lib: Set the AES 128 CCM iv size to 11 (!939) · Merge requests · gnutls / GnuTLS

Andreas Schneider requested to merge cryptomilk/gnutls:master-aes-ccm into master Feb 26, 2019

It took me two days to figure out how to use that AEAD API as the documentation is not very useful. It took me than one day to figure out that the nonce size returned by gnutls_cipher_get_iv_size() is one byte to big, looks like every one uses 11 bytes, for example https://tools.ietf.org/html/rfc4309

And the same with Microsoft Windows, they use L=4.

I think 11 is more correct, however this should be documented that the returned size for some ciphers might not be the one you need!

Admin message

lib: Set the AES 128 CCM iv size to 11

Merge request reports