Thoughts on implementing GCM

Werner Koch wk at gnupg.org
Tue Apr 6 10:59:31 CEST 2010


On Sun,  4 Apr 2010 11:42, bradh at frogmouth.net said:

> new API (i.e. a peer to the existing cipher, md, etc). However I think it 
> should be possible to implement it within the existing cipher code with a 
> couple of additional functions - one that adds the additional authenticated 
> data (A) and one that retrieves the authentication tag (T). Thoughts on this 
> approach?

That is how I would do it.

> I think I may also need to extend struct gcry_cipher_handle. I'd like to store 
> the hash subkey (H) - not far enough into the implementation to know if I need 
> anything else. Would a union re-using the ctr[MAX_BLOCKSIZE] space be 
> preferred, or should I just add new elements?

For easier readability I think it might be better to add new
elements. Merging them with unused elements can be done at any time
later.

Please don't change gcry_cipher_spec_t but change cipher_extra_spec_t
instead - if you need to do that at all.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gcrypt-devel mailing list