I’ve got these calls for performing GCM encryption.
But I was wondering what if I want to use internally generated IV?
mbedtls_gcm_init( &gcm_ctx );
mbedtls_gcm_setkey( &gcm_ctx, MBEDTLS_CIPHER_ID_AES , params->key, params->keyLength * 8 );
mbedtls_gcm_crypt_and_tag( &gcm_ctx, MBEDTLS_GCM_ENCRYPT, params->dataLength, params->iv, params->ivLength, params->aad, params->aadLength, params->PT, params->CT, params->tagLength, params->tag );
Thank you for your question!
I don’t understand your question. What do you mean by internally generated IV? You could use whatever IV you wish, as long as it’s length is according to the library’s limitation, and pass it as parameter to the
mbedtls_gcm_crypt_and_tag() API. This IV should be known to the entity that decrypts the data.
Mbed TLS Team member
@roneld01: Sorry, my question was too generic.
In OpenSSL for example, there’s a way where we can tell the library to generate the IVs instead of us passing in a value (
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)) .
I was wondering if there’s something similar to that in mbedTLS too, something where the library generates the IV by itself based on the IV length we pass in rather us passing the IV.
No, there isn’t such an API. However, you can use one of the library’[s DRBG functions to generate the IV, and then use it as input parameter.Regards