commit 583e83d24cf94e0842014c5e937d3ffacb4c2634
parent b07fac2be3cda8d6687023c36ef3e65e50a9cbf7
Author: Martin Schanzenbach <mschanzenbach@posteo.de>
Date: Mon, 5 Oct 2020 19:37:00 +0200
lengths
Diffstat:
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -727,13 +727,14 @@ SB == R + SHA512(R, zk', M) * A'
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
RDATA := GCM-AES-256(K, IV, BDATA)
-BDATA := C|T = GCM-AES-256(K, IV, RDATA)
+BDATA := GCM-AES-256(K, IV, RDATA) = CIPHERTEXT | GCM_TAG
]]></artwork>
<t>
The result of the GCM encryption function is the encrypted
- ciphertext "C" concatenated with the GCM authentication tag "T".
+ ciphertext concatenated with the 128-bit GCM authentication
+ tag "GCM_TAG".
Accordingly, the length of BDATA equals the length of the
- RDATA plus the length of the GCM authentication tag.
+ RDATA plus the 16 octets of the authentication tag.
</t>
<t>
The key "K" and counter "IV" are derived from
