Re: libnettle/libhogweed WIP

[Eli Zaretskii]

Ping!  Anything further on this?  Anything I can do to help debugging
this problem?

> Date: Sat, 15 Jul 2017 22:12:59 +0300
> From: Eli Zaretskii <address@hidden>
> Cc: address@hidden
> 
> > From: Ted Zlatanov <address@hidden>
> > Date: Sat, 15 Jul 2017 14:40:37 -0400
> > 
> > The size of the output is determined by the cipher's parameters. So we
> > need to know the parameters, which are in cplist.
> 
> As I wrote, the problem happens on the first iteration through the
> loop in test-gnutls-005-aead-ciphers, so the cipher's parameters
> should be known, as they are set up by the code.  But in case this
> isn't telling the whole story, you will see the values below.
> 
> > Can you capture the full parameters and memory buffers passed into the
> > GnuTLS functions?
> 
> I attach below the GDB transcript with this information.  Let me know
> if you need more data.
> 
> > Here's the sequence we expect in the test, this in a let* form:
> > 
> > 1. The IV may be actual data or it may be a list of 'iv-auto and ivsize
> > which tells extract_data_from_object() to generate a random IV (which is
> > returned as the second element by `gnutls-symmetric-encrypt').
> > 
> > 2. We call (gnutls-symmetric-encrypt cplist (copy-sequence key) iv input 
> > (copy-sequence auth))
> > 
> > 3. We need to make sure the cplist, key, iv, input, and auth make it
> > down to the GnuTLS C functions.
> > 
> > 4. We need to look at the output returned from the GnuTLS C function and
> > make sure it makes it to the return of `gnutls-symmetric-encrypt'
> > together with the actual IV used.
> > 
> > 5. We need to do the same as steps 1-4 for decryption.
> 
> That's what I did, and my observations were in the previous mail.  I
> just didn't know what to expect, so I couldn't tell whether some of
> the data was incorrect.
> 
> > If you can provide a recipe for testing your case, that would be
> > helpful.
> 
> I'm just running test-gnutls-005-aead-ciphers in an interactive
> session after loading gnutls-tests.el by hand.
> 
> Here's the GDB transcript:
> 
>   (gdb) break Fgnutls_symmetric_encrypt
>   Breakpoint 3 at 0x12aa8f5: file gnutls.c, line 2142.
>   (gdb) break Fgnutls_symmetric_decrypt
>   Breakpoint 4 at 0x12aa98b: file gnutls.c, line 2169.
>   (gdb) r -Q
> 
>   Thread 1 hit Breakpoint 3, Fgnutls_symmetric_encrypt (
>       cipher=XIL(0xc000000006c4c2a0), key=XIL(0x8000000006c336f0),
>       iv=XIL(0x8000000006c33700), input=XIL(0x8000000006c34990),
>       aead_auth=XIL(0)) at gnutls.c:2142
>   2142      return gnutls_symmetric (true, cipher, key, iv, input, aead_auth);
>   (gdb) pp cipher
>   (:cipher-id 16 :type gnutls-symmetric-cipher :cipher-aead-capable t 
> :cipher-tagsize 16 :cipher-blocksize 16 :cipher-keysize 32 :cipher-ivsize 12)
>   (gdb) pp key
>   "                           mykey"
>   (gdb) pp iv
>   "            "
>   (gdb) pp input
>   "                "
>   (gdb) pp aead_auth
>   nil
>   (gdb) c
>   Continuing.
> 
>   Thread 1 hit Breakpoint 4, Fgnutls_symmetric_decrypt (
>       cipher=XIL(0xc000000006c4c2a0), key=XIL(0x8000000006c32fa0),
>       iv=XIL(0x8000000006c336a0), input=XIL(0x8000000006c32fb0),
>       aead_auth=XIL(0)) at gnutls.c:2169
>   2169      return gnutls_symmetric (false, cipher, key, iv, input, 
> aead_auth);
>   (gdb) pp cipher
>   (:cipher-id 16 :type gnutls-symmetric-cipher :cipher-aead-capable t 
> :cipher-tagsize 16 :cipher-blocksize 16 :cipher-keysize 32 :cipher-ivsize 12)
>   (gdb) pp key
>   "                           mykey"
>   (gdb) pp iv
>   "            "
>   (gdb) pp input
>   "% F[MM   ¼  t
>   E  ↑ %  >*Rº [z  "
>   (gdb) p input
>   $1 = XIL(0x8000000006c32fb0)
>   (gdb) xstring
>   $2 = (struct Lisp_String *) 0x6c32fb0
>   "%\231F[MM∩\237\212¼µ≤t\212\nEπ \030\376%τµ>*Rº╬[zו\200"
>   (gdb) p *$
>   $3 = {
>     size = 32,
>     size_byte = -1,
>     intervals = 0x0,
>     data = 0x6ce0a40 "%\231F[MM∩\237\212¼µ≤t\212\nEπ \030\376%τµ>*Rº╬[zו\200"
>   }
>   (gdb) pp aead_auth
>   nil
> 
>