I am looking for a way to iteratively compute an AES-GMAC tag. I understand that GMAC is defined in terms of GCM, i.e., the input consists of Additional Authenticated Data (AAD), an IV and the AES key. The input plaintext (and output ciphertext) have a length of zero.
However, I could not find an update call to provide AAD piece-by-piece. The documentation of the function ‘mbedtls_cipher_update_ad’ states that it is supposed to be called only once, right after ‘mbedtls_cipher_reset’. As I am receiving the data over the network and cannot buffer all of it, I do not have access to the complete AAD at any point.
Does mbedTls provide the capability to compute a GMAC without providing all the AAD upfront?