<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en" style='--code-editor-font: var(--default-mono-font, "GitLab Mono"), JetBrains Mono, Menlo, DejaVu Sans Mono, Liberation Mono, Consolas, Ubuntu Mono, Courier New, andale mono, lucida console, monospace;'>

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style data-premailer="ignore" type="text/css">

a { color: #1068bf; }

</style>

<style>img {

max-width: 100%; height: auto;

}

body {

font-size: 0.875rem;

}

body {

-webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px;

}

body {

font-family: var(--default-regular-font, "GitLab Sans"),-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"; font-size: inherit;

}

</style>

</head>

<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px; font-family: var(--default-regular-font, "GitLab Sans"),-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";'>

<div class="content">

<p style="color: #777777;">

<a href="https://gitlab.com/vivien_">Vivien Kraus Would Rather Not Be On Gitlab.com</a>

<a href="https://gitlab.com/gnutls/gnutls/-/issues/1494#note_1475454426">commented</a>:

</p>

<div class="md" style="color: #333238; word-wrap: break-word;">

<p dir="auto" style="color: #333238; margin: 0 0 16px;" align="initial">The issue here turns out to be that the nonce length is not 12. The macos version of gnutls seems to be doing what this equivalent code in Nettle is doing:</p>

<div class="gl-relative markdown-code-block js-markdown-code">

<pre data-canonical-lang="c" class="code highlight js-syntax-highlight language-c" lang="c" v-pre="true" style='display: block; font-size: 14px; color: #333238; line-height: 1.6em; overflow-x: auto; border-radius: 4px; position: relative; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; margin: 0 0 16px; padding: 12px; border: 1px solid #dcdcde;'><code style='font-size: 0.875rem; color: inherit; word-wrap: normal; word-break: keep-all; background-color: inherit; border-radius: 4px; white-space: pre; margin-top: 0; font-family: var(--default-mono-font, "GitLab Mono"),"JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; overflow-wrap: normal; padding: unset;'><span id="LC1" class="line" lang="c" style="margin-top: 0;"><span class="cp" style="margin-top: 0;">#include</span> <span class="cpf"><nettle/gcm.h></span></span>

<span id="LC2" class="line" lang="c"><span class="cp" style="margin-top: 0;">#include</span> <span class="cpf"><stdlib.h></span></span>

<span id="LC3" class="line" lang="c"><span class="cp" style="margin-top: 0;">#include</span> <span class="cpf"><stdio.h></span></span>

<span id="LC4" class="line" lang="c"><span class="cp" style="margin-top: 0;">#include</span> <span class="cpf"><string.h></span></span>

<span id="LC5" class="line" lang="c"></span>

<span id="LC6" class="line" lang="c"><span class="kt" style="margin-top: 0;">int</span></span>

<span id="LC7" class="line" lang="c"><span class="nf" style="margin-top: 0;">main</span> <span class="p">()</span></span>

<span id="LC8" class="line" lang="c"><span class="p" style="margin-top: 0;">{</span></span>

<span id="LC9" class="line" lang="c">  <span class="k" style="margin-top: 0;">static</span> <span class="k">const</span> <span class="kt">char</span> <span class="o">*</span><span class="n">key</span> <span class="o">=</span> <span class="s">"the secret key is 32 bytes long."</span><span class="p">;</span></span>

<span id="LC10" class="line" lang="c">  <span class="k" style="margin-top: 0;">static</span> <span class="k">const</span> <span class="kt">char</span> <span class="o">*</span><span class="n">auth</span> <span class="o">=</span> <span class="s">"Additional secret data"</span><span class="p">;</span></span>

<span id="LC11" class="line" lang="c">  <span class="k" style="margin-top: 0;">static</span> <span class="k">const</span> <span class="kt">char</span> <span class="o">*</span><span class="n">nonce</span> <span class="o">=</span> <span class="s">"Never encrypt more data with this nonce"</span><span class="p">;</span></span>

<span id="LC12" class="line" lang="c">  <span class="k" style="margin-top: 0;">static</span> <span class="k">const</span> <span class="kt">char</span> <span class="o">*</span><span class="n">data</span> <span class="o">=</span> <span class="s">"Confidential data."</span><span class="p">;</span></span>

<span id="LC13" class="line" lang="c">  <span class="k" style="margin-top: 0;">struct</span> <span class="n">gcm_aes256_ctx</span> <span class="n">context</span><span class="p">;</span></span>

<span id="LC14" class="line" lang="c">  <span class="n" style="margin-top: 0;">gcm_aes256_set_key</span> <span class="p">(</span><span class="o">&</span><span class="n">context</span><span class="p">,</span> <span class="n">key</span><span class="p">);</span></span>

<span id="LC15" class="line" lang="c">  <span class="n" style="margin-top: 0;">gcm_aes256_set_iv</span> <span class="p">(</span><span class="o">&</span><span class="n">context</span><span class="p">,</span> <span class="n">strlen</span> <span class="p">(</span><span class="n">nonce</span><span class="p">),</span> <span class="n">nonce</span><span class="p">);</span></span>

<span id="LC16" class="line" lang="c">  <span class="k" style="margin-top: 0;">static</span> <span class="k">const</span> <span class="kt">size_t</span> <span class="n">tag_size</span> <span class="o">=</span> <span class="mi">16</span><span class="p">;</span></span>

<span id="LC17" class="line" lang="c">  <span class="kt" style="margin-top: 0;">size_t</span> <span class="n">used_size</span> <span class="o">=</span> <span class="n">tag_size</span> <span class="o">+</span> <span class="n">strlen</span> <span class="p">(</span><span class="n">data</span><span class="p">);</span></span>

<span id="LC18" class="line" lang="c">  <span class="kt" style="margin-top: 0;">char</span> <span class="n">output</span><span class="p">[</span><span class="n">used_size</span><span class="p">];</span></span>

<span id="LC19" class="line" lang="c">  <span class="n" style="margin-top: 0;">gcm_aes256_update</span> <span class="p">(</span><span class="o">&</span><span class="n">context</span><span class="p">,</span> <span class="n">strlen</span> <span class="p">(</span><span class="n">auth</span><span class="p">),</span> <span class="n">auth</span><span class="p">);</span></span>

<span id="LC20" class="line" lang="c">  <span class="n" style="margin-top: 0;">gcm_aes256_encrypt</span> <span class="p">(</span><span class="o">&</span><span class="n">context</span><span class="p">,</span> <span class="n">strlen</span> <span class="p">(</span><span class="n">data</span><span class="p">),</span> <span class="n">output</span><span class="p">,</span> <span class="n">data</span><span class="p">);</span></span>

<span id="LC21" class="line" lang="c">  <span class="n" style="margin-top: 0;">gcm_aes256_digest</span> <span class="p">(</span><span class="o">&</span><span class="n">context</span><span class="p">,</span> <span class="n">tag_size</span><span class="p">,</span> <span class="o">&</span> <span class="p">(</span><span class="n">output</span><span class="p">[</span><span class="n">strlen</span> <span class="p">(</span><span class="n">data</span><span class="p">)]));</span></span>

<span id="LC22" class="line" lang="c">  <span class="k" style="margin-top: 0;">for</span> <span class="p">(</span><span class="kt">int</span> <span class="n">i</span><span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">i</span> <span class="o"><</span> <span class="n">used_size</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span><span class="p">)</span></span>

<span id="LC23" class="line" lang="c">    <span class="n" style="margin-top: 0;">fprintf</span> <span class="p">(</span><span class="n">stderr</span><span class="p">,</span> <span class="s">"%x "</span><span class="p">,</span> <span class="mh">0xFF</span> <span class="o">&</span> <span class="n">output</span><span class="p">[</span><span class="n">i</span><span class="p">]);</span></span>

<span id="LC24" class="line" lang="c">  <span class="k" style="margin-top: 0;">if</span> <span class="p">(</span><span class="n">output</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">!=</span> <span class="p">(</span><span class="kt">char</span><span class="p">)</span> <span class="mi">165</span><span class="p">)</span></span>

<span id="LC25" class="line" lang="c">    <span class="p" style="margin-top: 0;">{</span></span>

<span id="LC26" class="line" lang="c">      <span class="k" style="margin-top: 0;">return</span> <span class="n">EXIT_FAILURE</span><span class="p">;</span></span>

<span id="LC27" class="line" lang="c">    <span class="p" style="margin-top: 0;">}</span></span>

<span id="LC28" class="line" lang="c">  <span class="n" style="margin-top: 0;">fprintf</span> <span class="p">(</span><span class="n">stderr</span><span class="p">,</span> <span class="s">"OK</span><span class="se">\n</span><span class="s">"</span><span class="p">);</span></span>

<span id="LC29" class="line" lang="c">  <span class="k" style="margin-top: 0;">return</span> <span class="n">EXIT_SUCCESS</span><span class="p">;</span></span>

<span id="LC30" class="line" lang="c"><span class="p" style="margin-top: 0;">}</span></span></code></pre>

<copy-code></copy-code>

</div>

<p dir="auto" style="color: #333238; margin: 0;" align="initial">While the other versions are doing something different. The question is thus about decryption: why can’t the macos version of gnutls decrypt the encrypted data with the non-standard nonce length, while the other versions can? I guess it is safer to refuse to decrypt, but it is surprising.</p>

</div>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #737278;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/1494#note_1475454426">view it on GitLab</a>.

<br>

You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://gitlab.com">gitlab.com</a>. <a href="https://gitlab.com/-/sent_notifications/1d64407113652f88c99650b0f8ef219a/unsubscribe" target="_blank" rel="noopener noreferrer">Unsubscribe</a> from this thread · <a href="https://gitlab.com/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link">Manage all notifications</a> · <a href="https://gitlab.com/help" target="_blank" rel="noopener noreferrer" class="help-link">Help</a>

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/1494#note_1475454426"}}</script>

</p>

</div>

</body>

</html>