Andreas Metzler ametzler@bebt.de writes:
Afaict from https://gitlab.com/gnutls/gnutls/-/blob/master/lib/nettle/cipher.c#L815 it does use chacha_poly1305_encrypt/decrypt/update/digest/set_key/set_nonce.
I see. (But closer to line 857). I wonder what the precise message size was. Log says
server|<5>| REC[0x100372bc820]: Received Packet Application Data(23) with length: 209 server|<10>| READ: Got 209 bytes from 0x3 server|<10>| READ: read 209 bytes from 0x3 server|<10>| RB: Have 5 bytes into buffer. Adding 209 bytes. server|<10>| RB: Requested 214 bytes server|<5>| REC[0x100372bc820]: Decrypted Packet[191] Unknown Packet(196) with length: 192 server|<5>| REC[0x100372bc820]: Received unexpected packet 196 (Unknown Packet) expecting 23 (Application Data)
I would guess that means that we got 209 bytes, including the 16-byte poly1305 authentication tag. Message size is then 209 - 16 = 193 bytes. If the first byte is a TLS packet type, the "length: 192" in the next to last line makes sense if the packet type byte is excluded. Right?
And preceding packets, which are smaller (packet size increasing one byte per packet), appear to be decrypted correctly. I'll investigate.
What is the source of the incoming packets? GnuTLS of the same version, also using Nettle-3.7, or the previous version, or some prerecorded data? It's not obvious to me if the error is on the sender or the receiver side.
Regards, /Niels