2

According to the specification of RFC 4764, contents in EAP's third message and fourth message are required to be encrypted by AES-128 in EAX mode (also called protected channel).

In RFC 4764, the length of ciphertext is as the same as the length of plaintext. However, the test vectors in The EAX Mode of Operation show that the ciphertext must be longer than the plaintext.

Therefore, what happens in RFC 4764?

Community
  • 1
Ryan
  • 21
  • 1

1 Answers1

3

In RFC 4764, the ciphertext does not include the authentication tag created by EAX (which is treated separately); you can see this in figure 1, where they show the ciphertext (of length L) and the tag separately.

In contrast, the test vectors do include the authentication tag, and that additional length make the ciphertexts look longer.

poncho
  • 154,064
  • 12
  • 239
  • 382