Rolf Kalbermatter Posted April 29 Report Share Posted April 29 2 hours ago, ShaunR said: Having played a bit, it doesn't look that straightforward. The main idea, it seems, is that you create callbacks that allocate and free the CRYPTO_EX_DATA (which is required for the get and set) but if they are all set to NULL in CRYPTO_get_ex_new_index then you must use CRYPTO_EX_new which would have to be a global and there is no way to associate it with the SSL session. This seems a lot harder than it should be so maybe I'm not seeing something. It depends what you consider a lot harder. The basic function gets you a pointer sized slot to store whatever you want. If you manage allocation/deallocation of that data structure yourself you can get away with NULL callback parameters and only need the set and get functions to store the pointer and get it out back. Quote Link to comment
ShaunR Posted April 29 Author Report Share Posted April 29 32 minutes ago, Rolf Kalbermatter said: The basic function gets you a pointer sized slot to store whatever you want. But you cannot reference it. You only get an index and the read and write require CRYPTO_EX_DATA Quote Link to comment
ShaunR Posted April 30 Author Report Share Posted April 30 Hmm. Using the rbio or SSL_CTX isn't good enough. Repeats can occur 1 in 30-ish times. Need to use a proper random....somehow. Quote Link to comment
ShaunR Posted April 30 Author Report Share Posted April 30 I need something similar (session based variable that can be accessed by callbacks) for PSK too, it seems. Quote Link to comment
ShaunR Posted May 2 Author Report Share Posted May 2 On 4/30/2023 at 2:21 PM, ShaunR said: I need something similar (session based variable that can be accessed by callbacks) for PSK too, it seems. I resorted to a global key->value lookup table. I feel dirty 1 Quote Link to comment
ShaunR Posted May 5 Author Report Share Posted May 5 (edited) On 5/2/2023 at 10:27 AM, ShaunR said: I resorted to a global key->value lookup table. I feel dirty That was a crap idea (was awfully complicated and memory bloaty) so I thought of something else....bear with me (it's easier done than said). Generate an array of 264 cryptographically random bytes (global). Lets call it RNDARR. Create an index (global UINT8). Lets call it IDX. For the Generate callback: if IDX = 0 initialise RNDARR with 264 new bytes. (Should get new bytes whenever we roll over as it's a UINT8) Take 8 bytes of RNDARR at IDX in the array. Concatenate the 8 bytes with 8 bytes of the SSL session reference (Uint64 as bytes). SHA1 Hash the 16 byte concatenated array (one of the fastest and only 20 bytes). Append IDX to the SHA1 hash and present the 21 bytes as the cookie. Increment IDX. For the verify callback: Take the last byte and use it as an index (lets call it IDX_V); Take 8 bytes of RNDARR at IDX_V in the array. Concatenate the 8 bytes with 8 bytes of the SSL session reference (Uint64 as bytes). SHA1 Hash the 16 byte array. Compare the SHA1 hash with the cookie ignoring the last byte of the cookie. So. that should mean we have a session dependent random number hash that is shared between callbacks. We get a unique hash on every client hello and It doesn't matter if the session is reused as the hash is relying on the 8 random bytes. (still convinced we don't need an HMAC but could do that instead of just a straight SHA1). Oh. And it's fast. Very fast. There is one corner case when IDX rolls over and a hash is in-flight (created with the IDX=255). The array is populated with new random data so the 8 random bytes used for the hash are no longer available for verification. In practice, OpenSSL retries so it's not an issue but I will think about it more for a proper solution (if you have an idea, let me know). Edited May 5 by ShaunR Quote Link to comment
ShaunR Posted May 6 Author Report Share Posted May 6 (edited) 16 hours ago, ShaunR said: I will think about it more for a proper solution OK. So I now have a 2D array (2x264 bytes). if the IDX==0; the bytes are copied from the first row to the second and the random bytes in the first row are regenerated. If the verification fails with the random bytes in the first row, it looks in the second row. If that fails then they are hammering the connection and don't deserve to be let in. It means that every 255 client hello's we might have the overhead of an extra SHA1 hash to calculate. We can easily live with that. Any other ideas? Edited May 6 by ShaunR Quote Link to comment
ShaunR Posted May 19 Author Report Share Posted May 19 While I was faffing around with callbacks. I also implemented PSK. 1 Quote Link to comment
Rolf Kalbermatter Posted May 24 Report Share Posted May 24 On 5/19/2023 at 9:58 AM, ShaunR said: While I was faffing around with callbacks. I also implemented PSK. I'm an "Urgestein". For me PSK still mean Phase Shift Keying. Quote Link to comment
ShaunR Posted May 25 Author Report Share Posted May 25 18 hours ago, Rolf Kalbermatter said: I'm an "Urgestein". For me PSK still mean Phase Shift Keying. So I guess you have a Ham Radio licence? It's exactly what my Ham Radio buddy said. Quote Link to comment
Rolf Kalbermatter Posted May 25 Report Share Posted May 25 (edited) 2 hours ago, ShaunR said: So I guess you have a Ham Radio licence? It's exactly what my Ham Radio buddy said. No, I didn't go through the whole procedure to obtain a license. But I did in a long ago past, during my education in electronics, experiment with building the hardware for a radio transceiver to do that. And also another one to receive the satellite radio signal from weather satellites (all at that time in analogue hardware, when 137MHz was considered still really HF and its signal propagation in a circuit sometimes more magic than anything else, not one of those easy SDR dongles 😁) At some point I decided that HF was simply too hard to really work with and concentrated on mostly digital electronics and some audio electronics for PA. Edited May 25 by Rolf Kalbermatter Quote Link to comment
mhenz Posted Saturday at 08:55 PM Report Share Posted Saturday at 08:55 PM On 5/25/2023 at 12:45 PM, Rolf Kalbermatter said: No, I didn't go through the whole procedure to obtain a license. Shame on you 🙂 I did it and I'm still active, even not on the frequencies, but making videos, mounting antennas for the contest, painting the truck, climbing on the mobile tower ... here it goes... Quote Link to comment
ShaunR Posted Tuesday at 08:41 AM Author Report Share Posted Tuesday at 08:41 AM On 5/27/2023 at 9:55 PM, mhenz said: Shame on you 🙂 I did it and I'm still active, even not on the frequencies, but making videos, mounting antennas for the contest, painting the truck, climbing on the mobile tower ... here it goes... I expect you could hear Marconi's original transmission with that set-up 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.