[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [TLS] Record layer padding

To: <1.41421@xxxxxxxxx>, <tls@xxxxxxxxxxxxxx>
Subject: RE: [TLS] Record layer padding
From: <Pasi.Eronen@xxxxxxxxx>
Date: Fri, 25 Jan 2008 08:34:09 +0200
Cc:
In-reply-to: <a10b0c8a0801242017y7ce85cden8bc0a4272d7d9f44@xxxxxxxxxxxxxx>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <a10b0c8a0801242017y7ce85cden8bc0a4272d7d9f44@xxxxxxxxxxxxxx>
Thread-index: AchfCWLqHwPrbxdGSyKCMB9q9R+d4gAEXEcg
Thread-topic: [TLS] Record layer padding

JCA (1.41421@xxxxxxxxx) wrote:
> 
>     I am trying to become thoroughly familiar with the TLS
> specification, and I have reached a point at which I have a doubt
> that the spec does not seem to dispel. Or, if it does, I have been
> unable to find where. My apologies in advance for that.
> 
>    My questions are to do with record layer padding. The spec
> describes how to do it when using a block cipher. What is not clear
> from the spec is the following:
> 
>    What happens when the length of the record layer data to be
> encrypted happens to be a multiple of the block cipher's block size?
> Does one have to add a padding block the same size as the cipher's
> block size, or is one to set the closing padding length byte to
> zero, without adding any explicit padding? I'd be inclined to do the
> former, but I do not know if this is what the spec intended.

The data-to-be-encrypted consists of the actual record layer content
(GenericBlockCipher.content), the MAC, the padding (zero or more
bytes) and the padding_length byte. The sum of these has to be a
multiple of the block size (and the padding_length byte is always
present).

So, for example, if you're using AES_128_CBC_SHA, and have 27
bytes of actual content, you could set padding_length to 0 
(since 27+20+1 = 48 = 3*16)

>    Also, what happens to record layers put together before
> encryption kicks in? Is one supposed not to use the padding length
> byte at all?  That's what I would do myself but, again, I am not
> sure.

Each TLS record is encrypted separately, and the padding_length
byte is present in each of them. (If you e.g. combine several
handshake messages in one TLS record -- well, that's done
before the record layer, so it's just one record then.)

Best regards,
Pasi


_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Record layer padding
  - From: JCA

References:
- [TLS] Record layer padding
  - From: JCA

Prev by Date: [TLS] Record layer padding
Next by Date: Re: [TLS] Record layer padding
Previous by thread: [TLS] Record layer padding
Next by thread: Re: [TLS] Record layer padding
Index(es):
- Date
- Thread