1 (edited by cgwydir 2024-08-22 21:45:28)

Topic: AES GCM block processing - can I do it using existing WolfSSL APIs?

Greetings - 

I wish encrypt smaller AES GCM "chunks" for the same reason described in this thread:
https://www.wolfssl.com/forums/topic126 … ption.html

I wish to encrypt data in smaller chunks/blocks, using an "init", "update", "update", "final" Java-style API that provides the data in blocks, rather than encrypting all the data in one WolfSSL API call.

Question:  Is encrypting smaller chunks/blocks of data possible with the existing WolfSSL AES GCM APIs?

I found this explanation in another WolfSSL forum append that made it seem possible:
"authIn - input authentication vector The only time authIn is used is when GCM is used like a block cipher and the authTag OUTPUT from a previous call is passed BACK in as an INPUT so it can be updated in subsequent calls."

I attempted using AES GCM as a block cipher, employing the stmt above and the WolfSSL AES GCM decrypt function returned -180 (bad tag).
Do I need to adjust the IV (or some counter?) on each WolfSSL AES GCM encrypt call in this case?  Is this scenario even possible?

Thank you for any help that can be provided,
Craig Gwydir

Share

Re: AES GCM block processing - can I do it using existing WolfSSL APIs?

Hello Craig,

Great question.  Since the forum post you linked, we have implemented a set of APIs for AES-GCM streaming which provides exactly what you're looking for.
Check out our example here: https://github.com/wolfSSL/wolfssl-exam … -encrypt.c  Build instructions here: https://github.com/wolfSSL/wolfssl-exam … crypto/aes
Note that you will need to build with --enable-aesgcm-stream to enable this feature.

Thanks,
Kareem

Share

3 (edited by cgwydir 2024-08-23 11:47:46)

Re: AES GCM block processing - can I do it using existing WolfSSL APIs?

Greetings Kareem -

Perfect!  Thank you for this very helpful and informative reply.

My customer is using wolfSSL 3.15.5 (yes, old).

Question:  Do you (roughly) know when these wolfSSL AES GCM streaming APIs were implemented?

Thanks for your help!

Regards,
CraigG

Share

Re: AES GCM block processing - can I do it using existing WolfSSL APIs?

Answering my own question:

The AES GCM stream feature appeared in wolfSSL v4.8.0

https://github.com/wolfSSL/wolfssl/blob … angeLog.md

Regards,
CraigG

Share