Hi! I found that in the BUILT_IN implementation of chacha20-poly1305, there is no operation for poly1305 authentication; instead, it directly uses the chacha20 algorithm for decryption. This could lead to a failure to detect if the ciphertext has been tampered with by an attacker.
Hi! I found that in the BUILT_IN implementation of chacha20-poly1305, there is no operation for poly1305 authentication; instead, it directly uses the chacha20 algorithm for decryption. This could lead to a failure to detect if the ciphertext has been tampered with by an attacker.
https://github.com/cesanta/mongoose/blob/c00962e881093cf676588df596649704e4ff8e36/src/tls_chacha20.c#L1327-L1339