RFC 5116, "An Interface and Algorithms for Authenticated Encryption", January 2008Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec
Errata ID: 5233
Publication Format(s) : TEXT
Reported By: Lars Maier
Date Reported: 2018-01-10
Section 5.3 says:
An AEAD_AES_128_CCM ciphertext is exactly 16 octets longer than its corresponding plaintext.
It should say:
An AEAD_AES_128_CCM ciphertext is exactly 2 octets longer than its corresponding plaintext.
As described in NIST SP 800-38c the length of the MAC is given in bits. The algorithm specified therein at 6.2 returns a string of PLen + TLen bits.