[gnutls-devel] GnuTLS | AEAD output difference on Mac (#1494)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Jul 18 19:21:47 CEST 2023

Simon Josefsson created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1494

Hi.   This came from https://gitlab.com/gnutls/guile/-/issues/13 but Vivien resolved it to a GnuTLS concern.  The code snippet below prints the following on my MacBook Pro (M1) with GnuTLS 3.8.0 via homebrew.  Is this reproducible on other Mac's?

49 e3 82 8a 81 59 cb 8f d9 6 ad 6a 95 8d 1d fd 98 fc 31 4f 5d d4 c5 76 a6 81 d5 ca cb 7f 8a 75 80 61 

Compile main.c below as this: `gcc main.c $(pkg-config --cflags gnutls) $(pkg-config --libs gnutls) && ./a.out`

#include <gnutls/crypto.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>

main ()
  static const gnutls_cipher_algorithm_t algo = GNUTLS_CIPHER_AES_256_GCM;
  static const char *key = "the secret key is 32 bytes long.";
  gnutls_datum_t datum_key;
  datum_key.data = (unsigned char *) key;
  datum_key.size = strlen (key);
  gnutls_aead_cipher_hd_t handle;
  if (gnutls_aead_cipher_init (&handle, algo, &datum_key))
      return EXIT_FAILURE;
  static const char *nonce = "Never encrypt more data with this nonce";
  static const char *auth = "Additional secret data";
  static const int tag_size = 16;
  static const char *data = "Confidential data.";
  size_t used_size = tag_size + strlen (data);
  char output[used_size];
  if (gnutls_aead_cipher_encrypt (handle,
                                  nonce, strlen (nonce),
                                  auth, strlen (auth),
                                  data, strlen (data),
                                  output, &used_size))
      return EXIT_FAILURE;
  if (used_size != 34)
      return EXIT_FAILURE;
  for (int i= 0; i < 34; i++)
    fprintf (stderr, "%x ", 0xFF & output[i]);
  fprintf (stderr, "\n");

  if (output[0] != (char) 165)
      return EXIT_FAILURE;
  gnutls_aead_cipher_deinit (handle);
  fprintf (stderr, "OK\n");
  return EXIT_SUCCESS;

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1494
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20230718/bfb724ee/attachment.html>

More information about the Gnutls-devel mailing list