[RFC PATCH 2/3] Add API for initializing AEAD modes

Werner Koch wk at gnupg.org
Wed Oct 16 11:25:36 CEST 2013

On Wed, 16 Oct 2013 11:05, jussi.kivilinna at iki.fi said:

> Ok, so we'd have
>   gcry_cipher_authenticate (hd, const void *aadbuf, size_t aadbuflen,
> 			    count void *tag, size_t taglen, size_t crypt_len)
> For encryption, tag is NULL pointer and taglen is zero and after encryption
> authentication tag can be read with 'gcry_cipher_tag'. For decryption, tag
> is given for authentication check with above function.

A last idea: What about two functions

  gcry_cipher_settag ()  -- To be used before decryption
  gcry_cipher_gettag ()  -- to be used after encryption.

gcry_cipher_set_tag would actually look prettier but we already use
setkey and setiv.  Wit these fucntions

  gcry_cipher_authenticate (hd, const void *aadbuf, size_t aadbuflen,
			    size_t crypt_len)

would be pretty easy to describe.  And a very last idea: What about

  gcry_cipher_authenticate to gcry_cipher_setaad




Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gcrypt-devel mailing list