The TLS 1.3 protocol allows for extra padding of records to prevent statistical analysis based on the length of exchanged messages. GnuTLS takes advantage of this feature, by allowing the user to specify the amount of padding for a particular message. The simplest interface is provided by gnutls_record_send2, and is made available when under TLS1.3; alternatively gnutls_record_can_use_length_hiding can be queried.
Note that this interface is not sufficient to completely hide the length of the
data. The application code may reveal the data transferred by leaking its
data processing time, or by leaking the TLS1.3 record processing time by
GnuTLS. That is because under TLS1.3 the padding removal time depends on the
padding data for an efficient implementation. To make that processing
constant time the gnutls_init function must be called with
session: is a
data: contains the data to send
data_size: is the length of the data
pad: padding to be added to the record
flags: must be zero
This function is identical to
gnutls_record_send() except that it
takes an extra argument to specify padding to be added the record.
To determine the maximum size of padding, use
Note that in order for GnuTLS to provide constant time processing
of padding and data in TLS1.3, the flag
must be used in
Returns: The number of bytes sent, or a negative error code. The
number of bytes sent might be less than
data_size . The maximum
number of bytes this function can send in a single call depends
on the negotiated maximum record size.
Older GnuTLS versions provided an API suitable for cases where the sender sends data that are always within a given range. That API is still available, and consists of the following functions.
unsigned gnutls_record_can_use_length_hiding (gnutls_session_t session)
ssize_t gnutls_record_send_range (gnutls_session_t session, const void * data, size_t data_size, const gnutls_range_st * range)