[RFC 2/2] FIXME: initial implementation of GCM

Stephan Mueller smueller at chronox.de
Fri Aug 2 16:53:29 CEST 2013


Am Freitag, 2. August 2013, 11:14:15 schrieb Dmitry Eremin-Solenikov:

Hi Dmitry,


>+void
>+_gcry_cipher_gcm_setiv (gcry_cipher_hd_t c,
>+                        const byte *iv, unsigned int ivlen)
>+{

The IV handling in GCM is a special beast. SP800-38D section 8.2 defines 
exactly two ways how IVs are to be constructed. The current 
implementation seems to leave that issue to the caller. However, a 
caller may not understand that there is a specific requirement on how to 
set up the IV.

In case this implementation shall get through a successful FIPS 140-2 
validation, meeting SP800-38D section 8.2 (meeting either one or both of 
the outlined construction types is fine) is mandatory.

Ciao
Stephan

-- 
| Cui bono? |



More information about the Gcrypt-devel mailing list