96bit IV GCM standard

author: Martin Schanzenbach <mschanzenbach@posteo.de> 2020-10-05 14:57:14 +0200
committer: Martin Schanzenbach <mschanzenbach@posteo.de> 2020-10-05 14:57:14 +0200
commit: 6a2f014fba26e886d07bcb0cf4773df1580211ca (patch)
tree: 0c9acf5bf3d9ffcbd54a28d5451d82bada857cfc
parent: 9ad65b295938ad632467be620171be8110e36067 (diff)
download: lsd0001-6a2f014fba26e886d07bcb0cf4773df1580211ca.tar.gz
lsd0001-6a2f014fba26e886d07bcb0cf4773df1580211ca.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index 341e4b1..35d02e7 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -743,14 +743,14 @@ BDATA := C|T = GCM-AES-256(K, IV, RDATA)
 PRK_k := HKDF-Extract ("gns-aes-ctx-key", zk)
 PRK_n := HKDF-Extract ("gns-aes-ctx-iv", zk)
 K := HKDF-Expand (PRK_k, label, 256 / 8);
-IV := HKDF-Expand (PRK_n, label, 128 / 8)
+IV := HKDF-Expand (PRK_n, label, 96 / 8)
 ]]></artwork>
         <t>
           HKDF is a hash-based key derivation function as defined in
           <xref target="RFC5869" />. Specifically, HMAC-SHA512 is used for the
           extraction phase and HMAC-SHA256 for the expansion phase.
           The output keying material is 32 octets (256 bits) for the symmetric
-           key and 16 octets (128 bits) for the IV.
+           key and 12 octets (96 bits) for the IV.
           The symmetric key "K" is a 256-bit AES <xref target="RFC3826" /> key.
         </t>
       </section>
author	Martin Schanzenbach <mschanzenbach@posteo.de>	2020-10-05 14:57:14 +0200
committer	Martin Schanzenbach <mschanzenbach@posteo.de>	2020-10-05 14:57:14 +0200
commit	6a2f014fba26e886d07bcb0cf4773df1580211ca (patch)
tree	0c9acf5bf3d9ffcbd54a28d5451d82bada857cfc
parent	9ad65b295938ad632467be620171be8110e36067 (diff)
download	lsd0001-6a2f014fba26e886d07bcb0cf4773df1580211ca.tar.gz lsd0001-6a2f014fba26e886d07bcb0cf4773df1580211ca.zip

diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 341e4b1..35d02e7 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml
@@ -743,14 +743,14 @@ BDATA := C\|T = GCM-AES-256(K, IV, RDATA)
743	PRK_k := HKDF-Extract ("gns-aes-ctx-key", zk)	743	PRK_k := HKDF-Extract ("gns-aes-ctx-key", zk)
744	PRK_n := HKDF-Extract ("gns-aes-ctx-iv", zk)	744	PRK_n := HKDF-Extract ("gns-aes-ctx-iv", zk)
745	K := HKDF-Expand (PRK_k, label, 256 / 8);	745	K := HKDF-Expand (PRK_k, label, 256 / 8);
746	IV := HKDF-Expand (PRK_n, label, 128 / 8)	746	IV := HKDF-Expand (PRK_n, label, 96 / 8)
747	]]></artwork>	747	]]></artwork>
748	<t>	748	<t>
749	HKDF is a hash-based key derivation function as defined in	749	HKDF is a hash-based key derivation function as defined in
750	<xref target="RFC5869" />. Specifically, HMAC-SHA512 is used for the	750	<xref target="RFC5869" />. Specifically, HMAC-SHA512 is used for the
751	extraction phase and HMAC-SHA256 for the expansion phase.	751	extraction phase and HMAC-SHA256 for the expansion phase.
752	The output keying material is 32 octets (256 bits) for the symmetric	752	The output keying material is 32 octets (256 bits) for the symmetric
753	key and 16 octets (128 bits) for the IV.	753	key and 12 octets (96 bits) for the IV.
754	The symmetric key "K" is a 256-bit AES <xref target="RFC3826" /> key.	754	The symmetric key "K" is a 256-bit AES <xref target="RFC3826" /> key.
755	</t>	755	</t>
756	</section>	756	</section>