[gnutls-help] gnutls_heartbeat_ping data_size parameter documentation

Olivier Soldano olivier.soldano at savoirfairelinux.com
Wed Jan 25 17:56:05 CET 2017


Hello Nikos,

Thanks for your answer, first let me apologize for the typos,
yes I meant DEFAULT_PADDING_SIZE and the effective packet size is 484 with a specified data size of 444.

The output of gnutls_record_overhead_size is 37 which is off by 3.
However 37 seams to be correct as the sessions sends DTLS packets (DTLS_RECORD_HEADER_SIZE = 13) and is cyphered using AES-256-GCM 
with AEAD MAC (24 bytes of overhead) which is indeed 37 bytes.
Maybe it is linked to : response = gnutls_malloc(1 + 2 + data_size + DEFAULT_PADDING_SIZE) in heartbeat_send_data ?

some logs with the same data_size of 444:
[5]GnuTLS: REC[0x7fc6040087a0]: Preparing Packet HeartBeat(24) with length: 447 and min pad: 0
[9]GnuTLS: ENC[0x7fc6040087a0]: cipher: AES-256-GCM, MAC: AEAD, Epoch: 2
[5]GnuTLS: REC[0x7fc6040087a0]: Sent Packet[2] HeartBeat(24) in epoch 2 and length: 484
[5]GnuTLS: REC[0x7fc6040087a0]: SSL 254.253 HeartBeat packet received. Epoch 2, length: 471
[5]GnuTLS: REC[0x7fc6040087a0]: Expected Packet HeartBeat(24)
[5]GnuTLS: REC[0x7fc6040087a0]: Received Packet HeartBeat(24) with length: 471
[5]GnuTLS: REC[0x7fc6040087a0]: Decrypted Packet[2.1] HeartBeat(24) with length: 447

regards,
Olivier Soldano

----- Mail original -----
De: "Nikos Mavrogiannopoulos" <nmav at gnutls.org>
À: "Olivier Soldano" <olivier.soldano at savoirfairelinux.com>
Cc: "gnutls-help" <gnutls-help at lists.gnutls.org>
Envoyé: Mercredi 25 Janvier 2017 10:09:42
Objet: Re: [gnutls-help] gnutls_heartbeat_ping data_size parameter documentation

On Tue, Jan 24, 2017 at 4:17 PM, Olivier Soldano
<olivier.soldano at savoirfairelinux.com> wrote:
> Hello,
> I am currently having some trouble with the documentation of gnutls_heartbeat_ping.
> It is said that : size_t data_size
>                    is the length of the ping payload.
>
> I thought it meant the effective size of the Heartbeat packet generated,
> but my numbers are off. a little example:
>
>  - I specify a data_size of 444 bytes,
>  - I end up with an encrypted message of 471 bytes and a TLS packet of 489 bytes.

Is that the same as the size you specified + the output of
gnutls_record_overhead_size()?


> which after analysis ought to be the TLS header size and the MAC + padding in the
> encryption algorithm used.
> I don't understand where is my error, as i thought that the tls header size
> was covered by DEFAULT_PAYLOAD_SIZE in heartbeat_send_data. I think this is a mixed signal between

Do you mean the DEFAULT_PADDING_SIZE? That's a weird overhead due to
the way the heartbeat extension is defined (normal payload + some
padding). gnutls attempts to hide that padding size as it makes no
sense for applications.

regards,
Nikos



More information about the Gnutls-help mailing list