Re: [TLS] BoringSSL's TLS test suite
Henrick Hellström <henrick@streamsec.se> Sun, 25 September 2016 23:35 UTC
Return-Path: <henrick@streamsec.se>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A68212B047 for <tls@ietfa.amsl.com>; Sun, 25 Sep 2016 16:35:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MKstX5I_7l6o for <tls@ietfa.amsl.com>; Sun, 25 Sep 2016 16:35:31 -0700 (PDT)
Received: from vsp1.ballou.se (vsp1.ballou.se [91.189.40.82]) by ietfa.amsl.com (Postfix) with SMTP id B81B712B040 for <tls@ietf.org>; Sun, 25 Sep 2016 16:35:30 -0700 (PDT)
X-Halon-Scanned: 7f4a955dd6f4c149d51110a345668da22aa82d04
Received: from nmail1.ballou.se (unknown [10.0.0.116]) by vsp1.ballou.se (Halon Mail Gateway) with ESMTP; Mon, 26 Sep 2016 01:35:26 +0200 (CEST)
Received: from [192.168.0.190] (c-999671d5.06-134-73746f39.cust.bredbandsbolaget.se [213.113.150.153]) (Authenticated sender: henrick@streamsec.se) by nmail1.ballou.se (Postfix) with ESMTPSA id B8FE2C944A; Mon, 26 Sep 2016 01:35:26 +0200 (CEST)
References: <CAF8qwaBQkVy+wcK1-NFctBepV7TW93YmmPnxS2WoJ6F6=v-aEg@mail.gmail.com> <c70c6db3-5d1c-d2db-1e37-f8849166786e@streamsec.se> <CAF8qwaAQYwW9s0E_V-TqHhTqL9sBhobzsGUch5TDQynK2VNfEw@mail.gmail.com> <227dcca5-6549-3b71-1ceb-23686df822bb@streamsec.se> <CAMfhd9X7fHQbzi-DDXOrX2+M6PLbhg+rimg=BfB-QN16mH6Uyg@mail.gmail.com> <CAF8qwaD16JbOaY9AuxoDP9XyodUk27qbj+86qArxRzHDW66eHw@mail.gmail.com>
To: David Benjamin <davidben@chromium.org>, Adam Langley <agl@imperialviolet.org>
From: Henrick Hellström <henrick@streamsec.se>
Message-ID: <c76ebceb-b297-e751-0d5c-cf4a17b2d5be@streamsec.se>
Date: Mon, 26 Sep 2016 01:34:37 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <CAF8qwaD16JbOaY9AuxoDP9XyodUk27qbj+86qArxRzHDW66eHw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/HIG_vqwuHt-36YY72vG6U3Tc6og>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] BoringSSL's TLS test suite
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: henrick@streamsec.se
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Sep 2016 23:35:33 -0000
On 2016-09-25 23:55, David Benjamin wrote: > I believe we are also correct per spec. My interpretation of these > documents is that the general AlgorithmIdentifier structure may or may > not include parameters. However, whether a given parameter value or > omitting parameters altogether is legal is a question for the particular > algorithm. It's not overriding but plugging into the general framework. THe ITU-T X.690 standard for DER might require some close reading to interpret, and this is obviously a topic for debate. I would presume that the use of "default" in lower caps in section 11.5, refers to both the DEFAULT and the OPTIONAL keyword: 11.5 Set and sequence components with default value The encoding of a set value or sequence value shall not include an encoding for any component value which is equal to its default value. After all, this is the only interpretation that is consistent with the description in section 12.5 of DER as unambiguous. Since NULL is always empty, it should be omitted when OPTIONAL, given the above interpretation. But is it optional? The 1988 syntax did not feature information objects and classes, hence the use of the ANY keyword. Luckily the ASN.1 modules were updated in RFC 5912 to modern ASN.1 syntax. There you have these declarations: -- SIGNATURE-ALGORITHM -- -- Describes the basic properties of a signature algorithm -- -- &id - contains the OID identifying the signature algorithm -- &Value - contains a type definition for the value structure of -- the signature; if absent, implies that no ASN.1 -- encoding is performed on the value -- &Params - if present, contains the type for the algorithm -- parameters; if absent, implies no parameters -- ¶mPresence - parameter presence requirement -- &HashSet - The set of hash algorithms used with this -- signature algorithm -- &PublicKeySet - the set of public key algorithms for this -- signature algorithm -- &smimeCaps - contains the object describing how the S/MIME -- capabilities are presented. -- -- Example: -- sig-RSA-PSS SIGNATURE-ALGORITHM ::= { -- IDENTIFIER id-RSASSA-PSS -- PARAMS TYPE RSASSA-PSS-params ARE required -- HASHES { mda-sha1 | mda-md5, ... } -- PUBLIC-KEYS { pk-rsa | pk-rsa-pss } -- } SIGNATURE-ALGORITHM ::= CLASS { &id OBJECT IDENTIFIER UNIQUE, &Value OPTIONAL, &Params OPTIONAL, ¶mPresence ParamOptions DEFAULT absent, &HashSet DIGEST-ALGORITHM OPTIONAL, &PublicKeySet PUBLIC-KEY OPTIONAL, &smimeCaps SMIME-CAPS OPTIONAL } WITH SYNTAX { IDENTIFIER &id [VALUE &Value] [PARAMS [TYPE &Params] ARE ¶mPresence ] [HASHES &HashSet] [PUBLIC-KEYS &PublicKeySet] AlgorithmIdentifier{ALGORITHM-TYPE, ALGORITHM-TYPE:AlgorithmSet} ::= SEQUENCE { algorithm ALGORITHM-TYPE.&id({AlgorithmSet}), parameters ALGORITHM-TYPE. &Params({AlgorithmSet}{@algorithm}) OPTIONAL } pk-rsa PUBLIC-KEY ::= { IDENTIFIER rsaEncryption KEY RSAPublicKey PARAMS TYPE NULL ARE absent -- Private key format not in this module -- CERT-KEY-USAGE {digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyCertSign, cRLSign} } Hence, the correct encoding is for NULL to be absent.
- [TLS] BoringSSL's TLS test suite David Benjamin
- Re: [TLS] BoringSSL's TLS test suite Henrick Hellström
- Re: [TLS] BoringSSL's TLS test suite Adam Langley
- Re: [TLS] BoringSSL's TLS test suite David Benjamin
- Re: [TLS] BoringSSL's TLS test suite Henrick Hellström
- Re: [TLS] BoringSSL's TLS test suite Henrick Hellström
- Re: [TLS] BoringSSL's TLS test suite Adam Langley
- Re: [TLS] BoringSSL's TLS test suite David Benjamin
- Re: [TLS] BoringSSL's TLS test suite Jim Schaad
- Re: [TLS] BoringSSL's TLS test suite Henrick Hellström
- Re: [TLS] BoringSSL's TLS test suite Henrick Hellström
- Re: [TLS] BoringSSL's TLS test suite Jim Schaad
- Re: [TLS] BoringSSL's TLS test suite Henrick Hellström
- Re: [TLS] BoringSSL's TLS test suite Jim Schaad
- Re: [TLS] BoringSSL's TLS test suite Henrick Hellström
- Re: [TLS] BoringSSL's TLS test suite Jim Schaad