Topic: AES GCM :How to get authentication vector and tag for decryption

Hi,

I am testing encryption/decryption using AES GCM. In encryption side I took sample authentication vector and authentication tag is generated. I have following doubts.

1) can assign any size for authentication vector and authentication tag?

2) I have to decrypt data in other side , How can share authentication vector and authentication tag into other side for decryption?

3)Need to change authentication vector every time like IV?

Thanks

Share

Re: AES GCM :How to get authentication vector and tag for decryption

Hi @sreerajsreez7658,

Thank you so much for reaching out to wolfSSL support. You are asking some pretty advanced questions about the use of GCM, can you share details about what it is you are working on and what the product is and will do? If you can not share on the public forum this would be a good candidate to send to our support [at] wolfssl [dot] com domain.

Just a high-level overview:

wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,     
                                       const byte* iv, word32 ivSz,               
                                       byte* authTag, word32 authTagSz,           
                                       const byte* authIn, word32 authInSz)

A call to AesGcmEncrypt might look like this:

wc_AesGcmEncrypt( aes, out,  in,  inSz, iv, ivSz,               
                              authTag, authTagSz,           
                              authIn, authInSz);

The authTag is computed by the algorithm and is an OUTPUT.

In 99.9% of use-cases authIn is not set or ever used.

The only time authIn is used is when GCM is used like a block cipher and the authTag OUTPUT from a previous call is passed BACK in as an INPUT so it can be updated in subsequent calls.

I am not sure what you mean when you say "authentication vector" unless you are referring to the authIn I mentioned above which is not typically set (IE its' set to NULL and the length is 0 in most cases and always on the first call to GCM Encrypt or Decrypt).

Warm Regards,

K

3 (edited by sreerajsreez7658 2020-06-05 07:46:11)

Re: AES GCM :How to get authentication vector and tag for decryption

Hi Kaleb,


Thank you for your replay.
I have some  doubt regarding IV also. I am working on BLE. I need to make encrypted data transfer. I did encryption using

wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,     
                                       const byte* iv, word32 ivSz,               
                                       byte* authTag, word32 authTagSz,           
                                       const byte* authIn, word32 authInSz)

Here i genatated IV randomly  every time.


In decryption side, IV also used for decryption.

wc_AesGcmEncrypt( aes, out,  in,  inSz, iv, ivSz,               
                              authTag, authTagSz,           
                              authIn, authInSz);

how to get IV in decryption side. is it need to  send IV with encrypted data?


Thanks
Sree

Share

Re: AES GCM :How to get authentication vector and tag for decryption

can you share details about what it is you are working on and what the product is and will do? If you can not share on the public forum this would be a good candidate to send to our support [at] wolfssl [dot] com domain.

Re: AES GCM :How to get authentication vector and tag for decryption

Hi


I am working on Bluetooth application. I required encrypted data transfer between two BLE device. For this purpose, I used DH for key exchange and AES for encryption/decryption.   I have doubt in parameter iv in encryption/decryption API.

Is iv need to send other side for decryption for every time?. otherwise  how to get iv in decryption part? If I sent iv with encrypted data, is it secure?

Thanks

Share

Re: AES GCM :How to get authentication vector and tag for decryption

Some useful reading:

https://whatis.techtarget.com/definitio … -vector-IV

...The ideal IV is a random number that is made known to the destination computer to facilitate decryption of the data when it is received. The IV can be agreed on in advance, transmitted independently or included as part of the session setup prior to exchange of the message data. The length of the IV (the number of bits or bytes it contains) depends on the method of encryption. The IV length is usually comparable to the length of the encryption key or block of the cipher in use...

https://security.stackexchange.com/ques … encryption

... Knowing the IV doesn't get an attacker anywhere, because the IV is only there to ensure non-equality of ciphertexts. The secret key is what protects the actual data...

- KH