Dr. Hensen, If, for instance, a key in the NIST test vector is:
Key = 84ff9a8772815b929d55f6052c0354cf3e02bcc8336fcfe5794952b4c45d5d96 What byte is the LSB (0x96?) and which is the MSB (0x84?)? - David ________________________________________ From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson [st...@openssl.org] Sent: Friday, May 18, 2012 10:17 AM To: openssl-users@openssl.org Subject: Re: AES-GCM Gives Wrong Tag Value? On Fri, May 18, 2012, Li, David wrote: > Hi Experts, > > First time I am using AES-GCM mode to run the NIST test vectors. The API is: > > void AES_gcm128_encrypt(GCM128_CONTEXT *ctx, > const unsigned char *in, unsigned char *out, > size_t len) > > > After initialization and encryption, my cipher text matched the one from NIST > vector but tag value didn't. I obtained the tag value by: > > Unsigned char tag[16]; > memcpy(tag, ctx.Xi.c, 16); > > Anyone can think of a reason what might have gone wrong? > Don't use the low level APIs: use EVP instead. There is program fips/aes/fips_gcmtest.c which has already been put through the FIPS 140-2 validation tests on a number of platforms. That uses the special FIPS api but it isn't hard to see the equivalent functions for "normal" EVP. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majordomo@openssl.org______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
