[RFC 2/2] FIXME: initial implementation of GCM
Stephan Mueller
smueller at chronox.de
Fri Aug 2 16:10:54 CEST 2013
Am Freitag, 2. August 2013, 11:14:15 schrieb Dmitry Eremin-Solenikov:
Hi Dmitry,
>+void
>+_gcry_cipher_gcm_setiv (gcry_cipher_hd_t c,
>+ const byte *iv, unsigned int ivlen)
>+{
The IV handling in GCM is a special beast. SP800-38D section 8.2 defines
exactly two ways how IVs are to be constructed. The current
implementation seems to leave that issue to the caller. However, a
caller may not understand that there is a specific requirement on how to
set up the IV.
In case this implementation shall get through a successful FIPS 140-2
validation, meeting SP800-38D section 8.2 (meeting either one or both of
the outlined construction types is fine) is mandatory.
Ciao
Stephan
--
| Cui bono? |
More information about the Gcrypt-devel
mailing list