AES Galois Counter Mode for the Secure Shell Transport Layer Protocol
RFC 5647
Document | Type |
RFC - Informational
(August 2009; No errata)
Was draft-igoe-secsh-aes-gcm (individual in sec area)
|
|
---|---|---|---|
Authors | Kevin Igoe , Jerome Solinas | ||
Last updated | 2015-10-14 | ||
Stream | Internet Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 5647 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Tim Polk | ||
Send notices to | (None) |
Network Working Group K. Igoe Request for Comments: 5647 J. Solinas Category: Informational National Security Agency August 2009 AES Galois Counter Mode for the Secure Shell Transport Layer Protocol Abstract Secure shell (SSH) is a secure remote-login protocol. SSH provides for algorithms that provide authentication, key agreement, confidentiality, and data-integrity services. The purpose of this document is to show how the AES Galois Counter Mode can be used to provide both confidentiality and data integrity to the SSH Transport Layer Protocol. Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Igoe & Solinas Informational [Page 1] RFC 5647 AES-GCM for Secure Shell August 2009 Table of Contents 1. Introduction ....................................................2 2. Requirements Terminology ........................................2 3. Applicability Statement .........................................3 4. Properties of Galois Counter Mode ...............................3 4.1. AES GCM Authenticated Encryption ...........................3 4.2. AES GCM Authenticated Decryption ...........................3 5. Review of Secure Shell ..........................................4 5.1. Key Exchange ...............................................4 5.2. Secure Shell Binary Packets ................................5 6. AES GCM Algorithms for Secure Shell .............................6 6.1. AEAD_AES_128_GCM ...........................................6 6.2. AEAD_AES_256_GCM ...........................................6 6.3. Size of the Authentication Tag .............................6 7. Processing Binary Packets in AES-GCM Secure Shell ...............7 7.1. IV and Counter Management ..................................7 7.2. Formation of the Binary Packet .............................7 7.3. Treatment of the Packet Length Field .......................8 8. Security Considerations .........................................8 8.1. Use of the Packet Sequence Number in the AT ................8 8.2. Non-Encryption of Packet Length ............................8 9. IANA Considerations .............................................9 10. References ....................................................10 10.1. Normative References .....................................10 1. Introduction Galois Counter Mode (GCM) is a block-cipher mode of operation that provides both confidentiality and data-integrity services. GCM uses counter mode to encrypt the data, an operation that can be efficiently pipelined. Further, GCM authentication uses operations that are particularly well suited to efficient implementation in hardware, making it especially appealing for high-speed implementations or for implementations in an efficient and compact circuit. The purpose of this document is to show how GCM with either AES-128 or AES-256 can be integrated into the Secure Shell Transport Layer Protocol [RFC4253]. 2. Requirements Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. Igoe & Solinas Informational [Page 2] RFC 5647 AES-GCM for Secure Shell August 2009 3. Applicability Statement Using AES-GCM to provide both confidentiality and data integrity is generally more efficient than using two separate algorithms to provide these security services. 4. Properties of Galois Counter Mode Galois Counter Mode (GCM) is a mode of operation for block ciphers that provides both confidentiality and data integrity. National Institute of Standards and Technology (NIST) Special Publication SP 800 38D [GCM] gives an excellent explanation of Galois Counter Mode. In this document, we shall focus on AES GCM, the use of the Advanced Encryption Algorithm (AES) in Galois Counter Mode. AES-GCM is anShow full document text