[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
gnutls-symmetric-encrypt/decrypt in GCM mode requires plaintext/cipherte
|
From: |
Jürgen Hötzel |
|
Subject: |
gnutls-symmetric-encrypt/decrypt in GCM mode requires plaintext/ciphertext size to be multiple of 16 |
|
Date: |
Sun, 08 Jan 2023 17:03:48 +0100 |
Hi,
GCM doesn't require any padding of the plaintext before it used, so this is
IMO an invalid assumption. Evaluating
(gnutls-symmetric-encrypt 'AES-128-GCM "0123456789ABCDEF" "0123456789AB"
"hello")
results in:
(error "GnuTLS AEAD cipher AES-128-GCM/encrypt input block length 5 is
not 0 greater than a multiple of the required 16")
whereas the corresponding C code using GnuTLS works as expected:
#include <gnutls/crypto.h>
#include <gnutls/gnutls.h>
#include <stdio.h>
int main(int argc, char *argv[]) {
gnutls_datum_t key = {.data = (unsigned char *)"0123456789ABCDEF", .size =
16};
char iv[12] = "0123456789AB";
char plaintext[5] = "hello";
int tlserr;
gnutls_session_t session;
gnutls_aead_cipher_hd_t hd;
if ((tlserr = gnutls_init(&session, 0) != GNUTLS_E_SUCCESS)) {
};
if (gnutls_aead_cipher_init(&hd, GNUTLS_CIPHER_AES_128_GCM, &key) < 0) {
fprintf(stderr, "gnutls_cipher_init failed: %s", gnutls_strerror(tlserr));
goto cleanup;
}
char ctext[5 + 16]; /* plaintext + tagsize */
size_t ctext_len = 5 + 16;
if ((tlserr = gnutls_aead_cipher_encrypt(hd, iv, sizeof(iv), NULL, 0, 16,
plaintext, 5, ctext, &ctext_len)) < 0) {
fprintf(stderr, "gnutls_aead_cipher_decrypt failed: %s\n",
gnutls_strerror(tlserr));
goto cleanup;
}
fwrite(ctext, 1, ctext_len, stdout);
cleanup:
gnutls_deinit(session);
return tlserr;
}
Best regards,
Jürgen
- gnutls-symmetric-encrypt/decrypt in GCM mode requires plaintext/ciphertext size to be multiple of 16,
Jürgen Hötzel <=