OpenSSL/TLS /AES-GCM IV/Key uniqueness compliance with SP800-38D Section 8

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

OpenSSL/TLS /AES-GCM IV/Key uniqueness compliance with SP800-38D Section 8

Satya Das

All,

 

We are using OpenSSL 1.0.1e/FIPS 2.0.11 on CentOS6 x86_64 and I have a question about the TLS GCM Cipher suites -

 

Do the TLS GCM suites satisfy the requirements of Section 8 of SP 800-38D ?

 

If I am reading the document right, the following are the requirements therein.

 

1)      The probability that the authenticated encryption function ever will be invoked with the same IV and same key on two (or more) distinct sets of input data shall be no greater than 2-32.

2)      Any GCM key that is established among its intended users shall, with high probability, be fresh.

3)      The total number of invocations of the authenticated encryption function shall not exceed 232, including all IV lengths and all instances of the authenticated encryption function with the given key.

 

TIA.

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users