Re: GCM & CTR

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Mikko Herranen <mikko.herranen@xxxxxxxxxxxxxx> wrote on 10/18/2007 03:22:43 PM:

> Hello,
>
> We've been wondering about a slight compatibility glitch between
> CTR and GCM with Joy Latten. As CTR and GCM are very similar, the
> way to go with GCM is obviously to implement it on top of CTR.
> The problem is that CTR and GCM use different counter portion
> values for the first encrypted plaintext block. (They both start
> at 1 but GCM uses the first value for authentication.)
>
> How to communicate the different value to CTR? The best way seems to be
> to spawn CTR as ctr(alg,0,16) in GCM and pass the contents
> of the entire counter block in the IV. But then the size of the
> counter portion will be set to 0 in CTR. We could modify CTR to
> set the size of the counter portion to blocksize whenever
> ivsize == blocksize. Or we could introduce an additional template
> parameter for specifying the counter portion size. The former is
> the easiest way to go if embedding a bit of GCM-specific code
> inside CTR module is not a problem. Any opinions on this?
>

I think the change to CTR would be simple.
If noncesize + ivsize == blocksize, then use
entire counterblock as counter and pass to
ctr_inc_quad(). Currently, we just fail
if noncesize + ivsize == blocksize.

Let me know if this sounds ok, and I will
code it.

Regards,
Joy


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux