[openssl-users] OpenSSL/TLS /AES-GCM IV/Key uniqueness compliance with SP800-38D Section 8

Satya Das satya at attivonetworks.com
Fri May 27 21:20:02 UTC 2016


We are using OpenSSL 1.0.1e/FIPS 2.0.11 on CentOS6 x86_64 and I have a question about the TLS GCM Cipher suites -

Do the TLS GCM suites satisfy the requirements of Section 8 of SP 800-38D ?

If I am reading the document right, the following are the requirements therein.

1)      The probability that the authenticated encryption function ever will be invoked with the same IV and same key on two (or more) distinct sets of input data shall be no greater than 2-32.

2)      Any GCM key that is established among its intended users shall, with high probability, be fresh.

3)      The total number of invocations of the authenticated encryption function shall not exceed 232, including all IV lengths and all instances of the authenticated encryption function with the given key.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160527/1e8683c4/attachment.html>

More information about the openssl-users mailing list