IETF Logo Mail Archive

Re: [TLS] Record header size?

"Short, Todd" <tshort@akamai.com> Tue, 17 November 2015 21:27 UTC

Return-Path: <tshort@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A02E81A8932 for <tls@ietfa.amsl.com>; Tue, 17 Nov 2015 13:27:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.596
X-Spam-Level:
X-Spam-Status: No, score=-0.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jlbWBN34fvfA for <tls@ietfa.amsl.com>; Tue, 17 Nov 2015 13:26:59 -0800 (PST)
Received: from prod-mail-xrelay05.akamai.com (prod-mail-xrelay05.akamai.com [23.79.238.179]) by ietfa.amsl.com (Postfix) with ESMTP id AE9A21A8925 for <tls@ietf.org>; Tue, 17 Nov 2015 13:26:58 -0800 (PST)
Received: from prod-mail-xrelay05.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 15C464243CC; Tue, 17 Nov 2015 21:26:58 +0000 (GMT)
Received: from prod-mail-relay11.akamai.com (prod-mail-relay11.akamai.com [172.27.118.250]) by prod-mail-xrelay05.akamai.com (Postfix) with ESMTP id F183E423737; Tue, 17 Nov 2015 21:26:57 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1447795617; bh=A3o7r0W9OXDH9HspOKNl58LPlTeaSfDP3idgUDxkteE=; l=19287; h=From:To:CC:Date:References:In-Reply-To:From; b=yrE+8yGyc1RfEsOhDASI/ile3SxOt1vk1voaqKDBGprMv39LitGLERReWNVlBcf73 qOE+vj3/x8Pb7WTJcRZ1xr2O9UIGfpVuxdsXsDXTeYqHHewy11rmXnHpqdB1+2PVNn NI2YDPXK1EBrvQJdoipjwoyF8A385AQaV0Tqj4vk=
Received: from email.msg.corp.akamai.com (usma1ex-cas1.msg.corp.akamai.com [172.27.123.30]) by prod-mail-relay11.akamai.com (Postfix) with ESMTP id ED171202C; Tue, 17 Nov 2015 21:26:57 +0000 (GMT)
Received: from USMA1EX-DAG1MB5.msg.corp.akamai.com (172.27.123.105) by usma1ex-dag1mb3.msg.corp.akamai.com (172.27.123.103) with Microsoft SMTP Server (TLS) id 15.0.1076.9; Tue, 17 Nov 2015 16:26:57 -0500
Received: from USMA1EX-DAG1MB5.msg.corp.akamai.com ([172.27.123.105]) by usma1ex-dag1mb5.msg.corp.akamai.com ([172.27.123.105]) with mapi id 15.00.1076.000; Tue, 17 Nov 2015 16:26:57 -0500
From: "Short, Todd" <tshort@akamai.com>
To: Eric Rescorla <ekr@rtfm.com>
Thread-Topic: [TLS] Record header size?
Thread-Index: AQHRIUwqfC6IjHws+EWK+zLpB/KhZp6gxqoAgAA8dYCAAAO3gIAAAu2AgAAE1oA=
Date: Tue, 17 Nov 2015 21:26:57 +0000
Message-ID: <75C621A0-AAFB-4BB9-9958-17864699C2C7@akamai.com>
References: <C5F506DC-F814-4C0B-AFAA-86CF790817A7@akamai.com> <CABcZeBP5QPQAXKvM_oEAzex0-vrVWMvOW0yZuamvF5hxAHtmtw@mail.gmail.com> <87egfoe4n2.fsf@alice.fifthhorseman.net> <D5A18321-BA89-4047-91A0-D0259E70F0D9@akamai.com> <CABcZeBP8YSnv16Goa4-5ZVRS5eyq1N9-Qe1GwkV=A6EmWWE86w@mail.gmail.com>
In-Reply-To: <CABcZeBP8YSnv16Goa4-5ZVRS5eyq1N9-Qe1GwkV=A6EmWWE86w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.42.131]
Content-Type: multipart/alternative; boundary="_000_75C621A0AAFB4BB9995817864699C2C7akamaicom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/qBZ2EhLX63EoSDgnABSb_hyiMvQ>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Record header size?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2015 21:27:01 -0000

Eric,

To be honest, it’s always kinda bugged me that SSL/TLS uses a 5-byte header, coming from my embedded network system background.

I’ve had dealings with cryptographic hardware (SafeNet at Altiga, and Cavium Nitrox at Cisco), and they have to go through hoops to deal with unaligned access. The Cavium Nitrox chip is able to do TLS record processing on it’s own (it’s not just simple crypto), and network processors like aligned data.

Embedded systems don’t have the luxury of mbuf-type of buffer scheme (as you describe for NSS). Many have ethernet-frame sized buffers in locked/pinned memory that read in a whole ethernet frame, and then strip off headers by advancing pointers into the frame. This minimizes copies, and the goal is to have a zero-copy network stack. Once the 5-byte TLS header is reached, the data to be decrypted is no longer aligned, and this requires handling unaligned access, or copying the memory to an aligned buffer; both of which hurt performance. If the cryptography is to be offloaded to a co-processor, depending on the chip, the encrypted portion must be aligned, and thus must be copied.

This is a common architecture for Cisco IOS, Catalyst and other high-performance routers and VPN servers (e.g. Cisco ASA).

Other references regarding aligned vs. unaligned:

While this reference is old (~6 years), this guy tested aligned vs. unaligned access on Intel x86 architecture, and found that there was a difference in performance.

http://www.alexonlinux.com/aligned-vs-unaligned-memory-access

Intel recommends data alignment in structures (which is basically what a record_header is) for performance/cache reasons:

https://software.intel.com/en-us/articles/coding-for-performance-data-alignment-and-structures

Old Reference from IBM (2005) regarding aligned vs. unaligned access:

http://www.ibm.com/developerworks/library/pa-dalign/

So while RISC processors suffer the most from unaligned data, x86 processors can suffer from performance issues as well.

--
-Todd Short
// tshort@akamai.com<mailto:tshort@akamai.com>
// "One if by land, two if by sea, three if by the Internet."

On Nov 17, 2015, at 4:09 PM, Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:

Can you expand on the alignment issues some more?

Thinking through how typical software stacks work, you first read
the record header into some buffer to figure out how long the record
is and then you read the record payload into a buffer, which may
not even be the same buffer. For instance, in NSS, there are
two buffers, one for the header and one for the body:

https://dxr.mozilla.org/mozilla-central/source/security/nss/lib/ssl/ssl3gthr.c#53<https://urldefense.proofpoint.com/v2/url?u=https-3A__dxr.mozilla.org_mozilla-2Dcentral_source_security_nss_lib_ssl_ssl3gthr.c-2353&d=CwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=lkp-Abz8z3roFbGavfNCWmtzPXMDjErHNGNHTxYBzh4&s=p38_5XK14ePbhLx1x1rLlrxoFuOENyPWGV68GFYZgnY&e=>
https://dxr.mozilla.org/mozilla-central/source/security/nss/lib/ssl/sslimpl.h#377<https://urldefense.proofpoint.com/v2/url?u=https-3A__dxr.mozilla.org_mozilla-2Dcentral_source_security_nss_lib_ssl_sslimpl.h-23377&d=CwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=lkp-Abz8z3roFbGavfNCWmtzPXMDjErHNGNHTxYBzh4&s=sxL_eMfoN0otMi3nYvGkzcIdwM-orYF6xwF3POGP4DI&e=>

In a system like this, there's nothing stopping the body from being 4-byte aligned, whatever the alignment of the header is. I'd be interested in hearing
about the design you have in mind.

-Ekr








On Tue, Nov 17, 2015 at 12:59 PM, Short, Todd <tshort@akamai.com<mailto:tshort@akamai.com>> wrote:
I would say that 32-bits would be optimal, since that is the typical word-size of processors that need alignment. 2-bytes isn’t much better than 5-bytes in this regard.
--
-Todd Short
// tshort@akamai.com<mailto:tshort@akamai.com>
// "One if by land, two if by sea, three if by the Internet."

On Nov 17, 2015, at 3:45 PM, Daniel Kahn Gillmor <dkg@fifthhorseman.net<mailto:dkg@fifthhorseman.net>> wrote:

On Tue 2015-11-17 12:09:30 -0500, Eric Rescorla wrote:
The concern here is backward compatibility with inspection middleboxes which
expect the length field to be in a particular place. We agreed in Seattle to
wait for early deployment experience before modifying the header to move
the length.

In particular, if we're going to make a change to the TLS record header,
the change would be to remove the version and the type entirely, leaving
only two octets of length on each record.  Is a two-octet offset going
to be problematic?

        --dkg

v2.23.0 | Report a Bug | By Email