On Fri, Aug 13, 2010 at 09:03 +0200, Andreas Steffen wrote: > Hello Mike, > > according to GCM ESP RFC 4106 > > http://tools.ietf.org/html/rfc4106#section-3 > > esp=aes128gcm16 packs an 8 octet IV in front of > the ciphertext which has the same size as the plaintext > padded to the next 4 octet boundary, followed by > the 16 octet ICV. Since AES-GCM is a stream cipher > the plaintext data does not have to be padded to > a 16 octet block size. Therefore it is normal that the > size of the ciphertext is not a multiple of 16 octets. > > Paragraph 3.2 of RFC 4106 explicitly states: > > Implementations that do not seek to hide the length of the plaintext > SHOULD use the minimum amount of padding required, which will be less > than four octets. > > It might be that OpenBSD is padding up to the next 16 octet boundary, > though. > > Best regards > > Andreas >
Indeed, thank you. Works fine without this check (and I pad it with zeros when pass it to the decryptor). _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
