GCM Implementation and TLSCompressed.Length

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Oct 18 15:37:44 CEST 2011


On 10/18/2011 01:30 PM, Alfredo Pironti wrote:
> Dear Nikos,
>
> Thank you very much, that clarified things a lot. I re-read docs in
> this perspective and things work now (still, I find TLS RFC a bit
> misleading when citing padding in the AEAD section).
>
> Practically, when I have an AEAD ciphertext in GCM mode, I subtract 16
> to its length (in bytes), and that's the plaintext length, isn't it?

You have to subtract the AEAD explicit data and the tag (16+8).

Check how gnutls does it:

http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=blob;f=lib/gnutls_cipher.c;h=716b7c9bd261ba7e38ab493ab74d34d839d66244;hb=HEAD#l458


regards,
Nikos




More information about the Gnutls-help mailing list