MAX_MESSAGE_LEN
meejah opened this issue · comments
I can't claim to fully understand the Noise protocol, but I think MAX_MESSAGE_LEN should be 65535 - 16.
The protocol specs say "A Noise transport message is simply an AEAD ciphertext that is less than or equal to 65535 bytes in length, and that consists of an encrypted payload plus 16 bytes of authentication data."
Indeed, if I encrypt a 65535-byte message, I get 65551 bytes out -- which fails to round-trip back through .decrypt(). I will comment with a test-case.
import noise
from noise.connection import NoiseConnection
key = b"\x00" * 32
n0 = NoiseConnection.from_name(b"Noise_NNpsk0_25519_ChaChaPoly_BLAKE2s")
n1 = NoiseConnection.from_name(b"Noise_NNpsk0_25519_ChaChaPoly_BLAKE2s")
n0.set_psks(key)
n1.set_psks(key)
n0.set_as_initiator()
n1.set_as_responder()
n0.start_handshake()
n1.start_handshake()
msg0 = n0.write_message()
msg1 = n1.read_message(msg0)
msg2 = n1.write_message()
msg3 = n0.read_message(msg2)
# handshake completed
# encrypt a "maximum message size" message
plaintext = b"\x00" * 65535
#plaintext = b"\x00" * (65535 - 16)
# plaintext = b"\x00" * 65537 # this fails .encrypt()
msg4 = n0.encrypt(plaintext)
print("msg4 length={}".format(len(msg4))) # 65551 -- 16 bytes extra?
# fails; "too big"
msg5 = n1.decrypt(msg4)
print("msg5 length={}".format(len(msg5)))
assert msg5 == plaintext