[Docs] [txt|pdf|xml|html] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02

Network Working Group                                           S. Kanno
Internet-Draft                                  NTT Software Corporation
Intended status: Informational                                  M. Kanda
Expires: August 1, 2011                                              NTT
                                                        January 28, 2011


     Camellia cipher for the Secure Shell Transport Layer Protocol
                     draft-kanno-secsh-camellia-02

Abstract

   Secure shell (SSH) is a secure remote-login protocol.  SSH provides
   for algorithms that provide authentication, key agreement,
   confidentiality, and data-integrity services.  The purpose of this
   document is to specify the Camellia cipher as symmetric encryption
   algorithm for the SSH Transport Layer Protocol.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on August 1, 2011.

Copyright Notice

   Copyright (c) 2011 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as



Kanno & Kanda            Expires August 1, 2011                 [Page 1]


Internet-Draft          Camellia for Secure Shell           January 2011


   described in the Simplified BSD License.


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Encryption . . . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  MAC  . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  5
   4.  Key Exchange . . . . . . . . . . . . . . . . . . . . . . . . .  6
   5.  Security Considerations  . . . . . . . . . . . . . . . . . . .  7
   6.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  8
   7.  References . . . . . . . . . . . . . . . . . . . . . . . . . .  9
     7.1.  Normative  . . . . . . . . . . . . . . . . . . . . . . . .  9
     7.2.  Informative  . . . . . . . . . . . . . . . . . . . . . . .  9
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10




































Kanno & Kanda            Expires August 1, 2011                 [Page 2]


Internet-Draft          Camellia for Secure Shell           January 2011


1.  Introduction

   The SSH protocol [3] can support many different symmetric ciphers as
   encryption methods.

   This document describes the necessary information to use the Camellia
   [1] symmetric cipher in the SSH protocol.

   This document specifies three modes (Cipher Block Chaining (CBC)
   mode, Counter (CTR) mode, and Galois Counter Mode (GCM)) as
   encryption method.








































Kanno & Kanda            Expires August 1, 2011                 [Page 3]


Internet-Draft          Camellia for Secure Shell           January 2011


2.  Encryption

   This document describes the Camellia cipher for use with the SSH
   Transport Protocol.  For the Camellia modes, these specifications
   comply with AES:

         Modes                    Specifications
         ---------------------------------------
         Camellia in CBC mode     RFC4253
         Camellia in CTR mode     RFC4344
         Camellia in GCM mode     RFC5647

   This document describes the following new methods:

         camellia256-cbc        OPTIONAL  Camellia in CBC mode,
                                          with a 256-bit key
         camellia192-cbc        OPTIONAL  Camellia with a 192-bit key
         camellia128-cbc        OPTIONAL  Camellia with a 128-bit key
         camellia256-ctr        OPTIONAL  Camellia in CTR mode,
                                          with 256-bit key
         camellia192-ctr        OPTIONAL  Camellia with a 192-bit key
         camellia128-ctr        OPTIONAL  Camellia with a 128-bit key
         AEAD_CAMELLIA_256_GCM  OPTIONAL  Camellia in GCM mode,
                                          with a 256-bit key
         AEAD_CAMELLIA_128_GCM  OPTIONAL  Camellia with a 128-bit key

   The "camellia256-cbc" cipher is Camellia in CBC mode.  This version
   uses a 256-bit key.  The "camellia192-cbc" cipher is the same as
   above, but with a 192-bit key.  The "camellia128-cbc" cipher is the
   same as above, but with a 128-bit key.

   The "camellia256-ctr" cipher is Camellia in CTR mode.  This version
   uses a 256-bit key.  The "camellia192-ctr" cipher is the same as
   above, but with a 192-bit key.  The "camellia256-ctr" cipher is the
   same as above, but with a 256-bit key.

   The "AEAD_CAMELLIA_256_GCM" is Camellia in GCM mode.  This version
   uses a 256-bit key.  The "AEAD_CAMELLIA_128_GCM" is the same as
   above, but with a 128-bit key.












Kanno & Kanda            Expires August 1, 2011                 [Page 4]


Internet-Draft          Camellia for Secure Shell           January 2011


3.  MAC

   This document describes the Camellia-GCM for use with the SSH
   Transport Protocol as a MAC.  For the MAC of Camellia-GCM, the
   specification comply with AES for GCM mode:

         Modes                    Specification
         --------------------------------------
         Camellia in GCM mode      RFC5647

   This document describes the addition of the following two entities to
   the SSH MAC algorithm names registry described in [2]:

         AEAD_CAMELLIA_256_GCM  OPTIONAL  Camellia in GCM mode,
                                          with a 256-bit key
         AEAD_CAMELLIA_128_GCM  OPTIONAL  Camellia with a 128-bit key

   The "AEAD_CAMELLIA_256_GCM" is Camellia in GCM mode.  This version
   uses a 256-bit key.  The "AEAD_CAMELLIA_128_GCM" is the same as
   above, but with a 128-bit key.































Kanno & Kanda            Expires August 1, 2011                 [Page 5]


Internet-Draft          Camellia for Secure Shell           January 2011


4.  Key Exchange

   The Camellia cipher uses these key exchange protocols as well as AES.
   These key exchange protocols are described in Section 7 of [3],
   Section 5.1 of [6], and Section 4 and 5 of [5].














































Kanno & Kanda            Expires August 1, 2011                 [Page 6]


Internet-Draft          Camellia for Secure Shell           January 2011


5.  Security Considerations

   At the time of writing this document there are no known weak keys for
   Camellia.  And no security problem has been found on Camellia (see
   [7], [8], and [9]).

   For the SSH security considerations, this document refers to Section
   14 of [3], Section 6 of [4], Section 8 of [6], and Section 9 of [5].











































Kanno & Kanda            Expires August 1, 2011                 [Page 7]


Internet-Draft          Camellia for Secure Shell           January 2011


6.  IANA Considerations

   The eight encryption algorithm names are defined in Section 2, and
   the two MAC algorithm names are defined in Section 3.  These names
   request to add to the Secure Shell Encryption Algorithm Name
   registry.













































Kanno & Kanda            Expires August 1, 2011                 [Page 8]


Internet-Draft          Camellia for Secure Shell           January 2011


7.  References

7.1.  Normative

   [1]  Matsui, M., Nakajima, J., and S. Moriai, "A Description of the
        Camellia Encryption Algorithm", RFC 3713, April 2004.

   [2]  Lehtinen, S. and C. Lonvick, "The Secure Shell (SSH) Protocol
        Assigned Numbers", RFC 4250, January 2006.

   [3]  Ylonen, T. and C. Lonvick, "The Secure Shell (SSH) Transport
        Layer Protocol", RFC 4253, January 2006.

   [4]  Bellare, M., Kohno, T., and C. Namprempre, "The Secure Shell
        (SSH) Transport Layer Encryption Modes", RFC 4344, January 2006.

   [5]  Stebila, D. and J. Green, "Elliptic Curve Algorithm Integration
        in the Secure Shell Transport Layer", RFC 5656, December 2009.

   [6]  Igoe, K. and J. Solinas, "AES Galois Counter Mode for the Secure
        Shell Transport Layer Protocol", RFC 5647, August 2009.

   [7]  Mala, H., Shakiba, M., and M. Dakhil-alian, "New Results on
        Impossible Differential Cryptanalysis of Reduced Round Camellia-
        128", November 2009,
        <http://www.springerlink.com/content/e55783u422436g77/>.

7.2.  Informative

   [8]  "The NESSIE project (New European Schemes for Signatures,
        Integrity and Encryption)",
        <http://www.cosic.esat.kuleuven.ac.be/nessie/>.

   [9]  Information-technology Promotion Agency (IPA), "Cryptography
        Research and Evaluation Committees",
        <http://www.ipa.go.jp/security/enc/CRYPTREC/index-e.html>.















Kanno & Kanda            Expires August 1, 2011                 [Page 9]


Internet-Draft          Camellia for Secure Shell           January 2011


Authors' Addresses

   Satoru Kanno
   NTT Software Corporation

   Phone: +81-45-212-9803
   Fax:   +81-45-212-9800
   Email: kanno.satoru@po.ntts.co.jp


   Masayuki Kanda
   NTT

   Phone: +81-422-59-3456
   Fax:   +81-422-59-4015
   Email: kanda.masayuki@lab.ntt.co.jp



































Kanno & Kanda            Expires August 1, 2011                [Page 10]


Html markup produced by rfcmarkup 1.129d, available from https://tools.ietf.org/tools/rfcmarkup/