AAD length with AES cipher

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

AAD length with AES cipher

Vijay Singh

It seems that the library uses 13 bytes of AAD data. Is this per-spec? The reason I am asking is that the new Intel AESNI APIs that provide HW support seem to require AAD as a multiple of 4 bytes, and 0 padding the AAD changes the computed auth value.

Any insights are much appreciated.

-vijay


_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: AAD length with AES cipher

Benjamin Kaduk
On 10/23/2015 01:38 PM, Vijay Singh wrote:

It seems that the library uses 13 bytes of AAD data. Is this per-spec? The reason I am asking is that the new Intel AESNI APIs that provide HW support seem to require AAD as a multiple of 4 bytes, and 0 padding the AAD changes the computed auth value.


Sorry, is the claim that the authentication tag is 13 bytes, or that some portion of the codebase is supplying additional authenticated data of length 13 bytes, or something else?  OpenSSL does make use of the AESNI APIs for GCM, so it is not clear where you are observing this seemingly incompatible behavior.

Any insights are much appreciated.



That will be difficult without better pointers to what behavior your are observing.

-Ben Kaduk

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev