|
From: | Nikos Mavrogiannopoulos |
Subject: | Re: GCM Implementation and TLSCompressed.Length |
Date: | Tue, 18 Oct 2011 15:37:44 +0200 |
User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.21) Gecko/20110831 Icedove/3.1.13 |
On 10/18/2011 01:30 PM, Alfredo Pironti wrote:
Dear Nikos, Thank you very much, that clarified things a lot. I re-read docs in this perspective and things work now (still, I find TLS RFC a bit misleading when citing padding in the AEAD section). Practically, when I have an AEAD ciphertext in GCM mode, I subtract 16 to its length (in bytes), and that's the plaintext length, isn't it?
You have to subtract the AEAD explicit data and the tag (16+8). Check how gnutls does it: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=blob;f=lib/gnutls_cipher.c;h=716b7c9bd261ba7e38ab493ab74d34d839d66244;hb=HEAD#l458 regards, Nikos
[Prev in Thread] | Current Thread | [Next in Thread] |