1 (edited by zeta 2018-09-05 16:23:24)

Topic: TLS encoding sequence number.

In the other ciphers supported by TLS 1.2, namely stream cipher and CBC block cipher mode, the sequence number is implicitly in the MAC (RFC5246, 6.2.3.1):

MAC = HMAC(MAC_write_key, seq_num +
                          TLSCompressed.type +
                          TLSCompressed.version +
                          TLSCompressed.length +
                          TLSCompressed.fragment);

How many bytes are seq_num? and how to count it? And is IV included in fragment?
I think fragment = IV + message.(padding is not included) if not compressed.

Share

Re: TLS encoding sequence number.

Hi zeta,

Thank you for using the wolfSSL forums. Can you tell us what it is you are working on and what the purpose is for inquiring about the sequence number, how to count it and whether or not the IV is contained therein? This is not a typical thing users are asking for so it would be good to understand the motivation behind the question. Looking forward to more details!

Warm Regards,

K

Re: TLS encoding sequence number.

Thanks for attention.
I am using wolfssl library as crypt base.
And implementing basic TLS library of my own.
Is this a delicate infomation?
I thought it was an open infomation.
It is very hard to find well described document.
Even RFC5246 does not say a thing about this and some other details.
Could you kindly explain how to count the sequence number?

Share

Re: TLS encoding sequence number.

zeta,

No this is not delicate information but it is non-standard/non-general and something we would have to handle via our consulting department. We are happy to answer questions of a "how-to", "break-fix", or "optimization" nature but your question requires a much more in-depth explanation. You are correct it is all open source and you can readily use our implementation as a reference if you do not wish to engage our consulting team.

Is there a reason you are trying to write your own TLS library rather than using the embedded-conscious wolfSSL TLS library we have spent years working on already? What is it about the wolfSSL TLS sources are not suitable for your needs? If we can understand your use-case and goals perhaps there is something we could do better in future development. We are always looking to improve so let us know where our library is falling short for you.

Warm Regards,

Kaleb

5 (edited by zeta 2018-10-05 15:53:17)

Re: TLS encoding sequence number.

I didn't see this message for a long time.
Apology for late answer.
I made some C++ web development framework with state.
From my point of view, it is quite easy to develop a new site with my framework.(https://github.com/ParkSeungwon/http2)-branch tls
It handles connections in its own way to give programmers an environment with state.(web services are basically stateless)
So I decided to make a simple tls library that is decoupled from file descriptor and only deals with memory structure upon wolfssl crypto base.
I currently finished making normal http middle server.
But it lacks tls function.

So I tried some tls libraries and thought wolfssl was best.
I didn't know at that time that these will be such a long journey.
If I knew that these informations are so scattered and RFC document are so maze-like and abstract, I would not have decided that way.
It took 10 times more time to collect standard info than to code.
I made my own version of server and client program easily, but making a program that can communicate with real world site or browser was so time consuming.

I also posted questions to other sites like stack overflow.
But usually there is no answer. I think these informations are over normal programmers.
So I thought specialists like wolfssl could help me.

Share

6 (edited by zeta 2018-10-05 15:52:26)

Re: TLS encoding sequence number.

resuming....

Though I got an answer about this sequence number.
https://crypto.stackexchange.com/questi … -generated
Is this right?

I have another question.
https://stackoverflow.com/questions/525 … ke-message
This is about encrypted handshake message.

Yes, I am currently thinking about cousulting formally.
But I will try by myself for some more time because I am now travelling.

Thanks for making such a good functioned, well documented and easy to understand library.
And making it a GPL license.
My framework is also GPL. It maybe clumsy and simple. I think it has good ideas.
If you have time, please visit my github site http2-tls branch.
If you are willing to see my program and find out what's wrong it will be a great honor to me.
It wouldn't take long for a specialists like wolfssl programmers.

Share