Topic: AES GCM - purpose of "authIn"

Hi there,

I'm looking to test some code using AES GCM and I can't quite understand what the purpose of the "authIn" parameter to the functions "AesGcmEncrypt" and "AesGcmDecrypt" is?
(seen here: … a000fe43a1 )

My understanding of AES GCM is that it can produce an authentication tag (the "authTag" parameter in the above functions) during the encryption/decryption which acts as a hash of sorts to verify that the encrypted data hasn't been modified- if the authentication tag produced during encryption doesn't match the authentication tag produced during decryption, then the data has been tampered with.

I'm wondering where exactly the authentication vector "authIn" fits into this process, and if it is necessary?
What are the consequences for security if it is used incorrectly?

If it is in fact necessary, then is there a best practice for generating such a vector?
And lastly, is there a best practice for using the vector properly so as not to violate the security of a network transaction, eg: is it safe to make the authentication vector public across the transaction similar to the initialisation vector, or should it be protected from observers?

Many thanks


Re: AES GCM - purpose of "authIn"

Hi conallanoc,

The "authIn" is the AAD (additional authenticated data). Its extra data that can be included for the authentication tag generated. On an encrypt the "authTag" is generated and on decrypt you provide the value and the tag is compared after decryption to ensure integrity of the data.

Here is a NIST document for AES GCM test vectors: … /gcmvs.pdf

David Garske, wolfSSL