| Gilles Peskine | 7f312c8 | 2021-05-20 11:51:46 +0200 | [diff] [blame] | 1 | GCM interface changes: impact for alternative implementations |
| 2 | ------------------------------------------------------------- |
| 3 | |
| 4 | The GCM multipart interface has changed as described in [“GCM multipart interface: application changes”](#gcm-multipart-interface:-application-changes). The consequences for an alternative implementation of GCM (`MBEDTLS_GCM_ALT`) are as follows: |
| 5 | |
| 6 | * `mbedtls_gcm_starts()` now only sets the mode and the nonce (IV). The new function `mbedtls_gcm_update_ad()` receives the associated data. It may be called multiple times. |
| 7 | * `mbedtls_gcm_update()` now allows arbitrary-length inputs, takes an extra parameter to indicate the actual output length. Alternative implementations may choose between two modes: |
| 8 | * Always return the partial output immediately, even if it does not consist of a whole number of blocks. |
| 9 | * Buffer the data for the last partial block, to be returned in the next call to `mbedtls_gcm_update()` or `mbedtls_gcm_finish()`. |
| 10 | * `mbedtls_gcm_finish()` now takes an extra output buffer for the last partial block if needed. |