Update call for AES-GMAC

nfabritius · January 17, 2020, 1:56pm

I am looking for a way to iteratively compute an AES-GMAC tag. I understand that GMAC is defined in terms of GCM, i.e., the input consists of Additional Authenticated Data (AAD), an IV and the AES key. The input plaintext (and output ciphertext) have a length of zero.

However, I could not find an update call to provide AAD piece-by-piece. The documentation of the function ‘mbedtls_cipher_update_ad’ states that it is supposed to be called only once, right after ‘mbedtls_cipher_reset’. As I am receiving the data over the network and cannot buffer all of it, I do not have access to the complete AAD at any point.

Does mbedTls provide the capability to compute a GMAC without providing all the AAD upfront?

roneld01 · January 19, 2020, 9:59am

Hi @Norbert,
Thank you for your query!

Unfortunately, Mbed TLS does not supply a way to do a GMAC witout the full AAD upfront.
As you can see in the code, the GMAC is calualted in mbedtls_gcm_starts(), however iv is also processed there, storing it in the state. Calling several times mbedtls_gcm_starts() will result in a differnt result, as the IV should be not be processed after first time.
Regards,
Mbed TLS Support
Ron

Topic		Replies	Views
Mbedtls_gcm_auth_decrypt vs (mbedtls_gcm_starts + mbedtls_gcm_update) Crypto and SSL questions	1	1091	December 20, 2019
MBED TLS - get encryption key from set key Mbed TLS mbed_tls	2	503	December 10, 2019
Upgrade issue from 2.16.0 to 3 Bug Reports / Issues	0	270	March 25, 2022
MBEDTLS AES - AES - GCM mode Crypto and SSL questions	1	2548	July 9, 2019
Performance test Generic	1	656	August 27, 2018

Update call for AES-GMAC

Related topics