variable iv lengths for aes-gcm

variable iv lengths for aes-gcm

[Ambarus Tudor-Dan-B38632]

Hi Herbert,

I'm trying to find a method to pass IVs of various lengths to an 
algorithm. A particular case would be aes-gcm IV. It can have any number 
of bits between 1 and 2^64.

A possible way to do this is to set the ivlen per request. Are there any 
(better) ways to do this?

Thanks,
ta

Re: variable iv lengths for aes-gcm

[Herbert Xu]

On Thu, Jun 18, 2015 at 10:43:18AM +0300, Ambarus Tudor-Dan-B38632 wrote:
> 
> I'm trying to find a method to pass IVs of various lengths to an
> algorithm. A particular case would be aes-gcm IV. It can have any
> number of bits between 1 and 2^64.
> 
> A possible way to do this is to set the ivlen per request. Are there
> any (better) ways to do this?

Why would you want do this apart from the fact that your hardware
supports it and you want to export this?

Using a long IV is fundamentally insecure because all GCM will do
is hash it and there is nothing that can guarantee uniquenes of the
hash result.

You might as well just pull out a random number and use that as your
IV.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: variable iv lengths for aes-gcm

[Ambarus Tudor-Dan-B38632]

On 6/18/2015 11:07 AM, Herbert Xu wrote:
> On Thu, Jun 18, 2015 at 10:43:18AM +0300, Ambarus Tudor-Dan-B38632 wrote:
>>
>> I'm trying to find a method to pass IVs of various lengths to an
>> algorithm. A particular case would be aes-gcm IV. It can have any
>> number of bits between 1 and 2^64.
>>
>> A possible way to do this is to set the ivlen per request. Are there
>> any (better) ways to do this?
>
> Why would you want do this apart from the fact that your hardware
> supports it and you want to export this?
>

The reason is to cover a wide range of applications. Your question also 
applies to the gcm NIST publication.

Users may want to use a crypto module that meets the requirements of 
FIPS Pub. for various applications that use variable lengths for IV.

ta

Re: variable iv lengths for aes-gcm

[Herbert Xu]

On Thu, Jun 18, 2015 at 12:44:06PM +0300, Ambarus Tudor-Dan-B38632 wrote:
>
> The reason is to cover a wide range of applications. Your question
> also applies to the gcm NIST publication.
> 
> Users may want to use a crypto module that meets the requirements of
> FIPS Pub. for various applications that use variable lengths for IV.

What are these applications?

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt