Update call for AES-GMAC

I am looking for a way to iteratively compute an AES-GMAC tag. I understand that GMAC is defined in terms of GCM, i.e., the input consists of Additional Authenticated Data (AAD), an IV and the AES key. The input plaintext (and output ciphertext) have a length of zero.

However, I could not find an update call to provide AAD piece-by-piece. The documentation of the function ‘mbedtls_cipher_update_ad’ states that it is supposed to be called only once, right after ‘mbedtls_cipher_reset’. As I am receiving the data over the network and cannot buffer all of it, I do not have access to the complete AAD at any point.

Does mbedTls provide the capability to compute a GMAC without providing all the AAD upfront?

Hi @Norbert,
Thank you for your query!

Unfortunately, Mbed TLS does not supply a way to do a GMAC witout the full AAD upfront.
As you can see in the code, the GMAC is calualted in mbedtls_gcm_starts(), however iv is also processed there, storing it in the state. Calling several times mbedtls_gcm_starts() will result in a differnt result, as the IV should be not be processed after first time.
Mbed TLS Support