[PATCH 1/2] [v2] Add API to support AEAD cipher modes

Jussi Kivilinna jussi.kivilinna at iki.fi
Mon Oct 21 12:30:10 CEST 2013

On 20.10.2013 22:49, Dmitry Eremin-Solenikov wrote:
> Hello,
> On Sun, Oct 20, 2013 at 4:03 PM, Jussi Kivilinna <jussi.kivilinna at iki.fi> wrote:
>>  - Change gcry_cipher_tag to gcry_cipher_checktag and gcry_cipher_gettag
>>    for giving tag (checktag) for decryption and reading tag (gettag) after
>>    encryption.
>>  - Change gcry_cipher_authenticate to gcry_cipher_setaad, since
>>    additional parameters needed for some AEAD modes (in this case CCM,
>>    which needs the length of encrypted data and tag for MAC
>>    initialization).
> I'm quite unsure that we should make this API call _that_ specific.
> I would propose to separate _authenticate()/_aad() method for passing
> cleartext data and a set of ioctl's (GCRY_CTL_*) that pass additional
> information
> depending on selected AEAD mode.

Ok, I changed API back to _authenticate() and added GCRYCTL_SET_CCM_PARAMS
CCM patch. Looks better now and another benefit is that now AAD can be passed
in multiple as calls to _authenticate.


> For example, for GCM you don't need to know aadlen/enclen/taglen in advance.

More information about the Gcrypt-devel mailing list