draft-ietf-smime-camellia-02.txt   draft-ietf-smime-camellia-03.txt 
S/MIME Working Group S. Moriai S/MIME Working Group S. Moriai
Internet Draft NTT Corporation Internet Draft NTT Corporation
Expiration Date: September 2003 A. Kato Document: draft-ietf-smime-camellia-03.txt A. Kato
NTT Software Corporation Expires: October 2003 NTT Software Corporation
March 2003 April 2003
Use of the Camellia Encryption Algorithm in CMS Use of the Camellia Encryption Algorithm in CMS
<draft-ietf-smime-camellia-02.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 38 skipping to change at page 1, line 36
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Comments or suggestions for improvement may be made on the Comments or suggestions for improvement may be made on the
"ietf-smime" mailing list, or directly to the author. "ietf-smime" mailing list, or directly to the author.
Abstract Abstract
This document specifies the conventions for using the Camellia
This document specifies how to incorporate the Camellia encryption encryption algorithm for encryption with the Cryptographic
algorithm into the S/MIME Cryptographic Message Syntax (CMS) as an Message Syntax (CMS).
additional algorithm for symmetric encryption. The relevant object
identifiers (OIDs) and processing steps are provided so that
Camellia may be used in the CMS specification (RFC 3369, RFC 3370)
for content and key encryption.
The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD
NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document (in
uppercase, as shown) are to be interpreted as described in
[RFC2119].
1. Introduction 1. Introduction
This document specifies the conventions for using the Camellia This document specifies the conventions for using the Camellia
encryption algorithm [CamelliaSpec][CamelliaID] for encryption with encryption algorithm [CamelliaSpec][CamelliaID] for encryption with
the Cryptographic Message Syntax (CMS) [CMS]. the Cryptographic Message Syntax (CMS) [CMS]. The relevant object
identifiers (OIDs) and processing steps are provided so that
CMS values are generated using ASN.1 (X.208-88), using the Basic Camellia may be used in the CMS specification (RFC 3369, RFC 3370)
Encoding Rules (BER) (X.209-88) and the Distinguished Encoding Rules for content and key encryption.
(DER) (X.509-88).
1.1 Camellia 1.1 Camellia
Camellia was jointly developed by Nippon Telegraph and Telephone Camellia was jointly developed by Nippon Telegraph and Telephone
Corporation and Mitsubishi Electric Corporation in 2000. Camellia Corporation and Mitsubishi Electric Corporation in 2000. Camellia
specifies the 128-bit block size and 128-, 192-, and 256-bit key specifies the 128-bit block size and 128-, 192-, and 256-bit key
sizes, the same interface as the Advanced Encryption Standard (AES). sizes, the same interface as the Advanced Encryption Standard (AES).
Camellia is characterized by its suitability for both software and Camellia is characterized by its suitability for both software and
hardware implementations as well as its high level of security. hardware implementations as well as its high level of security.
From a practical viewpoint, it is designed to enable flexibility in From a practical viewpoint, it is designed to enable flexibility in
software and hardware implementations on 32-bit processors widely software and hardware implementations on 32-bit processors widely
used over the Internet and many applications, 8-bit processors used used over the Internet and many applications, 8-bit processors used
in smart cards, cryptographic hardware, embedded systems, and so on in smart cards, cryptographic hardware, embedded systems, and so on
[CamelliaTech]. Moreover, its key setup time is excellent, and its [CamelliaTech]. Moreover, its key setup time is excellent, and its
key agility is superior to that of AES. key agility is superior to that of AES.
Camellia has been scrutinized by the wide cryptographic community Camellia has been scrutinized by the wide cryptographic community
skipping to change at page 2, line 33 skipping to change at page 2, line 23
Camellia has been scrutinized by the wide cryptographic community Camellia has been scrutinized by the wide cryptographic community
during several projects for evaluating crypto algorithms. In during several projects for evaluating crypto algorithms. In
particular, Camellia was selected as a recommended cryptographic particular, Camellia was selected as a recommended cryptographic
primitive by the EU NESSIE (New European Schemes for Signatures, primitive by the EU NESSIE (New European Schemes for Signatures,
Integrity and Encryption) project [NESSIE] and also included in the Integrity and Encryption) project [NESSIE] and also included in the
list of cryptographic techniques for Japanese e-Government systems list of cryptographic techniques for Japanese e-Government systems
which are selected by the Japan CRYPTREC (Cryptography Research and which are selected by the Japan CRYPTREC (Cryptography Research and
Evaluation Committees) [CRYPTREC]. Evaluation Committees) [CRYPTREC].
1.2 Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD
NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document (in
uppercase, as shown) are to be interpreted as described in
[RFC2119].
2. Object Identifiers for Content and Key Encryption 2. Object Identifiers for Content and Key Encryption
This section provides the OIDs and processing information necessary This section provides the OIDs and processing information necessary
for Camellia to be used for content and key encryption in CMS. for Camellia to be used for content and key encryption in CMS.
Camellia is added to the set of optional symmetric encryption Camellia is added to the set of optional symmetric encryption
algorithms in CMS by providing two classes of unique object algorithms in CMS by providing two classes of unique object
identifiers (OIDs). One OID class defines the content encryption identifiers (OIDs). One OID class defines the content encryption
algorithms and the other defines the key encryption algorithms. algorithms and the other defines the key encryption algorithms.
Thus a CMS agent can apply Camellia either for content or key Thus a CMS agent can apply Camellia either for content or key
skipping to change at page 3, line 49 skipping to change at page 3, line 46
{ iso(1) member-body(2) 392 200011 61 security(1) { iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) key-wrap-algorithm(3) algorithm(1) key-wrap-algorithm(3)
camellia192-wrap(3) } camellia192-wrap(3) }
id-camellia256-wrap OBJECT IDENTIFIER ::= id-camellia256-wrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1) { iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) key-wrap-algorithm(3) algorithm(1) key-wrap-algorithm(3)
camellia256-wrap(4) } camellia256-wrap(4) }
In all cases the parameters field of AlgorithmIdentifier MUST be In all cases the parameters field of AlgorithmIdentifier MUST be
absent, because the key wrapping procedure itself defines how and ABSENT, because the key wrapping procedure itself defines how and
when to use an IV. The OID gives the KEK key size, but does not when to use an IV. The OID gives the KEK key size, but does not
make any statements as to the size of the wrapped Camellia CEK. make any statements as to the size of the wrapped Camellia CEK.
Implementations MAY use different KEK and CEK sizes. Implements Implementations MAY use different KEK and CEK sizes. Implements
MUST support the CEK and the KEK having the same length. If MUST support the CEK and the KEK having the same length. If
different lengths are supported, the KEK MUST be of equal or greater different lengths are supported, the KEK MUST be of equal or greater
length than the CEK. length than the CEK.
3. Key Wrap Algorithm 3. Key Wrap Algorithm
Camellia key wrapping and unwrapping is done in conformance with the Camellia key wrapping and unwrapping is done in conformance with the
skipping to change at page 10, line 15 skipping to change at page 10, line 10
[RFC2633] Ramsdell, B., Editor. S/MIME Version 3 Message [RFC2633] Ramsdell, B., Editor. S/MIME Version 3 Message
Specification. RFC 2633. June 1999. Specification. RFC 2633. June 1999.
[RFC3394] J. Schaad and R. Housley, "Advanced Encryption Standard [RFC3394] J. Schaad and R. Housley, "Advanced Encryption Standard
(AES) Key Wrap Algorithm", RFC 3394, September 2002. (AES) Key Wrap Algorithm", RFC 3394, September 2002.
Authors' Address Authors' Address
Shiho Moriai Shiho Moriai
Nippon Telegraph and Telephone Corporation Nippon Telegraph and Telephone Corporation
Phone: +81-468-59-2007 Phone: +81-46-859-2007
FAX: +81-468-59-3858 FAX: +81-46-859-3858
Email: shiho@isl.ntt.co.jp Email: camellia@isl.ntt.co.jp
Akihiro Kato Akihiro Kato
NTT Software Corporation NTT Software Corporation
Phone: +81-45-212-7404 Phone: +81-45-212-7404
FAX: +81-45-212-7410 FAX: +81-45-212-7410
Email: akato@po.ntts.co.jp Email: akato@po.ntts.co.jp
Appendix A ASN.1 Module Appendix A ASN.1 Module
CamelliaEncryptionAlgorithmInCMS
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs9(9) smime(16) modules(0) id-mod-cms-camellia(23) }
DEFINITIONS IMPLICIT TAGS ::= DEFINITIONS IMPLICIT TAGS ::=
BEGIN BEGIN
-- Camellia using CBC-chaining mode for key sizes of 128, 192, 256 -- Camellia using CBC-chaining mode for key sizes of 128, 192, 256
id-camellia128-cbc OBJECT IDENTIFIER ::= id-camellia128-cbc OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1) { iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) symmetric-encryption-algorithm(1) algorithm(1) symmetric-encryption-algorithm(1)
camellia128-cbc(2) } camellia128-cbc(2) }
skipping to change at page 10, line 56 skipping to change at page 10, line 55
-- Camellia-IV is a the parameter for all the above object identifiers. -- Camellia-IV is a the parameter for all the above object identifiers.
Camellia-IV ::= OCTET STRING (SIZE(16)) Camellia-IV ::= OCTET STRING (SIZE(16))
-- Camellia S/MIME Capabilty parameter for all the above object -- Camellia S/MIME Capabilty parameter for all the above object
-- identifiers. -- identifiers.
CamelliaSMimeCapability ::= NULL CamelliaSMimeCapability ::= NULL
-- Camellia Key Wrap Algorithm identifiers - Parameter is absent.
id-camellia128-wrap OBJECT IDENTIFIER ::= id-camellia128-wrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1) { iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) key-wrap-algorithm(3) algorithm(1) key-wrap-algorithm(3)
camellia128-wrap(2) } camellia128-wrap(2) }
id-camellia192-wrap OBJECT IDENTIFIER ::= id-camellia192-wrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1) { iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) key-wrap-algorithm(3) algorithm(1) key-wrap-algorithm(3)
camellia192-wrap(3) } camellia192-wrap(3) }
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/