IETF Logo Mail Archive

Re: [TLS] Clarification on vectors required

"neil.young" <neil.young@freenet.de> Thu, 01 April 2010 16:27 UTC

Return-Path: <neil.young@freenet.de>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ECC103A69C3 for <tls@core3.amsl.com>; Thu, 1 Apr 2010 09:27:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.783
X-Spam-Level:
X-Spam-Status: No, score=0.783 tagged_above=-999 required=5 tests=[AWL=-0.763, BAYES_40=-0.185, DNS_FROM_OPENWHOIS=1.13, HTML_MESSAGE=0.001, J_CHICKENPOX_45=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SQy6fxTmTLRt for <tls@core3.amsl.com>; Thu, 1 Apr 2010 09:27:03 -0700 (PDT)
Received: from mout3.freenet.de (mout3.freenet.de [IPv6:2001:748:100:40::2:5]) by core3.amsl.com (Postfix) with ESMTP id 636A63A6A2E for <tls@ietf.org>; Thu, 1 Apr 2010 09:26:43 -0700 (PDT)
Received: from [195.4.92.21] (helo=11.mx.freenet.de) by mout3.freenet.de with esmtpa (ID roland.klabunde@freenet.de) (port 25) (Exim 4.72 #3) id 1NxNEf-0006r1-95; Thu, 01 Apr 2010 18:27:13 +0200
Received: from p54be0e6e.dip0.t-ipconnect.de ([84.190.14.110]:54841 helo=[192.168.178.38]) by 11.mx.freenet.de with esmtpa (ID roland.klabunde@freenet.de) (port 25) (Exim 4.72 #3) id 1NxNEe-0008Sl-Nb; Thu, 01 Apr 2010 18:27:13 +0200
Message-ID: <4BB4C960.1000403@freenet.de>
Date: Thu, 01 Apr 2010 18:27:12 +0200
From: "neil.young" <neil.young@freenet.de>
User-Agent: Thunderbird 2.0.0.24 (Windows/20100228)
MIME-Version: 1.0
To: Marsh Ray <marsh@extendedsubset.com>
References: <4BB49475.5060701@Freenet.de> <4BB4A65B.4000403@freenet.de> <4BB4ACEA.5050109@extendedsubset.com>
In-Reply-To: <4BB4ACEA.5050109@extendedsubset.com>
Content-Type: multipart/alternative; boundary="------------040209030609060403060705"
Cc: tls@ietf.org
Subject: Re: [TLS] Clarification on vectors required
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: neil.young@freenet.de
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Apr 2010 16:27:05 -0000

Hi Marsh,

thanks for the response. Meanwhile I got a similar answer from real TLS 
experts :)  Their statement was
"Hmm, no. The above rule states that the encoded size value (that is put 
to the first three bytes in your case) must be a multiple of the vector 
element's size (two in your case). E.g. if a type is defined as uint16 
data<0..2^24-1>, then the sizes encoded as 00 00 01, 00 00 FF and 00 FF 
FF are illegal (as neither of them is a multiple of two). 

If the type is defined as uint16<0..2^24-1>, then the 0x4711 value (one 
uint16 element) will be encoded as 00 00 02 47 11"

This is exactly what you said. The "size" _element_ has to be an even 
multiple of the element size. A  bit confusing, but logical finally.
Regards



Marsh Ray schrieb:
> On 4/1/2010 8:57 AM, neil.young wrote:
>   
>>> Given the following declaration:
>>>
>>> opaque             config_data<2^24-1>;
>>>       
>
>   
>> Is this understanding correct:
>>
>> 1) The declaration is slightly incorrect, because the "floor" element
>> is missing. I tend to treat it to be 0
>>     
>
> Looks like the lower bound is specified everywhere else.
>
>   
>> 2) The number of bytes expressing the length of the vector is 3,
>> large enough to count for 2**24-1 bytes
>>     
>
> Sounds right to me.
>
>   
>> 3) If e.g. the size of the vector's data is 2 bytes, do I really have
>> to add a pad byte in order to meet the "even multiple" demand?
>>     
>
> No. The length field does not need to be the same as the size of an
> element and it is not included in the "even multiple" requrirement.
>
>   
>> Is this correct? 00 00 02 47 11 0
>>
>> Or this? 00 00 02 47 11
>>     
>
> Either is correct, you defined it as 'opaque'. The opaque type is for
> "single byte entities containing uninterpreted data".
>
> It's only when vectors contain a defined type that this rule applies:
> "The length of an encoded vector must be an even multiple of the length
> of a single element (for example, a 17 byte vector of uint16 would be
> illegal)."
>
> Obviously, if the defined type is itself one byte in size then the even
> multiple requirement is always met.
>
> The example in the RFC:
>   
>> opaque Datum[3];      /* three uninterpreted bytes */
>> Datum Data[9];   /* 3 consecutive 3 byte vectors */
>>     
>
> The 9 must be a multiple of 3.
>
> The size of the length field does not need to be the same as the size of
> an element of the vector.
>
> There appears to be an unstated exception to the even multiple
> requirement for element types that may themselves be of variable length.
>
> This is just my interpretation, however. :-)
>
> - Marsh
>

v2.23.0 | Report a Bug | By Email