Thoughts on implementing GCM
Brad Hards
bradh at frogmouth.net
Sun Apr 4 11:42:09 CEST 2010
Hi,
I've started looking (again) at NIST 800-38D (Galois Counter Mode). I have a
couple of implementation questions that I'd appreciate some feedback on.
There would appear to be several ways to implement an AEAD, including a whole
new API (i.e. a peer to the existing cipher, md, etc). However I think it
should be possible to implement it within the existing cipher code with a
couple of additional functions - one that adds the additional authenticated
data (A) and one that retrieves the authentication tag (T). Thoughts on this
approach?
I think I may also need to extend struct gcry_cipher_handle. I'd like to store
the hash subkey (H) - not far enough into the implementation to know if I need
anything else. Would a union re-using the ctr[MAX_BLOCKSIZE] space be
preferred, or should I just add new elements?
Thanks for your time.
Brad
More information about the Gcrypt-devel
mailing list