AES GCM mode using wrong SALT size #46
Assignees
Comments
jfigus
pushed a commit
that referenced
this issue
Apr 8, 2014
…er SALT length. The master SALT should be 96 bits instead of 112 bits. Note, GCM mode uses the legacy CTR mode for the KDF. The legagacy CTR mode cipher implementations assume a 112 bit SALT. Changes to the cipher abstraction layer API are required to provide the ability to specify the SALT length. For now this commit modifies the SRTP layer to ensure the SALT is zero-appended before initializing the KDF. This commit also provides public definitions for the GCM cipher suite master key sizes to avoid confusion for application developers.
|
The fix has been committed to master |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The Master SALT for GCM mode should be 96 bits. Currently the GCM mode uses the same SALT_SIZE directive as ICM mode, which is set to a value of 14 (112 bits). As a result, the values derived from the KDF are wrong. Additionally, applications that use GCM mode are required to provide 30 bytes of key/salt material, where only 28 bytes should be required.
The text was updated successfully, but these errors were encountered: