GCM Processing

GCM processing is made up of three phases:

  1. 1.Processing the Additional Authenticated Data (AAD), hash computation only.
  2. 2.Processing the Ciphertext (C), hash computation + ciphering/deciphering.
  3. 3.Generating the Tag using length of AAD, length of C and J0 (refer to NIST documentation for details).

The Tag generation can be done either automatically, after the end of AAD/C processing if AES_MR.GTAGEN is set, or manually using AES_GHASHRx.GHASH (see subsections Processing a Complete Message with Tag Generation and Manual GCM Tag Generation for details).

Parent topic: Galois/Counter Mode (GCM)