Camellia project proposal

[Sam Hartman]

>>>>> "Luke" == Luke Howard <lukeh at padl.com> writes:

    >> Luke has previously done an implementation of AES-CCM which could
    >> probably be adapted to the current crypto library and Camellia
    >> without too much effort.  That option would require more careful
    >> theoretical review than a CBC or CTS mode enctype, because of our
    >> lack of familiarity with AEAD modes.  (For instance, I didn't see
    >> any key derivation going on in the aescbc keyhash provider in
    >> Luke's code, and Sam didn't think that was safe.)

    Luke> Do you mean using a separate key for the CBC MAC to that used
    Luke> for encryption? I thought about that, but then we would no
    Luke> longer be compliant with NIST SP800-38C. And I figure NIST
    Luke> know more about cryptography than I.

No, meaning we need to take the key usage into account for the checksum
and the encryption.