Hey xkcd, just reading through the aes.h file, they list function declarations:

CYASSL_API int  AesGcmSetKey(Aes* aes, const byte* key, word32 len);
CYASSL_API int  AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
                              const byte* iv, word32 ivSz,
                              byte* authTag, word32 authTagSz,
                              const byte* authIn, word32 authInSz);
CYASSL_API int  AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
                              const byte* iv, word32 ivSz,
                              const byte* authTag, word32 authTagSz,
                              const byte* authIn, word32 authInSz);

Based on their code-style in other functions, it seems like the p parameter (byte*) is used for the length of the output buffer, and the a parameter (byter*) is used for the auth tags.

• authIn in a pointer to additional plaintext that is to be authenticated with the plaintext being encrypted

• authTag is a pointer to the authentication tag output

The authTag is the "MAC" authentication tag output for the encrypt function, and it is the "MAC" authentication tag input to authenticate with for the decrypt function. The authIn in both encrypt and decrypt functions is the plaintext that included in the authentication tag with the encrypted data.

In TLS, the authentication tag is the MAC of the plaintext data being encrypted, with the sequence number, TLS record type, TLS record version, and record length.

In the function aesgcm_test(), p is the plain text, a is the additional data to authenticate, c is the expected cipher text, t is the expected authentication tag. t2, p2, c2 are the buffers capturing the output of the encrypt and decrypt functions.