From e59d6ab9f6b7bcb45cba132f6b2ec6692bb3fbd2 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Mon, 7 Nov 2022 13:54:28 -0800 Subject: [PATCH] Clean up adding padding This commit simplifies the adding of padding data in a few places. Rather than adding one or two bytes at a time in a "for" loop, all of the padding is added in one step by extracting it from a long padding string. (The one exception is in run_robot(), where a "for" loop is used to add additional padding in case in which the RSA modulus is longer than the pre-defined padding string.) Extracting the padding from a long string is faster than using a "for" loop and it makes the debugging file a little cleaner. The idea is the same as PR #1940. --- testssl.sh | 44 +++++++++++++------------------------------- 1 file changed, 13 insertions(+), 31 deletions(-) diff --git a/testssl.sh b/testssl.sh index c069edf..f343267 100755 --- a/testssl.sh +++ b/testssl.sh @@ -12687,6 +12687,7 @@ poly1305_mac() { local -i d0 d1 d2 d3 d4 local -i g0 g1 g2 g3 g4 local -i i c f blocksize hibit + local padding="00000000000000000000000000000000" # poly1305_key_gen - RFC 8439, Section 2.6 # The MAC key is actually just the first 64 characters (32 bytes) of the @@ -12699,19 +12700,11 @@ poly1305_mac() { msg="$aad" aad_len=$((${#aad}/2)) bytes=$(( aad_len % 16 )) - if [[ $bytes -ne 0 ]]; then - for (( i=bytes; i < 16; i++ )); do - msg+="00" - done - fi + [[ $bytes -ne 0 ]] && msg+="${padding:0:$((2*(16-bytes)))}" msg+="$ciphertext" ciphertext_len=$((${#ciphertext}/2)) bytes=$(( ciphertext_len % 16 )) - if [[ $bytes -ne 0 ]]; then - for (( i=bytes; i < 16; i++ )); do - msg+="00" - done - fi + [[ $bytes -ne 0 ]] && msg+="${padding:0:$((2*(16-bytes)))}" msg+="$(u64to8 $aad_len)$(u64to8 $ciphertext_len)" bytes="${#msg}" @@ -12740,10 +12733,7 @@ poly1305_mac() { else blocksize=$bytes hibit=0 - msg+="01" - for (( i=bytes+2; i < 32; i+=2 )); do - msg+="00" - done + msg+="01${padding:0:$((30-bytes))}" fi h0+=$(( $(u8to32 "${msg:0:8}") & 0x3ffffff )) h1+=$(( ($(u8to32 "${msg:6:8}") >> 2) & 0x3ffffff )) @@ -12874,6 +12864,7 @@ ccm-compute-tag() { local -i tag_len="$6" local b tag local -i i aad_len plaintext_len final_block_len nr_blocks + local padding_bytes="00000000000000000000000000000000" aad_len=$((${#aad}/2)) plaintext_len=$((${#plaintext}/2)) @@ -12909,21 +12900,13 @@ ccm-compute-tag() { return 7 fi # Add padding to complete block - if [[ $final_block_len -ne 0 ]]; then - for (( i=final_block_len; i < 16; i++ )); do - b+="00" - done - fi + [[ $final_block_len -ne 0 ]] && b+="${padding_bytes:0:$((2*(16-final_block_len)))}" fi # Finally add the plaintext and any padding needed to complete block b+="$plaintext" final_block_len=$((plaintext_len % 16)) - if [[ $final_block_len -ne 0 ]]; then - for (( i=final_block_len; i < 16; i++ )); do - b+="00" - done - fi + [[ $final_block_len -ne 0 ]] && b+="${padding_bytes:0:$((2*(16-final_block_len)))}" # Compute the authentication tag as described in # Sections 6.1 and 6.2 of NIST SP 800-38C. @@ -15156,6 +15139,7 @@ prepare_tls_clienthello() { local extensions_key_share="" extn_type supported_groups_c2n="" extn_psk_mode="" local extra_extensions extra_extensions_list="" extension_supported_versions="" local offer_compression=false compression_methods + local padding_bytes="\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00" # TLSv1.3 ClientHello messages MUST specify only the NULL compression method. [[ "$5" == true ]] && [[ "0x$tls_low_byte" -le "0x03" ]] && offer_compression=true @@ -15466,17 +15450,14 @@ prepare_tls_clienthello() { fi len_padding_extension_hex=$(printf "%02x\n" $len_padding_extension) len2twobytes "$len_padding_extension_hex" - all_extensions="$all_extensions\\x00\\x15\\x${LEN_STR:0:2}\\x${LEN_STR:4:2}" - for (( i=0; i