IETF Logo Mail Archive

Re: [TLS] questions regarding draft-ietf-tls-rfc2246-bis-13.txt

Sami Lehtinen <sjl@ssh.com> Mon, 13 February 2006 08:03 UTC

Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8YgD-0003qC-DG; Mon, 13 Feb 2006 03:03:29 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F8YgB-0003q2-BB for tls@megatron.ietf.org; Mon, 13 Feb 2006 03:03:27 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA23599 for <tls@ietf.org>; Mon, 13 Feb 2006 03:01:41 -0500 (EST)
Received: from fw.hel.fi.ssh.com ([195.20.116.97]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1F8Ytg-0006ZT-Nm for tls@ietf.org; Mon, 13 Feb 2006 03:17:29 -0500
Received: from viikuna.hel.fi.ssh.com (viikuna.hel.fi.ssh.com [10.1.0.46]) by fw.hel.fi.ssh.com (SSH-1.16) with SMTP id k1D83KK6010331 for <tls@ietf.org>; Mon, 13 Feb 2006 10:03:20 +0200 (EET)
Received: (qmail 517 invoked from network); 13 Feb 2006 08:03:20 -0000
Received: from unknown (HELO ?127.0.0.1?) ([10.1.0.48]) (envelope-sender <sjl@ssh.com>) by viikuna.hel.fi.ssh.com (qmail-ldap-1.03) with SMTP for <tls@ietf.org>; 13 Feb 2006 08:03:20 -0000
Message-ID: <43F03D43.5060604@ssh.com>
Date: Mon, 13 Feb 2006 10:03:15 +0200
From: Sami Lehtinen <sjl@ssh.com>
User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051013)
X-Accept-Language: en-us, en
MIME-Version: 1.0
Subject: Re: [TLS] questions regarding draft-ietf-tls-rfc2246-bis-13.txt
References: <43C5FF00.5040704@ssh.com> <868xsogvgm.fsf@raman.networkresonance.com>
In-Reply-To: <868xsogvgm.fsf@raman.networkresonance.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e8a67952aa972b528dd04570d58ad8fe
Content-Transfer-Encoding: 7bit
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Sender: tls-bounces@lists.ietf.org
Errors-To: tls-bounces@lists.ietf.org

Eric Rescorla wrote:
> Sami Lehtinen <sjl@ssh.com> writes:
>>In section 6.2.3.2. CBC block cipher:
>>
>>    The encrypted data length (TLSCiphertext.length) is one more than the
>>    sum of TLSCompressed.length, CipherSpec.hash_size, and
>>    padding_length.
>>
>>Should this be:
>>
>>    The encrypted data length (TLSCiphertext.length) is one more than the
>>    sum of CipherSpec.block_length, TLSCompressed.length,
>>           ^^^^^^^^^^^^^^^^^^^^^^^^^
>>    CipherSpec.hash_size, and padding_length.
>>
>>to accommondate for the explicit IV?
> 
> 
> I've reviewed this and I believe this is incorrect. You can form the
> explicit IV by encrypting a non-explicit IV, but it's not properly
> part of the ciphertext.

So, in your opinion the explicit IV length is _not_ added to the 
TLSCiphertext.length?

Record layer implementation thus needs to take into account that we are 
running TLS1.1, have a block cipher (=> explicit IVs) and add 
CipherSpec.block_length (size of IV) to received record layer length 
when reading the record?

 From draft-ietf-tls-rfc2246-bis-13.txt:

        struct {
            ContentType type;
            ProtocolVersion version;
            uint16 length;
            select (CipherSpec.cipher_type) {
                case stream: GenericStreamCipher;
                case block: GenericBlockCipher;
            } fragment;
        } TLSCiphertext;

    [...]

    length
        The length (in bytes) of the following TLSCiphertext.fragment.
        The length may not exceed 2^14 + 2048.

and fragment is:

        block-ciphered struct {
            opaque IV[CipherSpec.block_length];
            opaque content[TLSCompressed.length];
            opaque MAC[CipherSpec.hash_size];
            uint8 padding[GenericBlockCipher.padding_length];
            uint8 padding_length;
        } GenericBlockCipher;

To me, `length' specification above reads as "length = 
sizeof(GenericBlockCipher)", which would include the size of the IV.

-- 
sjl@ssh.com

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email