Fix off-by-one in P_MAX and A_MAX

cfrg / draft-irtf-cfrg-aegis-aead

Specification for the AEGIS family of authenticated encryption algorithms.

https://cfrg.github.io/draft-irtf-cfrg-aegis-aead/draft-irtf-cfrg-aegis-aead.html

Other

10 stars 2 forks source link

Fix off-by-one in P_MAX and A_MAX #46

Closed jedisct1 closed 1 month ago

jedisct1 commented 1 month ago

Spotted by @Yawning, thanks!

Fixes #45

Yawning commented 1 month ago

No problem.

The AEGIS-256 description also has the issue, so one more place to update.

https://github.com/cfrg/draft-irtf-cfrg-aegis-aead/blob/9cccd938bb387ca9f643d438b2b139a073b3bc8a/draft-irtf-cfrg-aegis-aead.md?plain=1#L698-L701

jedisct1 commented 1 month ago

/cc @samuel-lucas6

Yawning commented 1 month ago

Shouldn't length MUST be less than P_MAX and length MUST be less than A_MAX (in Section 3.1 and 4.1) still be changed? Otherwise, the maximum is technically 261 - 2 bytes.

If I'm right about that, length MUST be less than C_MAX and length MUST be less than A_MAX should also be changed in Section 3.2 and 4.2.

Ah, yes. That's right.

Unrelated, thanks for the nice spec, I've been working on implementing 128L and 256, and it's been easy to do.

jedisct1 commented 1 month ago

Good catch, @samuel-lucas6 !