[gnutls-help] GnuTLS cryptographic API questions

Ted Zlatanov tzz at lifelogs.com
Thu Mar 30 15:27:37 CEST 2017


On Thu, 30 Mar 2017 11:52:44 +0200 Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote: 

NM> you may want to check the algorithm enumeration functions such as
NM> gnutls_mac_list(), gnutls_cipher_list() etc.

Oh! Those are not listed in
https://www.gnutls.org/manual/html_node/Cryptographic-API.html#Cryptographic-API
or in
https://gnutls.org/manual/html_node/Cryptographic-Backend.html#Cryptographic-Backend
or in the children of https://gnutls.org/manual/html_node/Using-GnuTLS-as-a-cryptographic-library.html#Using-GnuTLS-as-a-cryptographic-library
but under
https://gnutls.org/manual/html_node/Core-TLS-API.html#Core-TLS-API and I
didn't see them.

So that's perfect. I had a feeling I was missing something :) Do you
think those functions could also be listed under the Cryptographic API
sections I cited?

NM> There are separate gnutls_mac_list() and gnutls_digest_list() which
NM> can be used to obtain the different sets.

Does it make sense to correlate MACs and digests, since digests are
currently a subset of MACs? You do that with AEAD ciphers (a subcase of
general ciphers).

Or do you expect there to be digests that don't have an associated MAC?

NM> The gnutls_cipher_get_tag_size could be used to determine the AEAD
NM> status (only AEAD ciphers have a tag).

Nice, thank you! Could you add that to the documentation, so it's
guaranteed that if the function returns non-zero, the cipher is AEAD?

Thanks again
Ted




More information about the Gnutls-help mailing list