[erlang-patches] TLS: add PSK and SRP cipher suites

Andreas Schultz aschultz@REDACTED
Wed Feb 13 09:19:08 CET 2013


Hi,

Klaus Trainer @ github found some spelling errors. I have pushed a fixed
version. Please refetch.

Thanks
Andreas

----- Original Message -----
> Hi,
> 
> patch is rebased.
> 
> Andreas
> 
> ----- Original Message -----
> > Hello,
> > Could you rebase this patch upon the current 'master' branch?
> > 
> > BR Fredrik Gustafsson
> > Erlang OTP Team
> > On 01/16/2013 01:20 PM, Andreas Schultz wrote:
> > > Hi Fredrik,
> > >
> > > I just realized that I'm still using the ?line macro in the new SRP
> > > crypto
> > > test.
> > >
> > > Should I remove it?
> > >
> > > Andreas
> > >
> > > ----- Original Message -----
> > >> Thanks,
> > >> I have re-fetched and building it now with the rest of the patches in
> > >> the 'master-pu' branch.
> > >>
> > >> BR Fredrik Gustafsson
> > >> Erlang OTP Team
> > >> On 01/15/2013 08:19 PM, Andreas Schultz wrote:
> > >>> Hi,
> > >>>
> > >>> I have address the issues:
> > >>>
> > >>>    * documentation for SSL API options added
> > >>>    * header files internalized
> > >>>    * crypto function generalized and support for multiple SRP variants
> > >>>
> > >>> New version can be found here:
> > >>>
> > >>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites
> > >>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites.patch
> > >>>
> > >>>
> > >>> Even if the PSK and SRP do not make it into R16, could you consider the
> > >>> first two
> > >>> changesets from this series, please? They are mostly code
> > >>> consolidations,
> > >>> making
> > >>> adding new key exchange algorithms much simpler.
> > >>>
> > >>> https://github.com/RoadRunnr/otp/compare/master...cf4512a
> > >>> https://github.com/RoadRunnr/otp/compare/master...cf4512a.patch
> > >>>
> > >>> Andreas
> > >>>
> > >>> ----- Original Message -----
> > >>>> Hello Andreas,
> > >>>> Your patch has finally been into review and the response was:
> > >>>> "
> > >>>>
> > >>>>     * The patch introduces new API options without documenting them.
> > >>>>     * The patch introduces new include file ssl_srp.hrl that I think
> > >>>>     shall
> > >>>>       be internal and put in src. It is undesirable to have records in
> > >>>>       the
> > >>>>       user API as it makes the user application compile time dependent
> > >>>>       on
> > >>>>       our code, better to use a proplist and then create the record
> > >>>>       internally. (Yes "sslsocket" is a record due to legacy)
> > >>>>     * The patch introduces new include file ssl_srp_primes.hrl I think
> > >>>>     it
> > >>>>       feels better to input such values as atoms and internaly uses
> > >>>>       the
> > >>>>       macros defined in this file, that would be more consistent with
> > >>>>       the
> > >>>>       rest of the API.
> > >>>>     * Functions in crypto being named TLS something seems a little
> > >>>>       strange, is this necessary?!
> > >>>>
> > >>>> "
> > >>>> Please correct this and give me a notice when it is done.
> > >>>>
> > >>>> BR Fredrik Gustafsson
> > >>>> Erlang OTP Team
> > >>>> On 10/12/2012 11:38 AM, Henrik Nord wrote:
> > >>>>> refetching
> > >>>>>
> > >>>>> On 10/12/2012 10:27 AM, Andreas Schultz wrote:
> > >>>>>> Hi Henrik,
> > >>>>>>
> > >>>>>> When I rebased my changes to the current master, a change crept in
> > >>>>>> that
> > >>>>>> shouldn't have:
> > >>>>>>
> > >>>>>> https://github.com/erlang/otp/commit/747ce9191f4dc7558e12e2b6e5696396392ffbd8
> > >>>>>>
> > >>>>>>
> > >>>>>> I have removed it from my tree and pushed it.
> > >>>>>>
> > >>>>>> Andreas
> > >>>>>>
> > >>>>>> ----- Original Message -----
> > >>>>>>> Thanks, I will refetch!
> > >>>>>>> On 10/11/2012 12:49 PM, Andreas Schultz wrote:
> > >>>>>>>> Hi,
> > >>>>>>>>
> > >>>>>>>> I have pushed a change that should fix the compile error. The
> > >>>>>>>> buffer has
> > >>>>>>>> a fixed length now.
> > >>>>>>>>
> > >>>>>>>> https://github.com/RoadRunnr/otp/commit/ad73b09d948d0414132bfca2f67ff0de729fa7b2
> > >>>>>>>>
> > >>>>>>>> https://github.com/RoadRunnr/otp/commit/ad73b09d948d0414132bfca2f67ff0de729fa7b2.patch
> > >>>>>>>>
> > >>>>>>>>
> > >>>>>>>> Andreas
> > >>>>>>>>
> > >>>>>>>> ----- Original Message -----
> > >>>>>>>>> Does not compile on Windows.
> > >>>>>>>>>
> > >>>>>>>>> Function SHA1_Update_PAD in crypto.c is not correct. Arrays with
> > >>>>>>>>> dynamic
> > >>>>>>>>> size is not supported by the C standard we use.
> > >>>>>>>>> Use a static array instead, presuming that there is a reasonable
> > >>>>>>>>> upper
> > >>>>>>>>> limit of its size.
> > >>>>>>>>>
> > >>>>>>>>> /Sverker, Erlang/OTP
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>>
> > >>>>>>>>> Henrik Nord wrote:
> > >>>>>>>>>> Hi
> > >>>>>>>>>>
> > >>>>>>>>>> I have added your branch to 'master'pu' for testing.
> > >>>>>>>>>> Thank you for your contribution!
> > >>>>>>>>>>
> > >>>>>>>>>> On 10/04/2012 06:29 PM, Andreas Schultz wrote:
> > >>>>>>>>>>> Hi,
> > >>>>>>>>>>>
> > >>>>>>>>>>> Tree is rebased onto latest master.
> > >>>>>>>>>>>
> > >>>>>>>>>>> Andreas
> > >>>>>>>>>>>
> > >>>>>>>>>>> ----- Original Message -----
> > >>>>>>>>>>>> Would you be so kind as to rebase this branch upon the latest
> > >>>>>>>>>>>> 'master'
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> Thank you for your contribution!
> > >>>>>>>>>>>>
> > >>>>>>>>>>>>
> > >>>>>>>>>>>>
> > >>>>>>>>>>>> On 09/26/2012 07:19 PM, Andreas Schultz wrote:
> > >>>>>>>>>>>>> Hi,
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> I have implemented the more interesting parts of RFC 4279,
> > >>>>>>>>>>>>> RFC
> > >>>>>>>>>>>>> 5487
> > >>>>>>>>>>>>> and RFC 5054 (aka TLS PSK and SRP ciphers). The use and
> > >>>>>>>>>>>>> usefulness
> > >>>>>>>>>>>>> of those ciphers is rather limited, the one notable exception
> > >>>>>>>>>>>>> being
> > >>>>>>>>>>>>> the eID server protocol for German national identity cards
> > >>>>>>>>>>>>> (nPA).
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> The test suite can only verify some PSK suites against
> > >>>>>>>>>>>>> openssl
> > >>>>>>>>>>>>> as
> > >>>>>>>>>>>>> currently no openssl version supports them all. There is
> > >>>>>>>>>>>>> patch
> > >>>>>>>>>>>>> that add some to openssl, but it has not been  incorporated
> > >>>>>>>>>>>>> into
> > >>>>>>>>>>>>> upstream. GNU-TLS implements some more (but not all) PSK
> > >>>>>>>>>>>>> suites
> > >>>>>>>>>>>>> and I have manually tested interoperability.
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> Patch info:
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> git fetch git://github.com/RoadRunnr/otp.git
> > >>>>>>>>>>>>> tls-psk-srp-suites
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites.patch
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>>
> > >>>>>>>>>>>>> Regards
> > >>>>>>>>>>>>> Andreas
> > >>>>>>>>>>>> --
> > >>>>>>>>>>>> /Henrik Nord Erlang/OTP
> > >>>>>>>>>>>>
> > >>>>>>>>>>>>
> > >>>>>>> --
> > >>>>>>> /Henrik Nord Erlang/OTP
> > >>>>>>>
> > >>>>>>>
> > >>
> > 
> > 
> 
> --
> --
> Dipl. Inform.
> Andreas Schultz
> 
> email: as@REDACTED
> phone: +49-391-819099-224
> mobil: +49-170-2226073
> 
> ------------------ managed broadband access ------------------
> 
> Travelping GmbH               phone:           +49-391-8190990
> Roentgenstr. 13               fax:           +49-391-819099299
> D-39108 Magdeburg             email:       info@REDACTED
> GERMANY                       web:   http://www.travelping.com
> 
> Company Registration: HRB21276 Handelsregistergericht Chemnitz
> Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
> --------------------------------------------------------------
> 
> _______________________________________________
> erlang-patches mailing list
> erlang-patches@REDACTED
> http://erlang.org/mailman/listinfo/erlang-patches
> 

-- 
-- 
Dipl. Inform.
Andreas Schultz

email: as@REDACTED
phone: +49-391-819099-224
mobil: +49-170-2226073

------------------ managed broadband access ------------------

Travelping GmbH               phone:           +49-391-8190990
Roentgenstr. 13               fax:           +49-391-819099299
D-39108 Magdeburg             email:       info@REDACTED
GERMANY                       web:   http://www.travelping.com

Company Registration: HRB21276 Handelsregistergericht Chemnitz
Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
--------------------------------------------------------------



More information about the erlang-patches mailing list