[gnutls-help] GnuTLS cryptographic API questions

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Mar 31 20:58:26 CEST 2017

On Thu, Mar 30, 2017 at 3:27 PM, Ted Zlatanov <tzz at lifelogs.com> wrote:
> So that's perfect. I had a feeling I was missing something :) Do you
> think those functions could also be listed under the Cryptographic API
> sections I cited?

It's a historical reason they are in the Core API (crypto API didn't
exist at the time). Now moving them to crypto.h would break existing
software. I've added some text that several functions may not be
listed in crypto API. If you have a better suggestion I'd appreciate a
merge request.

> NM> There are separate gnutls_mac_list() and gnutls_digest_list() which
> NM> can be used to obtain the different sets.
> Does it make sense to correlate MACs and digests, since digests are
> currently a subset of MACs? You do that with AEAD ciphers (a subcase of
> general ciphers).

This correlation is only for HMACs. MACs like poly1305 and UMAC have
no equivalent digest.

> NM> The gnutls_cipher_get_tag_size could be used to determine the AEAD
> NM> status (only AEAD ciphers have a tag).
> Nice, thank you! Could you add that to the documentation, so it's
> guaranteed that if the function returns non-zero, the cipher is AEAD?



More information about the Gnutls-help mailing list