📝Galois/Counter Mode (GCM) and GMAC

§ Cryptography Block cipher mode of operation
RFC 5288 - AES Galois Counter Mode (GCM) Cipher Suites for TLS
  • Encryption is the same as Counter (CTR) mode but adds Galois field multiplication to compute message authentication code.
  • MAC algorithm

    • encrypt 128 bits of zeros, run through GHASH
    • xor/ghash with non-encrypted AD (Authentication Data) (optional)
    • xor/ghash with ciphertext
    • xor/ghash with concatenated length of AD (64 bit) and Plaintext (64 bit)
    • finally, xor with encrypted initialization vector + counter 0
    • the result is authentication tag
  • GHASH is a multiplication (in Galois Field) by H (= Ek(0128) ) (encrypted zeros)