DragonFly BSD
DragonFly kernel List (threaded) for 2012-07
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]


From: Alex Hornung <ahornung@xxxxxxxxx>
Date: Thu, 19 Jul 2012 09:14:07 +0100


On 17/07/12 16:29, Chris Rogers wrote:
> My understanding of GCM and GMAC was that GMAC was an authentication
> only variant of GCM, and thus they were mutually exclusive.  But, it
> looks like the rest of the function will never execute if GMAC isn't
> chosen as the mode of encryption.  Does this mean that GCM uses GMAC as
> part of its standard encryption process, or is the encryption for GCM
> only implemented somewhere else?  Any help on this matter would be
> greatly appreciated.

GMAC is just a special case of GCM where the plaintext has zero length,
and the whole input is in the AAD.

GCM encryption is implemented via transforms (xforms) in our opencrypto.
it is effectively a special case of AES CTR, as the other bits that are
distinct from CTR (the galois field arithmetic that ends up providing
authentication) are implemented in our GMAC implementation.

So yes, in other words our GCM uses AES CTR combined with GMAC
underneath, resulting, effectively, in GCM.


[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]