From: Denis Kenzior <denkenz@gmail.com>
To: ell@lists.linux.dev
Cc: Denis Kenzior <denkenz@gmail.com>
Subject: [PATCH v2 10/10] tls: Do not set verify_data_length unless needed
Date: Mon, 18 Jul 2022 13:00:45 -0500 [thread overview]
Message-ID: <20220718180045.5845-10-denkenz@gmail.com> (raw)
In-Reply-To: <20220718180045.5845-1-denkenz@gmail.com>
All current TLS cipher suites use a verify_data_length of 12. In fact,
according to RFC 5246, most cipher suites are expected to be 12 bytes
unless specified otherwise. Use this fact to simplify the cipher suite
definition: initialization of verify_data_length is no longer necessary
unless the length is greater than 12 bytes.
While here, also update struct tls_cipher_suite to use a size_t member
for verify_data_length instead of an int.
---
ell/tls-private.h | 2 +-
ell/tls-suites.c | 26 --------------------------
ell/tls.c | 29 +++++++++++++++++++++--------
3 files changed, 22 insertions(+), 35 deletions(-)
diff --git a/ell/tls-private.h b/ell/tls-private.h
index 8ceeb68df40b..8941e90d03ca 100644
--- a/ell/tls-private.h
+++ b/ell/tls-private.h
@@ -112,7 +112,7 @@ struct tls_mac_algorithm {
struct tls_cipher_suite {
uint8_t id[2];
const char *name;
- int verify_data_length;
+ size_t verify_data_length;
struct tls_bulk_encryption_algorithm *encryption;
struct tls_signature_algorithm *signature;
diff --git a/ell/tls-suites.c b/ell/tls-suites.c
index 34141ab7fa56..ee4e7ee6c310 100644
--- a/ell/tls-suites.c
+++ b/ell/tls-suites.c
@@ -1262,7 +1262,6 @@ static struct tls_mac_algorithm tls_sha = {
static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
.id = { 0x00, 0x0a },
.name = "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_3des_ede,
.mac = &tls_sha,
.signature = &tls_rsa_signature,
@@ -1270,7 +1269,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_dhe_rsa_with_3des_ede_cbc_sha = {
.id = { 0x00, 0x16 },
.name = "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_3des_ede,
.mac = &tls_sha,
.signature = &tls_rsa_signature,
@@ -1278,7 +1276,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_rsa_with_aes_128_cbc_sha = {
.id = { 0x00, 0x2f },
.name = "TLS_RSA_WITH_AES_128_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_aes128,
.mac = &tls_sha,
.signature = &tls_rsa_signature,
@@ -1286,7 +1283,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_dhe_rsa_with_aes_128_cbc_sha = {
.id = { 0x00, 0x33 },
.name = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_aes128,
.mac = &tls_sha,
.signature = &tls_rsa_signature,
@@ -1294,7 +1290,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_rsa_with_aes_256_cbc_sha = {
.id = { 0x00, 0x35 },
.name = "TLS_RSA_WITH_AES_256_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_aes256,
.mac = &tls_sha,
.signature = &tls_rsa_signature,
@@ -1302,7 +1297,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_dhe_rsa_with_aes_256_cbc_sha = {
.id = { 0x00, 0x39 },
.name = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_aes256,
.mac = &tls_sha,
.signature = &tls_rsa_signature,
@@ -1310,7 +1304,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_rsa_with_aes_128_cbc_sha256 = {
.id = { 0x00, 0x3c },
.name = "TLS_RSA_WITH_AES_128_CBC_SHA256",
- .verify_data_length = 12,
.encryption = &tls_aes128,
.mac = &tls_sha256,
.signature = &tls_rsa_signature,
@@ -1318,7 +1311,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_rsa_with_aes_256_cbc_sha256 = {
.id = { 0x00, 0x3d },
.name = "TLS_RSA_WITH_AES_256_CBC_SHA256",
- .verify_data_length = 12,
.encryption = &tls_aes256,
.mac = &tls_sha256,
.signature = &tls_rsa_signature,
@@ -1326,7 +1318,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_dhe_rsa_with_aes_128_cbc_sha256 = {
.id = { 0x00, 0x67 },
.name = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
- .verify_data_length = 12,
.encryption = &tls_aes128,
.mac = &tls_sha256,
.signature = &tls_rsa_signature,
@@ -1334,7 +1325,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_dhe_rsa_with_aes_256_cbc_sha256 = {
.id = { 0x00, 0x6b },
.name = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
- .verify_data_length = 12,
.encryption = &tls_aes256,
.mac = &tls_sha256,
.signature = &tls_rsa_signature,
@@ -1342,14 +1332,12 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_rsa_with_aes_128_gcm_sha256 = {
.id = { 0x00, 0x9c },
.name = "TLS_RSA_WITH_AES_128_GCM_SHA256",
- .verify_data_length = 12,
.encryption = &tls_aes128_gcm,
.signature = &tls_rsa_signature,
.key_xchg = &tls_rsa_key_xchg,
}, tls_rsa_with_aes_256_gcm_sha384 = {
.id = { 0x00, 0x9d },
.name = "TLS_RSA_WITH_AES_256_GCM_SHA384",
- .verify_data_length = 12,
.encryption = &tls_aes256_gcm,
.prf_hmac = L_CHECKSUM_SHA384,
.signature = &tls_rsa_signature,
@@ -1357,14 +1345,12 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_dhe_rsa_with_aes_128_gcm_sha256 = {
.id = { 0x00, 0x9e },
.name = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
- .verify_data_length = 12,
.encryption = &tls_aes128_gcm,
.signature = &tls_rsa_signature,
.key_xchg = &tls_dhe,
}, tls_dhe_rsa_with_aes_256_gcm_sha384 = {
.id = { 0x00, 0x9f },
.name = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
- .verify_data_length = 12,
.encryption = &tls_aes256_gcm,
.prf_hmac = L_CHECKSUM_SHA384,
.signature = &tls_rsa_signature,
@@ -1372,7 +1358,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_ecdhe_rsa_with_3des_ede_cbc_sha = {
.id = { 0xc0, 0x12 },
.name = "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_3des_ede,
.mac = &tls_sha,
.signature = &tls_rsa_signature,
@@ -1380,7 +1365,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_ecdhe_rsa_with_aes_128_cbc_sha = {
.id = { 0xc0, 0x13 },
.name = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_aes128,
.mac = &tls_sha,
.signature = &tls_rsa_signature,
@@ -1388,7 +1372,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_ecdhe_rsa_with_aes_256_cbc_sha = {
.id = { 0xc0, 0x14 },
.name = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_aes256,
.mac = &tls_sha,
.signature = &tls_rsa_signature,
@@ -1396,7 +1379,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_ecdhe_rsa_with_aes_128_cbc_sha256 = {
.id = { 0xc0, 0x27 },
.name = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
- .verify_data_length = 12,
.encryption = &tls_aes128,
.mac = &tls_sha256,
.signature = &tls_rsa_signature,
@@ -1404,7 +1386,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_ecdhe_rsa_with_aes_256_cbc_sha384 = {
.id = { 0xc0, 0x28 },
.name = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
- .verify_data_length = 12,
.encryption = &tls_aes256,
.mac = &tls_sha384,
.prf_hmac = L_CHECKSUM_SHA384,
@@ -1413,14 +1394,12 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_ecdhe_rsa_with_aes_128_gcm_sha256 = {
.id = { 0xc0, 0x2f },
.name = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
- .verify_data_length = 12,
.encryption = &tls_aes128_gcm,
.signature = &tls_rsa_signature,
.key_xchg = &tls_ecdhe,
}, tls_ecdhe_rsa_with_aes_256_gcm_sha384 = {
.id = { 0xc0, 0x30 },
.name = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
- .verify_data_length = 12,
.encryption = &tls_aes256_gcm,
.prf_hmac = L_CHECKSUM_SHA384,
.signature = &tls_rsa_signature,
@@ -1428,7 +1407,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_ecdhe_ecdsa_with_3des_ede_cbc_sha = {
.id = { 0xc0, 0x08 },
.name = "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_3des_ede,
.mac = &tls_sha,
.signature = &tls_ecdsa_signature,
@@ -1436,7 +1414,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_ecdhe_ecdsa_with_aes_128_cbc_sha = {
.id = { 0xc0, 0x09 },
.name = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_aes128,
.mac = &tls_sha,
.signature = &tls_ecdsa_signature,
@@ -1444,7 +1421,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_ecdhe_ecdsa_with_aes_256_cbc_sha = {
.id = { 0xc0, 0x0a },
.name = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
- .verify_data_length = 12,
.encryption = &tls_aes256,
.mac = &tls_sha,
.signature = &tls_ecdsa_signature,
@@ -1452,14 +1428,12 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = {
}, tls_ecdhe_ecdsa_with_aes_128_gcm_sha256 = {
.id = { 0xc0, 0x2b },
.name = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
- .verify_data_length = 12,
.encryption = &tls_aes128_gcm,
.signature = &tls_ecdsa_signature,
.key_xchg = &tls_ecdhe,
}, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384 = {
.id = { 0xc0, 0x2c },
.name = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
- .verify_data_length = 12,
.encryption = &tls_aes256_gcm,
.prf_hmac = L_CHECKSUM_SHA384,
.signature = &tls_ecdsa_signature,
diff --git a/ell/tls.c b/ell/tls.c
index 136aa8660c2a..fa3df5d3c260 100644
--- a/ell/tls.c
+++ b/ell/tls.c
@@ -1370,11 +1370,25 @@ static void tls_send_change_cipher_spec(struct l_tls *tls)
tls_tx_record(tls, TLS_CT_CHANGE_CIPHER_SPEC, &buf, 1);
}
+static size_t tls_verify_data_length(struct l_tls *tls, unsigned int index)
+{
+ /*
+ * RFC 5246, Section 7.4.9:
+ *
+ * In previous versions of TLS, the verify_data was always 12 octets
+ * long. In the current version of TLS, it depends on the cipher
+ * suite. Any cipher suite which does not explicitly specify
+ * verify_data_length has a verify_data_length equal to 12.
+ */
+ return maxsize(tls->cipher_suite[index]->verify_data_length, 12);
+}
+
static void tls_send_finished(struct l_tls *tls)
{
uint8_t buf[512];
uint8_t *ptr = buf + TLS_HANDSHAKE_HEADER_SIZE;
uint8_t seed[HANDSHAKE_HASH_MAX_SIZE * 2];
+ size_t vdl = tls_verify_data_length(tls, 1);
size_t seed_len;
if (tls->negotiated_version >= L_TLS_V12) {
@@ -1391,8 +1405,8 @@ static void tls_send_finished(struct l_tls *tls)
tls->server ? "server finished" :
"client finished",
seed, seed_len,
- ptr, tls->cipher_suite[1]->verify_data_length);
- ptr += tls->cipher_suite[1]->verify_data_length;
+ ptr, vdl);
+ ptr += vdl;
tls_tx_handshake(tls, TLS_FINISHED, buf, ptr - buf);
}
@@ -1400,14 +1414,14 @@ static void tls_send_finished(struct l_tls *tls)
static bool tls_verify_finished(struct l_tls *tls, const uint8_t *received,
size_t len)
{
- uint8_t expected[tls->cipher_suite[0]->verify_data_length];
+ size_t vdl = tls_verify_data_length(tls, 0);
+ uint8_t expected[vdl];
uint8_t *seed;
size_t seed_len;
- if (len != (size_t) tls->cipher_suite[0]->verify_data_length) {
+ if (len != vdl) {
TLS_DISCONNECT(TLS_ALERT_DECODE_ERROR, 0,
- "TLS_FINISHED length not %i",
- tls->cipher_suite[0]->verify_data_length);
+ "TLS_FINISHED length not %zu", vdl);
return false;
}
@@ -1428,8 +1442,7 @@ static bool tls_verify_finished(struct l_tls *tls, const uint8_t *received,
tls->server ? "client finished" :
"server finished",
seed, seed_len,
- expected,
- tls->cipher_suite[0]->verify_data_length);
+ expected, vdl);
if (memcmp(received, expected, len)) {
TLS_DISCONNECT(TLS_ALERT_DECRYPT_ERROR, 0,
--
2.35.1
prev parent reply other threads:[~2022-07-18 18:07 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-18 18:00 [PATCH v2 01/10] cert/key: Add support for EC based certificates Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 02/10] unit: Add basic EC-DSA verification test Denis Kenzior
2022-07-18 19:07 ` Mat Martineau
2022-07-18 20:21 ` Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 03/10] key: ECDSA data is given in x962 format Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 04/10] tls: Support peer certificates that use ECDSA Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 05/10] tls: Add helper for DigitallySigned validation Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 06/10] tls: Add helper to find hash function by id Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 07/10] tls-suites: Add ECDSA suites from RFC 8422 Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 08/10] unit: Skip ECDSA cipher suite tests Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 09/10] useful: Add maxsize() Denis Kenzior
2022-07-18 18:00 ` Denis Kenzior [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220718180045.5845-10-denkenz@gmail.com \
--to=denkenz@gmail.com \
--cc=ell@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox