Re: [TLS] Length of a variable-length vector: Could it be an odd multiple?

"Hodges, Jeff" <jeff.hodges@paypal.com> Wed, 20 January 2016 19:20 UTC

Return-Path: <jeff.hodges@paypal.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 366421ACD8B for <tls@ietfa.amsl.com>; Wed, 20 Jan 2016 11:20:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -18.201
X-Spam-Level:
X-Spam-Status: No, score=-18.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RuaUMNgm9mf8 for <tls@ietfa.amsl.com>; Wed, 20 Jan 2016 11:20:56 -0800 (PST)
Received: from den-ipout-03-data1.paypalcorp.com (den-ipout-03-data1.paypalcorp.com [173.224.160.157]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F08151ACD84 for <tls@ietf.org>; Wed, 20 Jan 2016 11:20:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=paypal.com; i=@paypal.com; q=dns/txt; s=pp-dkim1; t=1453317655; x=1484853655; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=hawXd98pPENIXHhY7c0Wpljg7lOpVcgWbby9x9aA6aM=; b=e4fR5LVxgTAiePfkC1+k5hBgMFFiulvNwZQe9xUKGgakzLeimmTdGrSx RxYsB2V66QN+z1dIhTQ96PUsstDLFZnHj13o8NSkcrsDQ09rvKMGkZstL TJEd3pyHcE/7wsWuh9LdHb1CxJ553vPRRO9aVyEnV0o8xVppc0YQX3nPA 8/q7RtgphSH6AE557lYF7lGXr/8INfTZs6pveKy+Yj1aNTgae8wIXn/Eu 6rLg8DAEyzVye4hS2ai/IE8X48b7mE8s61YDNkmF94307MxiV/TCbMQ2B 6GYC8Q+TNVKzKlT0EM8YX5FpcdqM0jblvOb8RzIOEkIq08gBTOvyutNVj w==;
X-IronPort-AV: E=Sophos;i="5.22,322,1449558000"; d="scan'208";a="9009668"
Received: from unknown (HELO lvs-ipcld-01-data1.paypalcorp.com) ([10.184.246.167]) by den-ipout-03-data1.paypalcorp.com with ESMTP; 20 Jan 2016 12:20:55 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.22,322,1449561600"; d="scan'208";a="3176854"
X-CloudService: Office365
Received: from mail-bn1blp0190.outbound.protection.outlook.com (HELO na01-bn1-obe.outbound.protection.outlook.com) ([207.46.163.190]) by lvs-ipcld-01-data1.paypalcorp.com with ESMTP/TLS/AES256-SHA256; 20 Jan 2016 11:20:54 -0800
Received: from BY2PR06MB454.namprd06.prod.outlook.com (10.141.220.144) by BY2PR06MB454.namprd06.prod.outlook.com (10.141.220.144) with Microsoft SMTP Server (TLS) id 15.1.365.19; Wed, 20 Jan 2016 19:20:52 +0000
Received: from BY2PR06MB454.namprd06.prod.outlook.com ([10.141.220.144]) by BY2PR06MB454.namprd06.prod.outlook.com ([10.141.220.144]) with mapi id 15.01.0365.024; Wed, 20 Jan 2016 19:20:52 +0000
From: "Hodges, Jeff" <jeff.hodges@paypal.com>
To: Benjamin Kaduk <bkaduk@akamai.com>
Thread-Topic: [TLS] Length of a variable-length vector: Could it be an odd multiple?
Thread-Index: AQHRTkR4epX27goF9EGhvHqqCgIza58EQ2wAgACKGwD//39KAA==
Date: Wed, 20 Jan 2016 19:20:51 +0000
Message-ID: <D2C51AFD.5D9A3%jehodges@paypalcorp.com>
References: <CA+_zv04F0EiLdcbkhyNo9P8dR3BW3JAsDys_WKFXXUW92x=LcQ@mail.gmail.com> <5696B946.3050405@akamai.com> <D2C5128F.5D7C9%jehodges@paypalcorp.com> <569FD9A4.4030600@akamai.com>
In-Reply-To: <569FD9A4.4030600@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jeff.hodges@paypal.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [73.202.80.238]
x-microsoft-exchange-diagnostics: 1; BY2PR06MB454; 5:P5F/iblN5PAxk0PLdmy3ZCt1/WbQTkkyNAtVt5F67QOMC76zd5ZJw9tr+sEQQfR3jzYQRoJ7ILK0G3L+BAid9Vw6GaG071asklMKR2t/MPp370lvlNXUcBhgDlGDNUthDf63USd2ok/3Q3uc+neHoA==; 24:vSxZcfoXn09lxlV939pVt+BUyMNsbbSnfdGi1md2Um8phqLHlMM7ayz5t9J22wmwZe8z5bA6h+2+NG4sbrpY8eUBGVpkrMEhBHk7Y2RruFE=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR06MB454;
x-ms-office365-filtering-correlation-id: 9c3a02bf-5da0-4067-cdd8-08d321cecfe3
x-microsoft-antispam-prvs: <BY2PR06MB454556E663F13860FA092C293C20@BY2PR06MB454.namprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(520078)(8121501046)(5005006)(10201501046)(3002001); SRVR:BY2PR06MB454; BCL:0; PCL:0; RULEID:; SRVR:BY2PR06MB454;
x-forefront-prvs: 0827D7ACB9
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(24454002)(199003)(189002)(377454003)(479174004)(76176999)(2906002)(10130500003)(99286002)(101416001)(106116001)(54356999)(106356001)(50986999)(5004730100002)(19580395003)(10630500004)(73692002)(82432001)(11100500001)(19580405001)(86362001)(93886004)(10400500002)(77072002)(10290500002)(10300500001)(36756003)(105586002)(10770500003)(3846002)(66066001)(5008740100001)(6116002)(102836003)(4326007)(1096002)(87936001)(1220700001)(122556002)(40100003)(5002640100001)(110136002)(2900100001)(2950100001)(77096005)(92566002)(4500500003)(189998001)(97736004)(5001960100002)(586003)(81156007)(56826009); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR06MB454; H:BY2PR06MB454.namprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: paypal.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-ID: <4AD4988D3F3A9F4F8716A6C42CC29C8F@namprd06.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: paypal.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jan 2016 19:20:51.4477 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: fb007914-6020-4374-977e-21bac5f3f4c8
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR06MB454
X-CFilter: Scanned den1
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/P_3RKP0qaIxr2Adrxxit7ZwTK1w>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Length of a variable-length vector: Could it be an odd multiple?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jan 2016 19:20:57 -0000

On 1/20/16, 11:01 AM, "Benjamin Kaduk" <bkaduk@akamai.com>; wrote:
>On 01/20/2016 12:47 PM, Hodges, Jeff wrote:
>> On 1/13/16, 12:53 PM, "Benjamin Kaduk" <bkaduk@akamai.com>; wrote:
>>> On 01/13/2016 02:44 PM, Jong-Shian Wu wrote:
>>>> I have a question about the even-vs-odd restrictions on the length of
>>>> a valid variable-length vector defined in TLS specification after
>>>> reading the section 4.3 of RFC 5246 [1] which states that:
>>>> "The length of an encoded vector must be an even multiple of the
>>>>length
>>>> of a single element (for example, a 17-byte vector of uint16 would be
>>>> illegal)."
>>>>
>>> It means "whole-number" as opposed to fractional, i.e., there should
>>>not
>>> be unused "junk bytes" at the end.
>> In case it's helpful, here's a suggested re-write of that quoted
>>sentence
>> above..
>>
>>   The length of an encoded variable-length vector must be an
>>   exact multiple of the length of a single element. For example,
>>   an encoded 17-byte vector of uint16 would be illegal, and an
>>   encoded variable-length vector of four 32 byte elements,
>>   having a ceiling of 2^16-1, will be 130 bytes long overall
>>   (2 byte length field followed by 128 bytes of data).
>
>Wouldn't the ceiling more properly be 2^16-4 in that case?

hm, I'm not sure -- what would be the rationale?  The exact multiple
criteria?  but 2^16 / 32 = 2048

i do have further questions regarding variable-length vectors, and how
they are specified, that subsequent discussion will hopefully tease out.

thanks, 

=JeffH