[TLS] Possible TLS 1.3 erratum

Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 15 July 2021 10:56 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C98A3A26C1 for <tls@ietfa.amsl.com>; Thu, 15 Jul 2021 03:56:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M5dTkkJfPH83 for <tls@ietfa.amsl.com>; Thu, 15 Jul 2021 03:55:59 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.23.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 704D33A26BF for <tls@ietf.org>; Thu, 15 Jul 2021 03:55:59 -0700 (PDT)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01lp2241.outbound.protection.outlook.com [104.47.71.241]) (Using TLS) by relay.mimecast.com with ESMTP id au-mta-84-_w8G__GLN8qfM7kU3zhUnA-1; Thu, 15 Jul 2021 20:55:54 +1000
X-MC-Unique: _w8G__GLN8qfM7kU3zhUnA-1
Received: from ME3PR01MB6242.ausprd01.prod.outlook.com (2603:10c6:220:104::8) by MEAPR01MB4856.ausprd01.prod.outlook.com (2603:10c6:220:39::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.23; Thu, 15 Jul 2021 10:55:52 +0000
Received: from ME3PR01MB6242.ausprd01.prod.outlook.com ([fe80::e99f:67fb:3295:163e]) by ME3PR01MB6242.ausprd01.prod.outlook.com ([fe80::e99f:67fb:3295:163e%6]) with mapi id 15.20.4331.022; Thu, 15 Jul 2021 10:55:51 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: Possible TLS 1.3 erratum
Thread-Index: AQHXeWfZVoV1kD9i3UmF8KiMIWESdQ==
Date: Thu, 15 Jul 2021 10:55:50 +0000
Message-ID: <ME3PR01MB624282F25AA6983F9CEFDCD2EE129@ME3PR01MB6242.ausprd01.prod.outlook.com>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9c5c4c18-f0bc-4f45-05f8-08d9477f1c6c
x-ms-traffictypediagnostic: MEAPR01MB4856:
x-microsoft-antispam-prvs: <MEAPR01MB4856DCFE080E65638549B14EEE129@MEAPR01MB4856.ausprd01.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:1247
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: Fh0h/rvt1QMeHHTamuRTWBBAv5L0R8RmawOekdngtqssdZh8Qs2Is0rZpbj+EJYDWzU0a2sfPR+d/J4Qd30cU9ZsEsqQXO7tjh/WQjlMSfTmvXdFd7ycoM2ieCZ7d+JK9/I6j0pn/36TWw36bqst2lvxcOJQncdWxVGu9KTNvnpxmggUn+CRRCA9/ESDrZcmlXlqUIWNE51H80VGQFWalsnCVzPV7O45ZpdxSPvusDHvkH1qlJ5AL+emwGarIrlGy2HatsNR30mzdfuCSzl1waZarfv48aoAvCRCxjaUrO8zXH8lTKz7ysFK4p13Mzne2I7XZi2k+jUYjqgo7v3cxhVGj8TWbS8RUM18YKO6opvyfIrQHdZfdoymtUOPMcnqmWn9dM+XyiXAhSo4St1M0Kv76O/69PdOmWNLGtjXbuvUAQdPWgssP7HfamnF/c1t7BKhafi6FkIoSfNPi+K7/ww3Ivxs7zrW6GR0aReCZ3svm91ciBGxmAzfEQmO7gS7aw10GtZFKWyBuWaxzi8Vg0KRclu6dI9Ebf/YmdbTRs/8/dsSAjb+vWXnTpuvZIznf10BhcCBXFN+u3EWiqF5U3yxBOHoBXrE07mlmxzgpAOa85zF+fnqK801dr3SojAEtzD6eDsSa0quIr8nO9VdLbVQB35M7oGjAl2ZBEOr/03qLbbx5fB5dri/IVqIITA1gBzPSlBmu5OIwM20Ne2huA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:ME3PR01MB6242.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(136003)(366004)(396003)(376002)(39860400002)(5660300002)(786003)(55016002)(52536014)(2906002)(6506007)(86362001)(478600001)(26005)(66556008)(66446008)(8676002)(66476007)(186003)(7696005)(66946007)(76116006)(122000001)(316002)(38100700002)(64756008)(8936002)(33656002)(7116003)(6916009)(71200400001)(9686003)(38070700004); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?Mhp9Tj4Pk5IBOHjb6zvRy+SNAoJrzzpwwLvFle+p8Yyn3wyCkIFVwC/7eO?= =?iso-8859-1?Q?p7N9i9V3UdfBEAdHw4nbZXeWrwUyylGvAkcRpy63ZdnaByv/zmE+7YPgO0?= =?iso-8859-1?Q?vJMs8ezusYkZ5DGZUdXWm+Ejk7/g5UZDkQz5p4rS3U4jjnAvnfomfTrRw3?= =?iso-8859-1?Q?gx7MJHg8QyROVgcn3U9GDjKQrVkUPG7CSh/Fxylo6rshB2Kq/qbTeulRmo?= =?iso-8859-1?Q?2gP0VbCy9+qzBsPAUJOaB45eTt/96ou/FNODA0KvicVT30IJ6M7E1+z3Lt?= =?iso-8859-1?Q?a7V3jz3AzZFOGLtrbwVOhs44OS7Di06PhjLVTjPHQY0U/m1W3yGWQ8kPci?= =?iso-8859-1?Q?AjBKgeNU390LdcAr2/RvMNWfOvz3j4iRAPkABPihn9S9J7gDeF0kNoiM+J?= =?iso-8859-1?Q?3tis1Tmy+G6kxWDcPli0qgIcBTGixvb8E6BvFVsB8RtuuFlJEDSbG9uYh9?= =?iso-8859-1?Q?6Y11YGJq8+Y5fOap3jA6JGM5OYHn+Ig4uQO9up5MofDiIIFoX0VcVNsS/D?= =?iso-8859-1?Q?ThOeTh/3M3DRbSAq0r9/zIaZHTymYY2oqK7D7DaaXzsNWbgWxDOuHH0E0g?= =?iso-8859-1?Q?7MgWGuE4wLHbuwlo4xSsADQOJ1KTWG+m4Vf/5naLeLUOasQ6OWv9AkXsm6?= =?iso-8859-1?Q?iKREo4OBAxtTqB82XQfSXIpyN0A93UpFOl0xy/wruYqS4tywKn7zBxmXxG?= =?iso-8859-1?Q?wM8E4xNeDAlYsoYf+a1wjxFDzpCz+PxxzlGxqABL65NdvNIPkX730Ny9pd?= =?iso-8859-1?Q?DCHPBjl49mlSBue8U9vpsa+uRWTj9YFhSJYW9AU2tIN/jE7MhIHQW2lnLK?= =?iso-8859-1?Q?2kSNsGCjnVgSiTb3GwN+woBFsVCCn5AW/gDmsG7TfRcmJCzFNz5XMONdDD?= =?iso-8859-1?Q?g/+GDoS7xXKK8hXcb5TDGeKPiw/Ucn9Ogz33bIawrxqQjK+BB90WEu+i0U?= =?iso-8859-1?Q?b9KDJvDbQOjp8beSvz15fooeClAZwpTfYh9j+YFl8i03RdvGZhgzdmRO7b?= =?iso-8859-1?Q?4tsW90s5BD8/jhg7yv5myF8mgUDnjYPg2TXq8Xs9uAlFZhnTnive64gVP4?= =?iso-8859-1?Q?D8uOmB276zbW3XH0WAB1wsvwR3goHuSbbg6zs1trfZ6cdV7O+mdFjuGOiS?= =?iso-8859-1?Q?fdhrFAx8VwZ9iSy2ifw0ZUU8ak0gzwx6jaT7gHQNrg9hxGdi+kfONFCiQQ?= =?iso-8859-1?Q?hD2/j4LJruXKg4rRzFL2qlwAeto06ZNTAJDTRJKlylpVQ1/EFFu6njzOcT?= =?iso-8859-1?Q?Ke+4Ew0Q3MY/w1LSsndBIVip4u87ECw901Fb3g5gEIZ/ctYq8u6Ty9vo/o?= =?iso-8859-1?Q?Lu6uT/OA/LruTZWcXVqBp5LuXylzr6NowyP5DlBIrXHL5Wc=3D?=
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: ME3PR01MB6242.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9c5c4c18-f0bc-4f45-05f8-08d9477f1c6c
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jul 2021 10:55:50.8146 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1LODosZxDTB02RRb6nQy5WtJuLo8wzaQ1m4WfpAGtQ+pGb1GfcDrdQtwfGkPgaoyXpwCs5bN3p+Adej708OoY/mDuDxCF1x+C0btK/4TFUc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MEAPR01MB4856
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/gmmZSTNxtZa87RQQgpBhcdVfkBY>
Subject: [TLS] Possible TLS 1.3 erratum
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jul 2021 10:56:05 -0000

I've got some code that dumps TLS diagnostic info and realised it was
displaying garbage values for some signature_algorithms entries.  Section
4.2.3 of the RFC says:

      In TLS 1.2, the extension contained hash/signature pairs.  The
      pairs are encoded in two octets, so SignatureScheme values have
      been allocated to align with TLS 1.2's encoding.

However, they don't align with TLS 1.2's encoding (apart from being 16-bit
values), the values are encoded backwards compared to TLS 1.2, so where 1.2
uses { hash, sig } 1.3 uses values equivalent to { sig, hash }.  In particular
to decode them you need to know whether you're looking at a 1.2 value or a 1.3
value, and a 1.2-compliant decoder that's looking at what it thinks are
{ hash, sig } pairs will get very confused.

Should I submit an erratum changing the above text to point out that the
encoding is incompatible and signature_algorithms needs to be decoded
differently depending on whether it's coming from a 1.2 or 1.3 client?  At the
moment the text is misleading since it implies that it's possible to process
the extension with a 1.2-compliant decoder when in fact all the 1.3 ones can't
be decoded like that.

Peter.