(Here's a copy of a message I posted yesterday on the 'wrong' crypto list. Sorry for any inconvenience this may have caused to those who were cc'd.) Hello, We've been wondering about a slight compatibility glitch between CTR and GCM with Joy Latten. As CTR and GCM are very similar, the way to go with GCM is obviously to implement it on top of CTR. The problem is that CTR and GCM use different counter portion values for the first encrypted plaintext block. (They both start at 1 but GCM uses the first value for authentication.) How to communicate the different value to CTR? The best way seems to be to spawn CTR as ctr(alg,0,16) in GCM and pass the contents of the entire counter block in the IV. But then the size of the counter portion will be set to 0 in CTR. We could modify CTR to set the size of the counter portion to blocksize whenever ivsize == blocksize. Or we could introduce an additional template parameter for specifying the counter portion size. The former is the easiest way to go if embedding a bit of GCM-specific code inside CTR module is not a problem. Any opinions on this? -- Mikko Herranen - To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
