[PATCH 1/2] [v2] Add API to support AEAD cipher modes
dbaryshkov at gmail.com
Sun Oct 20 21:49:20 CEST 2013
On Sun, Oct 20, 2013 at 4:03 PM, Jussi Kivilinna <jussi.kivilinna at iki.fi> wrote:
> - Change gcry_cipher_tag to gcry_cipher_checktag and gcry_cipher_gettag
> for giving tag (checktag) for decryption and reading tag (gettag) after
> - Change gcry_cipher_authenticate to gcry_cipher_setaad, since
> additional parameters needed for some AEAD modes (in this case CCM,
> which needs the length of encrypted data and tag for MAC
I'm quite unsure that we should make this API call _that_ specific.
I would propose to separate _authenticate()/_aad() method for passing
cleartext data and a set of ioctl's (GCRY_CTL_*) that pass additional
depending on selected AEAD mode.
For example, for GCM you don't need to know aadlen/enclen/taglen in advance.
With best wishes
More information about the Gcrypt-devel