The routine EncodeStream creates a different authentication tag as the EncodeBytes if the field
DatatToAuthenticate is used.

The problems seems to be that EncodeStream splits the buffer in 8kB blocks and calls EncodeGCM multiple
times. Here the DataToAuthenticate field is used on every call which means that it is mengled into the
tag calculatation on each iteration.

EncodeBytes calls the EncodeGCM routine only once on the whole buffer. Check out the attached project (unfortunately I could not upload a dpr file only a txt file...)

FailStreamEncrypt.txt

On a different matter... would it be possible to add an additional parameter to the EncodeStream function that allows
to change the endianess of the stream? There are built in classes that allow to operate on TBytes but not on streams.
(Or... did I miss something?)
My background here is to create an encrypted firmeware file for a microcontroller which uses an ARM CPU