[RFC PATCH v2] Initial implementation of GCM
Jussi Kivilinna
jussi.kivilinna at iki.fi
Thu Nov 14 12:45:22 CET 2013
On 13.11.2013 22:22, Dmitry Eremin-Solenikov wrote:
> On 13/11/13 14:13, Jussi Kivilinna wrote:
>> On 13.11.2013 05:42, Stephan Mueller wrote:
>>> Am Montag, 11. November 2013, 16:09:32 schrieb Jussi Kivilinna:
>>>
>>> Hi Jussi,
>>>
>>>> On 11.11.2013 15:02, Dmitry Eremin-Solenikov wrote:
>>>>> Hello,
>>>>>
>>>>> On Mon, Nov 11, 2013 at 4:46 PM, Jussi Kivilinna <jussi.kivilinna at iki.fi>
>>> wrote:
>>>
>>> [..]
>>>
>>>>> I'm unsure about generate_iv/set_iv argument. More on that here:
>>>>> http://thread.gmane.org/gmane.comp.encryption.gpg.libgcrypt.devel/2896/foc
>>>>> us=2897
>>>> How is this handled in other libraries?
>>>
>>> All libraries that undergo or underwent a FIPS 140-2 validation have
>>> appropriate handling here.
>>>
>>> As libgcrypt has a FIPS mode, it looks like FIPS is of importance. If so,
>>> either the handling is implemented or GCM cannot be allowed in FIPS mode.
>>>
>>
>> So if I read that previous mail thread correctly, disabling GCM encryption
>> when setiv is invocate in FIPS mode should be enough. So with current
>> implementation before adding generate_iv API, libgcrypt would in FIPS mode
>> only provide decryption. Something like in the attached patch.
>
> I'm fine with your patch :)
> So if I send you (not to clobber an ML with another big message) the
> proper commit message (or a full patch), we can finally merge this?
Sure.
Also some documentation to doc/gcrypt.texi would be nice.
-Jussi
>
> Werner, is that fine from your point of view?
>
More information about the Gcrypt-devel
mailing list