From db44f3e7b6779e8238a5d801c8f35041ad9baabb Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Wed, 29 Jun 2022 13:22:18 +0100
Subject: Add support for getting/setting GCM authentication tag (fixes #115)

---
 doc/luaossl.pdf | Bin 182982 -> 333327 bytes
 doc/luaossl.tex |   8 ++++++++
 2 files changed, 8 insertions(+)

(limited to 'doc')

diff --git a/doc/luaossl.pdf b/doc/luaossl.pdf
index b7a09dc..b8a0e27 100644
Binary files a/doc/luaossl.pdf and b/doc/luaossl.pdf differ
diff --git a/doc/luaossl.tex b/doc/luaossl.tex
index efc6422..df5626a 100644
--- a/doc/luaossl.tex
+++ b/doc/luaossl.tex
@@ -1485,6 +1485,14 @@ Update the cipher instance with the specified string(s). Returns a string on suc
 
 Update the cipher with the specified string(s). Returns the final output string on success, or nil and an error message on failure. The returned string may be empty if all blocks have already been flushed in prior \fn{:update} calls.
 
+\subsubsection[\fn{cipher:getTag}]{\fn{cipher:getTag($len$)}}
+
+Returns the authentication tag for the ciphertext (GCM ciphers only) as a binary string. This method can only be called when encrypting data, and must be called after all data has been processed (i.e. after calling \fn{:final()}).
+
+\subsubsection[\fn{cipher:setTag}]{\fn{cipher:setTag($tag$)}}
+
+Sets the provided binary string as the expected authentication tag for the forthcoming ciphertext (GCM ciphers only). This method can only be called when decrypting data, and must be called before \fn{:final()} to ensure the ciphertext integrity can be verified successfully.
+
 \end{Module}
 
 
-- 
cgit v1.2.3-59-g8ed1b