[gnutls-devel] GnuTLS | AEAD output difference on Mac (#1494)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Jul 18 21:39:06 CEST 2023 



Vivien Kraus Would Rather Not Be On Gitlab_com commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1494#note_1475467677

@jas can you try this with gnutls:

```c
#include <gnutls/crypto.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>

int
main ()
{
  static const gnutls_cipher_algorithm_t algo = GNUTLS_CIPHER_AES_256_GCM;
  static const char *key = "the secret key is 32 bytes long.";
  gnutls_datum_t datum_key;
  datum_key.data = (unsigned char *) key;
  datum_key.size = strlen (key);
  gnutls_aead_cipher_hd_t handle;
  if (gnutls_aead_cipher_init (&handle, algo, &datum_key))
    {
      return EXIT_FAILURE;
    }
  static const char *nonce = "Never encrypt more data with this nonce";
  static const char *auth = "Additional secret data";
  static const int tag_size = 16;
  static const char *data = "Confidential data.";
  size_t used_size = tag_size + strlen (data);
  char output[used_size];
  if (gnutls_aead_cipher_encrypt (handle,
                                  nonce, strlen (nonce),
                                  auth, strlen (auth),
                                  tag_size,
                                  data, strlen (data),
                                  output, &used_size))
    {
      return EXIT_FAILURE;
    }
  if (used_size != 34)
    {
      return EXIT_FAILURE;
    }
  gnutls_aead_cipher_deinit (handle);
  /* Decryption */
  size_t decryption_used_size = strlen (data);
  char decrypted_output[decryption_used_size];
  if (gnutls_aead_cipher_init (&handle, algo, &datum_key))
    {
      return EXIT_FAILURE;
    }
  if (gnutls_aead_cipher_decrypt (handle,
                                  nonce, strlen (nonce),
                                  auth, strlen (auth),
                                  tag_size,
                                  output, used_size,
                                  decrypted_output, &decryption_used_size))
    {
      fprintf (stderr, "Gnutls cannot decrypt, even if we have the exact same nonce.\n");
      return EXIT_FAILURE;
    }
  fprintf (stderr, "Gnutls can decrypt if we have the same nonce.\n");
  return EXIT_SUCCESS;
}
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1494#note_1475467677
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20230718/8e4cac3d/attachment.html>

More information about the Gnutls-devel mailing list