[gnutls-devel] GnuTLS | AEAD output difference on Mac (#1494)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue Jul 18 21:27:19 CEST 2023
Vivien Kraus Would Rather Not Be On Gitlab_com commented: https://gitlab.com/gnutls/gnutls/-/issues/1494#note_1475454426
The issue here turns out to be that the nonce length is not 12. The macos version of gnutls seems to be doing what this equivalent code in Nettle is doing:
```c
#include <nettle/gcm.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
int
main ()
{
static const char *key = "the secret key is 32 bytes long.";
static const char *auth = "Additional secret data";
static const char *nonce = "Never encrypt more data with this nonce";
static const char *data = "Confidential data.";
struct gcm_aes256_ctx context;
gcm_aes256_set_key (&context, key);
gcm_aes256_set_iv (&context, strlen (nonce), nonce);
static const size_t tag_size = 16;
size_t used_size = tag_size + strlen (data);
char output[used_size];
gcm_aes256_update (&context, strlen (auth), auth);
gcm_aes256_encrypt (&context, strlen (data), output, data);
gcm_aes256_digest (&context, tag_size, & (output[strlen (data)]));
for (int i= 0; i < used_size; i++)
fprintf (stderr, "%x ", 0xFF & output[i]);
if (output[0] != (char) 165)
{
return EXIT_FAILURE;
}
fprintf (stderr, "OK\n");
return EXIT_SUCCESS;
}
```
While the other versions are doing something different. The question is thus about decryption: why can’t the macos version of gnutls decrypt the encrypted data with the non-standard nonce length, while the other versions can? I guess it is safer to refuse to decrypt, but it is surprising.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1494#note_1475454426
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20230718/e13c660e/attachment-0001.html>
More information about the Gnutls-devel
mailing list