[gnutls-devel] GnuTLS | AEAD output difference on Mac (#1494)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Jul 18 19:21:47 CEST 2023 


Simon Josefsson created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1494



Hi.   This came from https://gitlab.com/gnutls/guile/-/issues/13 but Vivien resolved it to a GnuTLS concern.  The code snippet below prints the following on my MacBook Pro (M1) with GnuTLS 3.8.0 via homebrew.  Is this reproducible on other Mac's?

```
49 e3 82 8a 81 59 cb 8f d9 6 ad 6a 95 8d 1d fd 98 fc 31 4f 5d d4 c5 76 a6 81 d5 ca cb 7f 8a 75 80 61 
```

Compile main.c below as this: `gcc main.c $(pkg-config --cflags gnutls) $(pkg-config --libs gnutls) && ./a.out`

```
#include <gnutls/crypto.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>

int
main ()
{
  static const gnutls_cipher_algorithm_t algo = GNUTLS_CIPHER_AES_256_GCM;
  static const char *key = "the secret key is 32 bytes long.";
  gnutls_datum_t datum_key;
  datum_key.data = (unsigned char *) key;
  datum_key.size = strlen (key);
  gnutls_aead_cipher_hd_t handle;
  if (gnutls_aead_cipher_init (&handle, algo, &datum_key))
    {
      return EXIT_FAILURE;
    }
  static const char *nonce = "Never encrypt more data with this nonce";
  static const char *auth = "Additional secret data";
  static const int tag_size = 16;
  static const char *data = "Confidential data.";
  size_t used_size = tag_size + strlen (data);
  char output[used_size];
  if (gnutls_aead_cipher_encrypt (handle,
                                  nonce, strlen (nonce),
                                  auth, strlen (auth),
                                  tag_size,
                                  data, strlen (data),
                                  output, &used_size))
    {
      return EXIT_FAILURE;
    }
  if (used_size != 34)
    {
      return EXIT_FAILURE;
    }
  for (int i= 0; i < 34; i++)
    fprintf (stderr, "%x ", 0xFF & output[i]);
  fprintf (stderr, "\n");

  if (output[0] != (char) 165)
    {
      return EXIT_FAILURE;
    }
  gnutls_aead_cipher_deinit (handle);
  fprintf (stderr, "OK\n");
  return EXIT_SUCCESS;
}
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1494
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20230718/bfb724ee/attachment.html>

More information about the Gnutls-devel mailing list