I’ve got these calls for performing GCM encryption.
But I was wondering what if I want to use internally generated IV?
mbedtls_gcm_context gcm_ctx;
mbedtls_gcm_init( &gcm_ctx );
mbedtls_gcm_setkey( &gcm_ctx, MBEDTLS_CIPHER_ID_AES , params->key, params->keyLength * 8 );
mbedtls_gcm_crypt_and_tag( &gcm_ctx, MBEDTLS_GCM_ENCRYPT, params->dataLength, params->iv, params->ivLength, params->aad, params->aadLength, params->PT, params->CT, params->tagLength, params->tag );
Hi @athorath
Thank you for your question!
I don’t understand your question. What do you mean by internally generated IV? You could use whatever IV you wish, as long as it’s length is according to the library’s limitation, and pass it as parameter to the mbedtls_gcm_crypt_and_tag() API. This IV should be known to the entity that decrypts the data.
Regards,
Mbed TLS Team member
Ron
@roneld01: Sorry, my question was too generic.
In OpenSSL for example, there’s a way where we can tell the library to generate the IVs instead of us passing in a value ( EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)) .
I was wondering if there’s something similar to that in mbedTLS too, something where the library generates the IV by itself based on the IV length we pass in rather us passing the IV.
Hi @athorath
No, there isn’t such an API. However, you can use one of the library’[s DRBG functions to generate the IV, and then use it as input parameter.Regards
Thanks, will do that!