s2n-tls icon indicating copy to clipboard operation
s2n-tls copied to clipboard

Published 20 hours ago verified publisher icon aws

Reuse MAC writing logic in s2n_record_read

Open goatgoose opened this issue 9 months ago • 1 comments

Problem:

https://github.com/aws/s2n-tls/pull/4539 added a new s2n_record_write_mac function which calculates the record MAC and writes it into a stuffer. This function was added to write the MAC into the record. However, a MAC also needs to be calculated when receiving stream and CBC records in order to compare the calculated MAC against the received MAC. s2n_record_write_mac can be reused for this purpose as well.

Solution:

Reuse s2n_record_write_mac when validating the record MAC:

goatgoose avatar May 07 '24 21:05 goatgoose

Unfortunately this change impacts the sidetrail proofs. When I attempted this it increased sidetrail's runtime by a lot. It might be difficult to implement this and work around all of the proofs.

goatgoose avatar May 23 '24 18:05 goatgoose