[PATCH 1/2] [v2] Add API to support AEAD cipher modes

Dmitry Eremin-Solenikov dbaryshkov at gmail.com
Sun Oct 20 21:49:20 CEST 2013


On Sun, Oct 20, 2013 at 4:03 PM, Jussi Kivilinna <jussi.kivilinna at iki.fi> wrote:
>  - Change gcry_cipher_tag to gcry_cipher_checktag and gcry_cipher_gettag
>    for giving tag (checktag) for decryption and reading tag (gettag) after
>    encryption.
>  - Change gcry_cipher_authenticate to gcry_cipher_setaad, since
>    additional parameters needed for some AEAD modes (in this case CCM,
>    which needs the length of encrypted data and tag for MAC
>    initialization).

I'm quite unsure that we should make this API call _that_ specific.
I would propose to separate _authenticate()/_aad() method for passing
cleartext data and a set of ioctl's (GCRY_CTL_*) that pass additional
depending on selected AEAD mode.

For example, for GCM you don't need to know aadlen/enclen/taglen in advance.

With best wishes

More information about the Gcrypt-devel mailing list