipher's encryption and decryption key is taken from the first | The cipher's encryption and decryption key is taken from the first | |||
| <x> bits of the keying material, where <x> represents the required | 128, 192, or 256 bits of the keying material. | |||
| key size. | ||||
| 4. Interaction with IKE | 4. Interaction with IKE | |||
| Camellia was designed to follow the same API as the AES cipher. | Camellia was designed to follow the same API as the AES cipher. | |||
| Therefore, this section defines only Phase 1 Identifier and Phase 2 | Therefore, this section defines only Phase 1 Identifier and Phase 2 | |||
| Identifier. Any other consideration related to interaction with IKE | Identifier. Any other consideration related to interaction with IKE | |||
| is the same as that of the AES cipher. Details can be found in | is the same as that of the AES cipher. Details can be found in | |||
| [AES-IPSEC]. | [AES-IPSEC]. | |||
| 4.1. Phase 1 Identifier | 4.1. Phase 1 Identifier | |||
| For Phase 1 negotiations, IANA has assigned an Encryption Algorithm | For Phase 1 negotiations, IANA has assigned an Encryption Algorithm | |||
| ID of (TBD1) for CAMELLIA-CBC. | ID of (TBD1) for CAMELLIA-CBC. | |||
| skipping to change at page 6, line 39 ¶ | skipping to change at page 6, line 35 ¶ | |||
| 0-471-12845-7. | 0-471-12845-7. | |||
| [CRYPTREC] Information-technology Promotion Agency (IPA), Japan, | [CRYPTREC] Information-technology Promotion Agency (IPA), Japan, | |||
| CRYPTREC. | CRYPTREC. | |||
| http://www.ipa.go.jp/security/enc/CRYPTREC/ | http://www.ipa.go.jp/security/enc/CRYPTREC/ | |||
| index-e.html. | index-e.html. | |||
| [IKE] Harkins, D. and D. Carrel, "The Internet Key Exchange | [IKE] Harkins, D. and D. Carrel, "The Internet Key Exchange | |||
| (IKE)", RFC 2409, November 1998. | (IKE)", RFC 2409, November 1998. | |||
| [MODES] Symmetric Key Block Cipher Modes of Operation, | [SP800-38a] Dworkin, M., "Recommendation for Block Cipher Modes of | |||
| http://www.nist.gov/modes/. | Operation - Methods and Techniques", NIST Special | |||
| Publication 800-38A, December 2001. | ||||
| [NESSIE] The NESSIE project (New European Schemes for | [NESSIE] The NESSIE project (New European Schemes for | |||
| Signatures, Integrity and Encryption), | Signatures, Integrity and Encryption), | |||
| http://www.cosic.esat.kuleuven.ac.be/nessie/. | http://www.cosic.esat.kuleuven.ac.be/nessie/. | |||
| [ROAD] Thayer, R., N. Doraswamy and R. Glenn, "IP Security | [ROAD] Thayer, R., N. Doraswamy and R. Glenn, "IP Security | |||
| Document Roadmap", RFC 2411, November 1998. | Document Roadmap", RFC 2411, November 1998. | |||
| [RFC-2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC-2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", RFC-2119, March 1997. | Requirement Levels", RFC-2119, March 1997. | |||
| End of changes. 11 change blocks. | ||||
| 19 lines changed or deleted | 15 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||