Fix off-by-one in P_MAX and A_MAX

[jedisct1]

Spotted by @Yawning, thanks!

Fixes #45

[Yawning]

No problem.

The AEGIS-256 description also has the issue, so one more place to update.

draft-irtf-cfrg-aegis-aead/draft-irtf-cfrg-aegis-aead.md

Lines 698 to 701 in 9cccd93

	- `P_MAX` (maximum length of the plaintext) is 2<sup>61</sup> bytes (2<sup>64</sup> bits).
	- `A_MAX` (maximum length of the associated data) is 2<sup>61</sup> bytes (2<sup>64</sup> bits).
	- `N_MIN` (minimum nonce length) = `N_MAX` (maximum nonce length) = 32 bytes (256 bits).
	- `C_MAX` (maximum ciphertext length) = `P_MAX` + tag length = 2<sup>61</sup> + 16 or 32 bytes (2<sup>64</sup> + 128 or 256 bits).

[jedisct1]

/cc @samuel-lucas6

[samuel-lucas6]

Shouldn't length MUST be less than P_MAX and length MUST be less than A_MAX (in Section 3.1 and 4.1) still be changed? Otherwise, the maximum is technically 2⁶¹ - 2 bytes.

If I'm right about that, length MUST be less than C_MAX and length MUST be less than A_MAX should also be changed in Section 3.2 and 4.2.

Besides that, it looks ok. I'm not super keen on the brackets inside brackets, but there's not really anything you can do.

[Yawning]

Shouldn't length MUST be less than P_MAX and length MUST be less than A_MAX (in Section 3.1 and 4.1) still be changed? Otherwise, the maximum is technically 261 - 2 bytes.

If I'm right about that, length MUST be less than C_MAX and length MUST be less than A_MAX should also be changed in Section 3.2 and 4.2.

Ah, yes. That's right.

Unrelated, thanks for the nice spec, I've been working on implementing 128L and 256, and it's been easy to do.

[jedisct1]

Good catch, @samuel-lucas6 !

[samuel-lucas6]

LGTM. Thanks @Yawning!