[erlang-patches] SSL: export some session key material and make the TLS PRF accessible

Gustav Simonsson <>
Wed Feb 29 15:16:11 CET 2012


This version looks good and will be added in the 'pu' branch for testing.

Regards,
Gustav Simonsson
Erlang/OTP team

On 2012-02-28 12:18, Andreas Schultz wrote:
> Hi Ingela,
>
> Documentation is update in the same place.
>
> The first sentence is now:
> +<p>This function can only be used with TLS connections,<c>{error, undefined}</c>
> +         is returned for SSLv3 connections.</p>
>
> I have also removed the warning.
>
> Andreas
>
> ----- Original Message -----
>> Hi Andreas!
>>
>> I think it looks good :)
>>
>> But there is a strange part in the documentation:
>>
>> This sentence I think needs to be reformulated!
>>
>> + This function is menaing for for TLS connections,<c>{error,
>> undefined}</c>
>> + is returned for SSLv3 connections.</p>
>>
>> No longer needed:
>>
>> +<p>When using this functions with key and/or random material from
>> the
>> TLS session,
>> +   special care needs to be take to not expose any sensitive crypto
>> state</p>
>> +</desc>
>>
>> Regards Ingela Erlang/OTP team - Ericsson AB
>>
>> Andreas Schultz wrote:
>>> Hi Ingela,
>>>
>>> I have pushed a new version to the same location.
>>>
>>> git fetch git://github.com/RoadRunnr/otp.git tls-export-stuff
>>>
>>> https://github.com/RoadRunnr/otp/compare/tls-export-stuff
>>> https://github.com/RoadRunnr/otp/compare/tls-export-stuff.patch
>>>
>>> This version removes the access to the internal security_parameters
>>> and adopts a scheme for the prf function that is close to what you
>>> suggested. The prf function is now:
>>>
>>> -type prf_random() :: client | server.
>>>
>>> prf(#sslsocket{}, Secret::binary() | 'master_secret',
>>> Label::binary(),
>>> 	  Seed::[binary() | prf_random()], WantedLen::non_neg_integer())
>>> 	  ->
>>> 		{ok, binary()} | {error, reason()}
>>>
>>> It always works on an ssl socket and uses the TLS version
>>> negotiated for
>>> the socket. Specifying the TLS version does not really makes sense
>>> as the
>>> internal security_parameters are TLS version dependent and I can
>>> not see
>>> a use case for using the PRF without an active TLS connection.
>>>
>>> Allowing the client and server randoms for the secret without
>>> exporting
>>> them is somewhat strange, so I don't allow that. The same goes for
>>> using
>>> the master secret as seed.
>>>
>>> Andreas
>>>
>>> ----- Original Message -----
>>>
>>>> Hi!
>>>>
>>>> I looked into this a bit and I would prefer not to have have a
>>>> function
>>>> that exports security parameters as this is not really desirable
>>>> and
>>>> also
>>>> kind of unnecessary as you send them back to the SSL/TLS-gen-fsm
>>>> process.
>>>>
>>>> I think there should be a function prf
>>>>
>>>> -type security_parm_name() :: master_secret | client_random |
>>>> server_random
>>>>
>>>> prf(tls_version(), Secret::binary() | security_param_name(),
>>>> Label::binary(),
>>>>      Seed:: [binary()| security_parm_name()],
>>>>      WantedLen::non_neg_integer()) ->  {ok, binary()} | {error,
>>>>      reason()}
>>>>
>>>>
>>>> Then the erlang SSL/TLS-fsm process will replace all
>>>> security_param_name-instances with the value of the corresponding
>>>> security parameter
>>>> before calling the prf-function.
>>>>
>>>> I think there is no need for an {'EXIT, term()} return  if
>>>> necessary
>>>> to
>>>> catch something {error, Reason} is sufficient and the Reason can
>>>> provide the
>>>> information it was a caught EXIT if that could be interesting in
>>>> that
>>>> particular case, it is not always  for example consider the
>>>> following
>>>> catch
>>>>
>>>> connect(Host, Port, Socket, Options, User, CbInfo, Timeout) ->
>>>>      try start_fsm(client, Host, Port, Socket, Options, User,
>>>>      CbInfo,
>>>>            Timeout)
>>>>      catch
>>>>      exit:{noproc, _} ->
>>>>          {error, ssl_not_started}
>>>>      end.
>>>>
>>>> Regards Ingela  Erlang/OTP team Ericsson AB
>>>>
>>>> Andreas Schultz wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Please fetch:
>>>>>
>>>>>    git fetch git://github.com/RoadRunnr/otp.git tls-export-stuff
>>>>>
>>>>> Export some session key material and make the TLS PRF accessible
>>>>>
>>>>> Some protocols (e.g. EAP-PEAP, EAP-TLS, EAP-TTLS) that use TLS as
>>>>> transport layer need to generate additional application specific
>>>>> key material. One way to generate such material is to use the TLS
>>>>> PRF and key material from the TLS session itself.
>>>>>
>>>>> This change adds a function to access the required key material
>>>>> and
>>>>> makes a TLS session PRF accessible.
>>>>>
>>>>> https://github.com/RoadRunnr/otp/compare/tls-export-stuff
>>>>> https://github.com/RoadRunnr/otp/compare/tls-export-stuff.patch
>>>>>
>>>>> Regards
>>>>> Andreas
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>



More information about the erlang-patches mailing list