From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: =?utf-8?Q?J=C3=BCrgen_H=C3=B6tzel?= <juergen@hoetzel.info>
Newsgroups: gmane.emacs.devel
Subject: gnutls-symmetric-encrypt/decrypt in GCM mode requires
 plaintext/ciphertext size to be multiple of 16
Date: Sun, 08 Jan 2023 17:03:48 +0100
Organization: hoetzel.info
Message-ID: <86pmbpxba9.fsf@hoetzel.info>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="18087"; mail-complaints-to="usenet@ciao.gmane.io"
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Sun Jan 08 17:05:34 2023
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1pEYAv-0004V1-22
	for ged-emacs-devel@m.gmane-mx.org; Sun, 08 Jan 2023 17:05:34 +0100
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces@gnu.org>)
	id 1pEYAP-0000qk-Cj; Sun, 08 Jan 2023 11:05:01 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <juergen@hoetzel.info>)
 id 1pEYAL-0000pr-5t
 for emacs-devel@gnu.org; Sun, 08 Jan 2023 11:04:58 -0500
Original-Received: from mout-p-102.mailbox.org ([2001:67c:2050:0:465::102])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256)
 (Exim 4.90_1) (envelope-from <juergen@hoetzel.info>)
 id 1pEYAI-0007xb-Ai
 for emacs-devel@gnu.org; Sun, 08 Jan 2023 11:04:56 -0500
Original-Received: from smtp202.mailbox.org (smtp202.mailbox.org [10.196.197.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest
 SHA256) (No client certificate requested)
 by mout-p-102.mailbox.org (Postfix) with ESMTPS id 4NqhjW3zljz9sWb
 for <emacs-devel@gnu.org>; Sun,  8 Jan 2023 17:04:47 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hoetzel.info;
 s=MBO0001; t=1673193887;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=MJ6lVvr82+YYiwuO/cxGENhUvfe/lhmBNCuiO57IjrE=;
 b=aK6Nu3qae5WB/b04lKEJQTlVVTpQAFXJFM90Teq+yH1QxFdlGxkBds4eWFqwCQLD8sZ/t2
 CAe4PvlHkx2UXLvRvvyOGHj+GkQgVWfj/3ajYGTCkJvm0DeX+mxfeNwxrn+zSTWDCJJmZh
 prK7nMgDwPlaEk++nCoROFqZWnJE89mHTYbStmfFmWHzgi5cu2Gsu9OiU7xYYRgSe0kSSv
 FHmoUh0J4if+Q2Q/0xfKUBXnKMXw8GwfRH5QnjQ2WDJ8M8qTX28htzCe/zX+XsHAXW030T
 KbSwYihyo1wmaKX4boWxR7D7UUB2SeOAznqA/osmNLaOttGXeLnM+X42B7+/xg==
Received-SPF: pass client-ip=2001:67c:2050:0:465::102;
 envelope-from=juergen@hoetzel.info; helo=mout-p-102.mailbox.org
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.devel:302289
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/302289>

Hi,

GCM doesn't require any padding of the plaintext before it used, so this is
IMO an invalid assumption. Evaluating

(gnutls-symmetric-encrypt 'AES-128-GCM "0123456789ABCDEF" "0123456789AB"
"hello")

results in:

(error "GnuTLS AEAD cipher AES-128-GCM/encrypt input block length 5 is
not 0 greater than a multiple of the required 16")

whereas the corresponding C code using GnuTLS works as expected:

#include <gnutls/crypto.h>
#include <gnutls/gnutls.h>
#include <stdio.h>

int main(int argc, char *argv[]) {
  gnutls_datum_t key =3D {.data =3D (unsigned char *)"0123456789ABCDEF", .s=
ize =3D 16};
  char iv[12] =3D "0123456789AB";
  char plaintext[5] =3D "hello";
  int tlserr;
  gnutls_session_t session;
  gnutls_aead_cipher_hd_t hd;
  if ((tlserr =3D gnutls_init(&session, 0) !=3D GNUTLS_E_SUCCESS)) {
  };

  if (gnutls_aead_cipher_init(&hd, GNUTLS_CIPHER_AES_128_GCM, &key) < 0) {
    fprintf(stderr, "gnutls_cipher_init failed: %s", gnutls_strerror(tlserr=
));
    goto cleanup;
  }
  char ctext[5 + 16]; /* plaintext + tagsize */
  size_t ctext_len =3D 5 + 16;
  if ((tlserr =3D gnutls_aead_cipher_encrypt(hd, iv, sizeof(iv), NULL, 0, 1=
6, plaintext, 5, ctext, &ctext_len)) < 0) {
    fprintf(stderr, "gnutls_aead_cipher_decrypt failed: %s\n", gnutls_strer=
ror(tlserr));
    goto cleanup;
  }
  fwrite(ctext, 1, ctext_len, stdout);
cleanup:
  gnutls_deinit(session);
  return tlserr;
}

Best regards,

J=C3=BCrgen