[PATCH 1/2] [v2] Add API to support AEAD cipher modes
jussi.kivilinna at iki.fi
Mon Oct 21 12:30:10 CEST 2013
On 20.10.2013 22:49, Dmitry Eremin-Solenikov wrote:
> On Sun, Oct 20, 2013 at 4:03 PM, Jussi Kivilinna <jussi.kivilinna at iki.fi> wrote:
>> - Change gcry_cipher_tag to gcry_cipher_checktag and gcry_cipher_gettag
>> for giving tag (checktag) for decryption and reading tag (gettag) after
>> - Change gcry_cipher_authenticate to gcry_cipher_setaad, since
>> additional parameters needed for some AEAD modes (in this case CCM,
>> which needs the length of encrypted data and tag for MAC
> I'm quite unsure that we should make this API call _that_ specific.
> I would propose to separate _authenticate()/_aad() method for passing
> cleartext data and a set of ioctl's (GCRY_CTL_*) that pass additional
> depending on selected AEAD mode.
Ok, I changed API back to _authenticate() and added GCRYCTL_SET_CCM_PARAMS
CCM patch. Looks better now and another benefit is that now AAD can be passed
in multiple as calls to _authenticate.
> For example, for GCM you don't need to know aadlen/enclen/taglen in advance.
More information about the Gcrypt-devel