Bug#1115850: pqconnect-server: ERROR: Failed to decrypt c3*:

Simon Josefsson Sat, 20 Sep 2025 08:20:20 -0700

Package: pqconnect-server
Version: 1.2.2-1

Hi!  I finally had time to try and configure a server with pqconnect
functionality, and while the DNS configuration "hints" was terribly
confusing (example zone record snippets would have helped), I got it
working after a while:


jas@Y:~$ ping -4 X
PING X (10.43.0.3) 56(84) bytes of data.
64 bytes from 10.43.0.3: icmp_seq=1 ttl=64 time=15.1 ms
64 bytes from 10.43.0.3: icmp_seq=2 ttl=64 time=21.7 ms
64 bytes from 10.43.0.3: icmp_seq=3 ttl=64 time=21.9 ms

Yay!  Awesome work.

However the log is not quiet, it repeatedly prints errors like the one
below.  (host/IP's hidden for privacy)  Any ideas?

Everything seems to work though, so this report is just about this
error showing up in the log, which seems a bit bad.

/Simon

Sep 20 14:13:25 X sh[52907]: 2025-09-20 14:13:25,162 INFO: Request
received from ('123.456.789.123', 55032).
Sep 20 14:13:25 X sh[52907]: 2025-09-20 14:13:25,163 INFO: Request
received from ('123.456.789.123', 55032).
Sep 20 14:13:25 X sh[52907]: 2025-09-20 14:13:25,163 INFO: Request
received from ('123.456.789.123', 55032).
Sep 20 14:13:25 X sh[52907]: 2025-09-20 14:13:25,163 INFO: Request
received from ('123.456.789.123', 55032).
Sep 20 14:13:25 X sh[52907]: 2025-09-20 14:13:25,163 INFO: Request
received from ('123.456.789.123', 55032).
Sep 20 14:13:25 X sh[52907]: 2025-09-20 14:13:25,181 INFO: Request
received from ('123.456.789.123', 55821).
Sep 20 14:13:25 X sh[52907]: 2025-09-20 14:13:25,195 ERROR: Failed to
decrypt c3*:
Sep 20 14:13:25 X sh[52907]: Traceback (most recent call last):
Sep 20 14:13:25 X sh[52907]:   File "/usr/lib/python3/dist-
packages/pqconnect/pqcserver.py", line 368, in complete_handshake_0rtt
Sep 20 14:13:25 X sh[52907]:     c2 = secret_unbox(
Sep 20 14:13:25 X sh[52907]:         self.cipher_state,
Sep 20 14:13:25 X sh[52907]:     ...<3 lines>...
Sep 20 14:13:25 X sh[52907]:         self.handshake_state,
Sep 20 14:13:25 X sh[52907]:     )
Sep 20 14:13:25 X sh[52907]:   File "/usr/lib/python3/dist-
packages/pqconnect/common/crypto.py", line 175, in secret_unbox
Sep 20 14:13:25 X sh[52907]:     return
crypto_aead_chacha20poly1305_ietf_decrypt_detached(
Sep 20 14:13:25 X sh[52907]:         ct, tag, ad, nonce, key
Sep 20 14:13:25 X sh[52907]:     )
Sep 20 14:13:25 X sh[52907]:   File "/usr/lib/python3/dist-
packages/pysodium/__init__.py", line 62, in wrapper
Sep 20 14:13:25 X sh[52907]:     return func(*args, **kwargs)
Sep 20 14:13:25 X sh[52907]:   File "/usr/lib/python3/dist-
packages/pysodium/__init__.py", line 664, in
crypto_aead_chacha20poly1305_ietf_decrypt_de>
Sep 20 14:13:25 X sh[52907]:    
__check(sodium.crypto_aead_chacha20poly1305_ietf_decrypt_detached(m,
None, ciphertext, clen, mac, ad, adlen, nonce,>
Sep 20 14:13:25 X sh[52907]:    
~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^>
Sep 20 14:13:25 X sh[52907]:   File "/usr/lib/python3/dist-
packages/pysodium/__init__.py", line 309, in __check
Sep 20 14:13:25 X sh[52907]:     raise ValueError
Sep 20 14:13:25 X sh[52907]: ValueError
Sep 20 14:13:25 X sh[52907]: During handling of the above exception,
another exception occurred:
Sep 20 14:13:25 X sh[52907]: Traceback (most recent call last):
Sep 20 14:13:25 X sh[52907]:   File "/usr/lib/python3/dist-
packages/pqconnect/pqcserver.py", line 415, in run
Sep 20 14:13:25 X sh[52907]:     tun = self.shake_hands(self.pkt)
Sep 20 14:13:25 X sh[52907]:   File "/usr/lib/python3/dist-
packages/pqconnect/pqcserver.py", line 402, in shake_hands
Sep 20 14:13:25 X sh[52907]:     session =
self.complete_handshake_0rtt(*hs_values)
Sep 20 14:13:25 X sh[52907]:   File "/usr/lib/python3/dist-
packages/pqconnect/pqcserver.py", line 377, in complete_handshake_0rtt
Sep 20 14:13:25 X sh[52907]:     raise ValueError(f"Failed to decrypt
c3*: {e}")
Sep 20 14:13:25 X sh[52907]: ValueError: Failed to decrypt c3*:
Sep 20 14:13:25 X sh[52907]: 2025-09-20 14:13:25,198 INFO: Handshake
succeeded: New tunnel created
Sep 20 14:13:25 X sh[52907]: 2025-09-20 14:13:25,199 INFO: New Session
Established:  External IP: 123.456.789.123  Internal IP: 10.42.0.5
Sep 20 14:13:25 X sh[52907]: 2025-09-20 14:13:25,199 ERROR: Failed to
decrypt c3*:
Sep 20 14:13:25 X sh[52907]: Traceback (most recent call last):
Sep 20 14:13:25 X sh[52907]:   File "/usr/lib/python3/dist-
packages/pqconnect/pqcserver.py", line 368, in complete_handshake_0rtt
Sep 20 14:13:25 X sh[52907]:     c2 = secret_unbox(
Sep 20 14:13:25 X sh[52907]:         self.cipher_state,
Sep 20 14:13:25 X sh[52907]:     ...<3 lines>...
Sep 20 14:13:25 X sh[52907]:         self.handshake_state,

Bug#1115850: pqconnect-server: ERROR: Failed to decrypt c3*:

Reply via email to