< draft-kato-ipsec-ciph-camellia-00.txt   draft-kato-ipsec-ciph-camellia-01.txt >
Network Working Group Network Working Group
Internet Draft A. Kato Internet Draft A. Kato
January 2005 NTT Software Corporation March 2005 NTT Software Corporation
Expiration Date: June 2005 S. Moriai Expiration Date: June 2005 S. Moriai
Sony Computer Entertainment Inc. Sony Computer Entertainment Inc.
M. Kanda M. Kanda
Nippon Telegraph and Telephone Corporation Nippon Telegraph and Telephone Corporation
January 2005 March 2005
The Camellia Cipher Algorithm and Its Use With IPsec The Camellia Cipher Algorithm and Its Use With IPsec
<draft-kato-ipsec-ciph-camellia-00.txt> <draft-kato-ipsec-ciph-camellia-01.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is subject to all provisions This document is an Internet-Draft and is subject to all provisions
of section 3 of RFC 3667. By submitting this Internet-Draft, each of section 3 of RFC 3667. By submitting this Internet-Draft, each
author represents that any applicable patent or other IPR claims of author represents that any applicable patent or other IPR claims of
which he or she is aware have been or will be disclosed, and any of which he or she is aware have been or will be disclosed, and any of
which he or she become aware will be disclosed, in accordance with which he or she become aware will be disclosed, in accordance with
RFC 3668. RFC 3668.
skipping to change at page 2, line 32 skipping to change at page 2, line 32
Camellia was also designed to have suitability for both software Camellia was also designed to have suitability for both software
and hardware implementations and to cover all possible encryption and hardware implementations and to cover all possible encryption
applications that range from low-cost smart cards to high-speed applications that range from low-cost smart cards to high-speed
network systems. Compared to the AES, Camellia offers at least network systems. Compared to the AES, Camellia offers at least
comparable encryption speed in software and hardware. Camellia has a comparable encryption speed in software and hardware. Camellia has a
Feistel structure, which is different from AES. It is rich for the Feistel structure, which is different from AES. It is rich for the
IPsec community that has block cipher in which was well verified by IPsec community that has block cipher in which was well verified by
the cryptographic expert with another structure. In addition, a the cryptographic expert with another structure. In addition, a
distinguishing feature is its small hardware design. distinguishing feature is its small hardware design.
Camellia perfectly meets one of the current IPsec market
requirements, where low power consumption is a mandatory
condition.
The remainder of this document specifies the use of Camellia within
the context of IPsec ESP. For further information on how the various
pieces of ESP fit together to provide security services, please refer
to [ARCH], [ESP], and [ROAD].
The Camellia homepage, http://info.isl.ntt.co.jp/camellia/, The Camellia homepage, http://info.isl.ntt.co.jp/camellia/,
contains a wealth of information about camellia, including contains a wealth of information about camellia, including
detailed specification, security analysis, performance figures, detailed specification, security analysis, performance figures,
reference implementation, test vectors, and intellectual property reference implementation, test vectors, and intellectual property
information. information.
The remainder of this document specifies the use of Camellia within
the context of IPsec ESP. For further information on how the various
pieces of ESP fit together to provide security services, please refer
to [ARCH], [ESP], and [ROAD].
1.1. Specification of Requirements 1.1. Specification of Requirements
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" that "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" that
appear in this document are to be interpreted as described in appear in this document are to be interpreted as described in
[RFC-2119]. [RFC-2119].
2. The Camellia Cipher Algorithm 2. The Camellia Cipher Algorithm
All symmetric block cipher algorithms share common characteristics All symmetric block cipher algorithms share common characteristics
skipping to change at page 3, line 8 skipping to change at page 3, line 4
[RFC-2119]. [RFC-2119].
2. The Camellia Cipher Algorithm 2. The Camellia Cipher Algorithm
All symmetric block cipher algorithms share common characteristics All symmetric block cipher algorithms share common characteristics
and variables, including mode, key size, weak keys, block size, and and variables, including mode, key size, weak keys, block size, and
rounds. The following sections contain descriptions of the relevant rounds. The following sections contain descriptions of the relevant
characteristics of Camellia. characteristics of Camellia.
The algorithm specification and object identifiers are described in The algorithm specification and object identifiers are described in
[Camellia-Desc]. [Camellia-Desc].
2.1. Mode 2.1. Mode
NIST has defined 5 modes of operation for AES and other FIPS-approved NIST has defined 5 modes of operation for AES and other FIPS-approved
ciphers [MODES]: CBC (Cipher Block Chaining), ECB (Electronic ciphers [SP800-38a]: CBC (Cipher Block Chaining), ECB (Electronic
CodeBook), CFB (Cipher FeedBack), OFB (Output FeedBack) and CTR CodeBook), CFB (Cipher FeedBack), OFB (Output FeedBack) and CTR
(Counter). The CBC mode is well defined and well understood for (Counter). The CBC mode is well defined and well understood for
symmetric ciphers, and is currently required for all other ESP symmetric ciphers, and is currently required for all other ESP
ciphers. This document specifies the use of the Camellia cipher in ciphers. This document specifies the use of the Camellia cipher in
CBC mode within ESP. This mode requires an Initialization Vector CBC mode within ESP. This mode requires an Initialization Vector
(IV) that is the same size as the block size. Use of a randomly (IV) that is the same size as the block size. Use of a randomly
generated IV prevents generation of identical cipher text from generated IV prevents generation of identical cipher text from
packets, which have identical data that spans the first block of the packets, which have identical data that spans the first block of the
cipher algorithm's block size. cipher algorithm's block size.
The IV is XOR'd with the first plaintext block before it is The CBC IV is XOR'd with the first plaintext block before it is
encrypted. Then for successive blocks, the previous cipher text encrypted. Then for successive blocks, the previous cipher text
block is XOR'd with the current plain text, before it is encrypted. block is XOR'd with the current plain text, before it is encrypted.
More information on CBC mode can be obtained in [MODES, CRYPTO-S]. More information on CBC mode can be obtained in [MODES, CRYPTO-S].
For the use of CBC mode in ESP with 64-bit ciphers, please see [CBC]. For the use of CBC mode in ESP with 64-bit ciphers, please see [CBC].
2.2. Key Size 2.2. Key Size
Camellia supports three key sizes: 128 bits, 192 bits, and 256 bits. Camellia supports three key sizes: 128 bits, 192 bits, and 256 bits.
The default key size is 128 bits, and all implementations MUST The default key size is 128 bits, and all implementations MUST
skipping to change at page 5, line 6 skipping to change at page 4, line 55
Currently, there are no known issues regarding interactions between Currently, there are no known issues regarding interactions between
the Camellia and other aspects of ESP, such as use of certain the Camellia and other aspects of ESP, such as use of certain
authentication schemes. authentication schemes.
3.2. Keying Material 3.2. Keying Material
The minimum number of bits sent from the key exchange protocol to the The minimum number of bits sent from the key exchange protocol to the
ESP algorithm must be greater than or equal to the key size. ESP algorithm must be greater than or equal to the key size.
The cipher's encryption and decryption key is taken from the first The cipher's encryption and decryption key is taken from the first
<x> bits of the keying material, where <x> represents the required 128, 192, or 256 bits of the keying material.
key size.
4. Interaction with IKE 4. Interaction with IKE
Camellia was designed to follow the same API as the AES cipher. Camellia was designed to follow the same API as the AES cipher.
Therefore, this section defines only Phase 1 Identifier and Phase 2 Therefore, this section defines only Phase 1 Identifier and Phase 2
Identifier. Any other consideration related to interaction with IKE Identifier. Any other consideration related to interaction with IKE
is the same as that of the AES cipher. Details can be found in is the same as that of the AES cipher. Details can be found in
[AES-IPSEC]. [AES-IPSEC].
4.1. Phase 1 Identifier 4.1. Phase 1 Identifier
For Phase 1 negotiations, IANA has assigned an Encryption Algorithm For Phase 1 negotiations, IANA has assigned an Encryption Algorithm
ID of (TBD1) for CAMELLIA-CBC. ID of (TBD1) for CAMELLIA-CBC.
skipping to change at page 6, line 39 skipping to change at page 6, line 35
0-471-12845-7. 0-471-12845-7.
[CRYPTREC] Information-technology Promotion Agency (IPA), Japan, [CRYPTREC] Information-technology Promotion Agency (IPA), Japan,
CRYPTREC. CRYPTREC.
http://www.ipa.go.jp/security/enc/CRYPTREC/ http://www.ipa.go.jp/security/enc/CRYPTREC/
index-e.html. index-e.html.
[IKE] Harkins, D. and D. Carrel, "The Internet Key Exchange [IKE] Harkins, D. and D. Carrel, "The Internet Key Exchange
(IKE)", RFC 2409, November 1998. (IKE)", RFC 2409, November 1998.
[MODES] Symmetric Key Block Cipher Modes of Operation, [SP800-38a] Dworkin, M., "Recommendation for Block Cipher Modes of
http://www.nist.gov/modes/. Operation - Methods and Techniques", NIST Special
Publication 800-38A, December 2001.
[NESSIE] The NESSIE project (New European Schemes for [NESSIE] The NESSIE project (New European Schemes for
Signatures, Integrity and Encryption), Signatures, Integrity and Encryption),
http://www.cosic.esat.kuleuven.ac.be/nessie/. http://www.cosic.esat.kuleuven.ac.be/nessie/.
[ROAD] Thayer, R., N. Doraswamy and R. Glenn, "IP Security [ROAD] Thayer, R., N. Doraswamy and R. Glenn, "IP Security
Document Roadmap", RFC 2411, November 1998. Document Roadmap", RFC 2411, November 1998.
[RFC-2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC-2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", RFC-2119, March 1997. Requirement Levels", RFC-2119, March 1997.
 End of changes. 11 change blocks. 
19 lines changed or deleted 15 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/