ad4a137965
Context: The CID draft does not require that the length of CIDs used for incoming records must not change in the course of a connection. Since the record header does not contain a length field for the CID, this means that if CIDs of varying lengths are used, the CID length must be inferred from other aspects of the record header (such as the epoch) and/or by means outside of the protocol, e.g. by coding its length in the CID itself. Inferring the CID length from the record's epoch is theoretically possible in DTLS 1.2, but it requires the information about the epoch to be present even if the epoch is no longer used: That's because one should silently drop records from old epochs, but not the entire datagrams to which they belong (there might be entire flights in a single datagram, including a change of epoch); however, in order to do so, one needs to parse the record's content length, the position of which is only known once the CID length for the epoch is known. In conclusion, it puts a significant burden on the implementation to infer the CID length from the record epoch, which moreover mangles record processing with the high-level logic of the protocol (determining which epochs are in use in which flights, when they are changed, etc. -- this would normally determine when we drop epochs). Moreover, with DTLS 1.3, CIDs are no longer uniquely associated to epochs, but every epoch may use a set of CIDs of varying lengths -- in that case, it's even theoretically impossible to do record header parsing based on the epoch configuration only. We must therefore seek a way for standalone record header parsing, which means that we must either (a) fix the CID lengths for incoming records, or (b) allow the application-code to configure a callback to implement an application-specific CID parsing which would somehow infer the length of the CID from the CID itself. Supporting multiple lengths for incoming CIDs significantly increases complexity while, on the other hand, the restriction to a fixed CID length for incoming CIDs (which the application controls - in contrast to the lengths of the CIDs used when writing messages to the peer) doesn't appear to severely limit the usefulness of the CID extension. Therefore, the initial implementation of the CID feature will require a fixed length for incoming CIDs, which is what this commit enforces, in the following way: In order to avoid a change of API in case support for variable lengths CIDs shall be added at some point, we keep mbedtls_ssl_set_cid(), which includes a CID length parameter, but add a new API mbedtls_ssl_conf_cid_len() which applies to an SSL configuration, and which fixes the CID length that any call to mbetls_ssl_set_cid() which applies to an SSL context that is bound to the given SSL configuration must use. While this creates a slight redundancy of parameters, it allows to potentially add an API like mbedtls_ssl_conf_cid_len_cb() later which could allow users to register a callback which dynamically infers the length of a CID at record header parsing time, without changing the rest of the API. |
||
---|---|---|
.. | ||
.gitignore | ||
aes.c | ||
aesni.c | ||
arc4.c | ||
aria.c | ||
asn1parse.c | ||
asn1write.c | ||
base64.c | ||
bignum.c | ||
blowfish.c | ||
camellia.c | ||
ccm.c | ||
certs.c | ||
chacha20.c | ||
chachapoly.c | ||
cipher.c | ||
cipher_wrap.c | ||
cmac.c | ||
CMakeLists.txt | ||
ctr_drbg.c | ||
debug.c | ||
des.c | ||
dhm.c | ||
ecdh.c | ||
ecdsa.c | ||
ecjpake.c | ||
ecp.c | ||
ecp_curves.c | ||
entropy.c | ||
entropy_poll.c | ||
error.c | ||
gcm.c | ||
havege.c | ||
hkdf.c | ||
hmac_drbg.c | ||
Makefile | ||
md.c | ||
md2.c | ||
md4.c | ||
md5.c | ||
md_wrap.c | ||
memory_buffer_alloc.c | ||
net_sockets.c | ||
nist_kw.c | ||
oid.c | ||
padlock.c | ||
pem.c | ||
pk.c | ||
pk_wrap.c | ||
pkcs5.c | ||
pkcs11.c | ||
pkcs12.c | ||
pkparse.c | ||
pkwrite.c | ||
platform.c | ||
platform_util.c | ||
poly1305.c | ||
ripemd160.c | ||
rsa.c | ||
rsa_internal.c | ||
sha1.c | ||
sha256.c | ||
sha512.c | ||
ssl_cache.c | ||
ssl_ciphersuites.c | ||
ssl_cli.c | ||
ssl_cookie.c | ||
ssl_srv.c | ||
ssl_ticket.c | ||
ssl_tls.c | ||
threading.c | ||
timing.c | ||
version.c | ||
version_features.c | ||
x509.c | ||
x509_create.c | ||
x509_crl.c | ||
x509_crt.c | ||
x509_csr.c | ||
x509write_crt.c | ||
x509write_csr.c | ||
xtea.c |