commit 6a2f014fba26e886d07bcb0cf4773df1580211ca
parent 9ad65b295938ad632467be620171be8110e36067
Author: Martin Schanzenbach <mschanzenbach@posteo.de>
Date: Mon, 5 Oct 2020 14:57:14 +0200
96bit IV GCM standard
Diffstat:
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -743,14 +743,14 @@ BDATA := C|T = GCM-AES-256(K, IV, RDATA)
PRK_k := HKDF-Extract ("gns-aes-ctx-key", zk)
PRK_n := HKDF-Extract ("gns-aes-ctx-iv", zk)
K := HKDF-Expand (PRK_k, label, 256 / 8);
-IV := HKDF-Expand (PRK_n, label, 128 / 8)
+IV := HKDF-Expand (PRK_n, label, 96 / 8)
]]></artwork>
<t>
HKDF is a hash-based key derivation function as defined in
<xref target="RFC5869" />. Specifically, HMAC-SHA512 is used for the
extraction phase and HMAC-SHA256 for the expansion phase.
The output keying material is 32 octets (256 bits) for the symmetric
- key and 16 octets (128 bits) for the IV.
+ key and 12 octets (96 bits) for the IV.
The symmetric key "K" is a 256-bit AES <xref target="RFC3826" /> key.
</t>
</section>
