GCM ciphertext + tag ambiguity

The GCM mode returns two outputs, a ciphertext and an authentication tag.   As I read the current spec, the only output from GCM is the CryptoOperation.result ArrayBufferView.  It seems like there's a need to do one of the following:

(1) Define how the ciphertext and tag are packed into the result ArrayBufferView, or
(2) Define separate fields to hold the ciphertext and tag

For simplicity, I have a slight preference for (1), simply concatenating the two (result = ciphertext || tag).  Actually, I would be OK if we got rid of tagLength and always just returned the full tag.  That would be compatible with RFC 5116, and applications could always truncate the tag if they want it shorter.

Either way, it seems like we need to resolve the ambiguity.

--Richard

Received on Thursday, 18 April 2013 01:01:08 UTC