Topic: [SOLVED] How to use the AES-GCM mode of operation?

Hi,

I want to use the AES-GCM mode for encryption/decryption. The manual refers to the aesgcm_test() function in <cyassl_root>/ctaocrypt/test/test.c as an example, however it is difficult to understand what the different parameters are in the code as there are no comments.

More specifically, what are the arguments in the following functions supposed to be?

AesGcmSetKey(&enc, k, sizeof(k));
AesGcmEncrypt(&enc, c2, p, sizeof(c2), iv, sizeof(iv), t2, sizeof(t2), a, sizeof(a));
AesGcmDecrypt(&enc, p2, c2, sizeof(p2), iv, sizeof(iv), t2, sizeof(t2), a, sizeof(a));

I guess k is the key and iv is obvious as well. c2, p2 and t2 are ciphertext, plaintext and tag buffers probably (not sure tbh), but what is supposed to be put in p and a? One of these should be for the original plaintext to be encrypted, i think ... but what about the other one? Can anyone please help with a detailed clarification? Thanks.

Share

Re: [SOLVED] How to use the AES-GCM mode of operation?

Hey xkcd, just reading through the aes.h file, they list function declarations:

CYASSL_API int  AesGcmSetKey(Aes* aes, const byte* key, word32 len);
CYASSL_API int  AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
                              const byte* iv, word32 ivSz,
                              byte* authTag, word32 authTagSz,
                              const byte* authIn, word32 authInSz);
CYASSL_API int  AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
                              const byte* iv, word32 ivSz,
                              const byte* authTag, word32 authTagSz,
                              const byte* authIn, word32 authInSz);

Based on their code-style in other functions, it seems like the p parameter (byte*) is used for the length of the output buffer, and the a parameter (byter*) is used for the auth tags.

Share

Re: [SOLVED] How to use the AES-GCM mode of operation?

Hi Vanger,

Thanks for the reply.

I did read through the aes.h file, although your explanation for the p parameter makes sense to me, the a parameter doesn't seem to correspond to auth tags, I think that the t2 parameter does that.

In the function declaration a corresponds to authIn, but I cannot find any explanation anywhere in the manual or code comments that what it is   sad

Share

Re: [SOLVED] How to use the AES-GCM mode of operation?

  • authIn in a pointer to additional plaintext that is to be authenticated with the plaintext being encrypted

  • authTag is a pointer to the authentication tag output

The authTag is the "MAC" authentication tag output for the encrypt function, and it is the "MAC" authentication tag input to authenticate with for the decrypt function. The authIn in both encrypt and decrypt functions is the plaintext that included in the authentication tag with the encrypted data.

In TLS, the authentication tag is the MAC of the plaintext data being encrypted, with the sequence number, TLS record type, TLS record version, and record length.

In the function aesgcm_test(), p is the plain text, a is the additional data to authenticate, c is the expected cipher text, t is the expected authentication tag. t2, p2, c2 are the buffers capturing the output of the encrypt and decrypt functions.

Re: [SOLVED] How to use the AES-GCM mode of operation?

What are you trying to do? Are you trying to encrypt your own data with the cipher or do you want to use an AES-GCM cipher suite with TLS/SSL?

6 (edited by xkcd 2015-01-26 11:18:52)

Re: [SOLVED] How to use the AES-GCM mode of operation?

Hi John,

I am trying to encrypt my own data with integrity, and AES-GCM looked like a better way of doing MAC-then-encrypt ... a bit more abstract at least.

Thanks a lot for the detailed explanation, it all makes sense now to me  smile

Share