Thoughts on implementing GCM

Brad Hards bradh at
Sun Apr 4 11:42:09 CEST 2010


I've started looking (again) at NIST 800-38D (Galois Counter Mode). I have a 
couple of implementation questions that I'd appreciate some feedback on.

There would appear to be several ways to implement an AEAD, including a whole 
new API (i.e. a peer to the existing cipher, md, etc). However I think it 
should be possible to implement it within the existing cipher code with a 
couple of additional functions - one that adds the additional authenticated 
data (A) and one that retrieves the authentication tag (T). Thoughts on this 

I think I may also need to extend struct gcry_cipher_handle. I'd like to store 
the hash subkey (H) - not far enough into the implementation to know if I need 
anything else. Would a union re-using the ctr[MAX_BLOCKSIZE] space be 
preferred, or should I just add new elements?

Thanks for your time.


More information about the Gcrypt-devel mailing list