The TLS 1.3 protocol allows for extra padding of records to prevent statistical analysis based on the length of exchanged messages. GnuTLS takes advantage of this feature, by allowing the user to specify the amount of padding for a particular message. The simplest interface is provided by gnutls_record_send2, and is made available when under TLS1.3; alternatively gnutls_record_can_use_length_hiding can be queried.
session: is a
data: contains the data to send
data_size: is the length of the data
pad: padding to be added to the record
flags: must be zero
This function is identical to
gnutls_record_send() except that it
takes an extra argument to specify padding to be added the record.
To determine the maximum size of padding, use
Returns: The number of bytes sent, or a negative error code. The
number of bytes sent might be less than
data_size . The maximum
number of bytes this function can send in a single call depends
on the negotiated maximum record size.
Older GnuTLS versions provided an API suitable for cases where the sender sends data that are always within a given range. That API is still available, and consists of the following functions.
unsigned gnutls_record_can_use_length_hiding (gnutls_session_t session)
ssize_t gnutls_record_send_range (gnutls_session_t session, const void * data, size_t data_size, const gnutls_range_st * range)