yackermann
commented
1 year ago Working on it. New build tomorrow.
Closed Sai-Anudeep47 closed 1 year ago
yackermann
commented
1 year ago Working on it. New build tomorrow.
yackermann
commented
1 year ago Addressed
GeofCooper
commented
1 year ago We traced the requirement that the AAD IV cannot be zero, or any predictable value: See reference to:
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf
8. Uniqueness Requirement on IVs and Keys
The IVs in GCM must fulfill the following “uniqueness” requirement:
The probability that the authenticated encryption function ever will be invoked with the
same IV and the same key on two (or more) distinct sets of input data shall be no greater
than 2-32.
Compliance with this requirement is crucial to the security of GCM. Across all instances of the
authenticated encryption function with a given key, if even one IV is ever repeated, then the
implementation may be vulnerable to the forgery attacks that are described in Ref [5] and
summarized in Appendix A. In practice, this requirement is almost as important as the secrecy
of the key. This document is referenced as authoritative by IETF, and is also referenced in the FDO specification.
GeofCooper
commented
1 year ago Reopening, we don't think this is addressed yet, if you do, please provide more evidence.
To simplify issue resolution process, please provide network logs, and or test voucher. to2_msg65_decrypt_fail_add_log.txt
What part of the spec are you testing?
What protocol are having issue with?
Issue description