[gnutls-devel] GnuTLS | Improve the gnutls_aead_cipher documentation (#716)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Wed Feb 27 09:41:24 CET 2019


Hi,
 Thank you for that. Would you like to propose some changes that will make the message more clear, or more detailed description of what you miss? It is on the man-pages or [in the manual](https://gnutls.org/manual/gnutls.html#Symmetric-algorithms)?

More specifically: 
> Can you just set a auth_iov with count 1 or does it need to be the same count as iov?
Do you mean have an `auth_iovcnt` != `iovcnt`? The answer is of course, but it would help me to understand what made you think that you could not.

> The ctext only says 'the encrypted data', it doesn't mention that at the end of the cipher text the tag get appended.

In the AEAD ciphers, the encrypted data include the tag. In some algorithms like CCM, GCM the tag is appended to the "normally" encrypted data. In some other algorithms the tag is part of the IV (i.e., prepended to data). There is no separation of ciphertext, and tag.

The [AEAD rfc](https://tools.ietf.org/html/rfc5116#section-2.1) is quite clear on that:
```
The authenticated encryption operation has four inputs, each of which
is an octet string:

..
.
..
There is a single output:
      A ciphertext C,
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/716#note_145449016
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190227/8a0acd9c/attachment.html>


More information about the Gnutls-devel mailing list