[erlang-patches] TLS: add PSK and SRP cipher suites

Fredrik <>
Wed Feb 13 10:44:22 CET 2013


On 02/13/2013 09:19 AM, Andreas Schultz wrote:
> Hi,
>
> Klaus Trainer @ github found some spelling errors. I have pushed a fixed
> version. Please refetch.
>
> Thanks
> Andreas
>
> ----- Original Message -----
>> Hi,
>>
>> patch is rebased.
>>
>> Andreas
>>
>> ----- Original Message -----
>>> Hello,
>>> Could you rebase this patch upon the current 'master' branch?
>>>
>>> BR Fredrik Gustafsson
>>> Erlang OTP Team
>>> On 01/16/2013 01:20 PM, Andreas Schultz wrote:
>>>> Hi Fredrik,
>>>>
>>>> I just realized that I'm still using the ?line macro in the new SRP
>>>> crypto
>>>> test.
>>>>
>>>> Should I remove it?
>>>>
>>>> Andreas
>>>>
>>>> ----- Original Message -----
>>>>> Thanks,
>>>>> I have re-fetched and building it now with the rest of the patches in
>>>>> the 'master-pu' branch.
>>>>>
>>>>> BR Fredrik Gustafsson
>>>>> Erlang OTP Team
>>>>> On 01/15/2013 08:19 PM, Andreas Schultz wrote:
>>>>>> Hi,
>>>>>>
>>>>>> I have address the issues:
>>>>>>
>>>>>>     * documentation for SSL API options added
>>>>>>     * header files internalized
>>>>>>     * crypto function generalized and support for multiple SRP variants
>>>>>>
>>>>>> New version can be found here:
>>>>>>
>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites
>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites.patch
>>>>>>
>>>>>>
>>>>>> Even if the PSK and SRP do not make it into R16, could you consider the
>>>>>> first two
>>>>>> changesets from this series, please? They are mostly code
>>>>>> consolidations,
>>>>>> making
>>>>>> adding new key exchange algorithms much simpler.
>>>>>>
>>>>>> https://github.com/RoadRunnr/otp/compare/master...cf4512a
>>>>>> https://github.com/RoadRunnr/otp/compare/master...cf4512a.patch
>>>>>>
>>>>>> Andreas
>>>>>>
>>>>>> ----- Original Message -----
>>>>>>> Hello Andreas,
>>>>>>> Your patch has finally been into review and the response was:
>>>>>>> "
>>>>>>>
>>>>>>>      * The patch introduces new API options without documenting them.
>>>>>>>      * The patch introduces new include file ssl_srp.hrl that I think
>>>>>>>      shall
>>>>>>>        be internal and put in src. It is undesirable to have records in
>>>>>>>        the
>>>>>>>        user API as it makes the user application compile time dependent
>>>>>>>        on
>>>>>>>        our code, better to use a proplist and then create the record
>>>>>>>        internally. (Yes "sslsocket" is a record due to legacy)
>>>>>>>      * The patch introduces new include file ssl_srp_primes.hrl I think
>>>>>>>      it
>>>>>>>        feels better to input such values as atoms and internaly uses
>>>>>>>        the
>>>>>>>        macros defined in this file, that would be more consistent with
>>>>>>>        the
>>>>>>>        rest of the API.
>>>>>>>      * Functions in crypto being named TLS something seems a little
>>>>>>>        strange, is this necessary?!
>>>>>>>
>>>>>>> "
>>>>>>> Please correct this and give me a notice when it is done.
>>>>>>>
>>>>>>> BR Fredrik Gustafsson
>>>>>>> Erlang OTP Team
>>>>>>> On 10/12/2012 11:38 AM, Henrik Nord wrote:
>>>>>>>> refetching
>>>>>>>>
>>>>>>>> On 10/12/2012 10:27 AM, Andreas Schultz wrote:
>>>>>>>>> Hi Henrik,
>>>>>>>>>
>>>>>>>>> When I rebased my changes to the current master, a change crept in
>>>>>>>>> that
>>>>>>>>> shouldn't have:
>>>>>>>>>
>>>>>>>>> https://github.com/erlang/otp/commit/747ce9191f4dc7558e12e2b6e5696396392ffbd8
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I have removed it from my tree and pushed it.
>>>>>>>>>
>>>>>>>>> Andreas
>>>>>>>>>
>>>>>>>>> ----- Original Message -----
>>>>>>>>>> Thanks, I will refetch!
>>>>>>>>>> On 10/11/2012 12:49 PM, Andreas Schultz wrote:
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>> I have pushed a change that should fix the compile error. The
>>>>>>>>>>> buffer has
>>>>>>>>>>> a fixed length now.
>>>>>>>>>>>
>>>>>>>>>>> https://github.com/RoadRunnr/otp/commit/ad73b09d948d0414132bfca2f67ff0de729fa7b2
>>>>>>>>>>>
>>>>>>>>>>> https://github.com/RoadRunnr/otp/commit/ad73b09d948d0414132bfca2f67ff0de729fa7b2.patch
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Andreas
>>>>>>>>>>>
>>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>>> Does not compile on Windows.
>>>>>>>>>>>>
>>>>>>>>>>>> Function SHA1_Update_PAD in crypto.c is not correct. Arrays with
>>>>>>>>>>>> dynamic
>>>>>>>>>>>> size is not supported by the C standard we use.
>>>>>>>>>>>> Use a static array instead, presuming that there is a reasonable
>>>>>>>>>>>> upper
>>>>>>>>>>>> limit of its size.
>>>>>>>>>>>>
>>>>>>>>>>>> /Sverker, Erlang/OTP
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Henrik Nord wrote:
>>>>>>>>>>>>> Hi
>>>>>>>>>>>>>
>>>>>>>>>>>>> I have added your branch to 'master'pu' for testing.
>>>>>>>>>>>>> Thank you for your contribution!
>>>>>>>>>>>>>
>>>>>>>>>>>>> On 10/04/2012 06:29 PM, Andreas Schultz wrote:
>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Tree is rebased onto latest master.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Andreas
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>>>>>> Would you be so kind as to rebase this branch upon the latest
>>>>>>>>>>>>>>> 'master'
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thank you for your contribution!
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On 09/26/2012 07:19 PM, Andreas Schultz wrote:
>>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I have implemented the more interesting parts of RFC 4279,
>>>>>>>>>>>>>>>> RFC
>>>>>>>>>>>>>>>> 5487
>>>>>>>>>>>>>>>> and RFC 5054 (aka TLS PSK and SRP ciphers). The use and
>>>>>>>>>>>>>>>> usefulness
>>>>>>>>>>>>>>>> of those ciphers is rather limited, the one notable exception
>>>>>>>>>>>>>>>> being
>>>>>>>>>>>>>>>> the eID server protocol for German national identity cards
>>>>>>>>>>>>>>>> (nPA).
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> The test suite can only verify some PSK suites against
>>>>>>>>>>>>>>>> openssl
>>>>>>>>>>>>>>>> as
>>>>>>>>>>>>>>>> currently no openssl version supports them all. There is
>>>>>>>>>>>>>>>> patch
>>>>>>>>>>>>>>>> that add some to openssl, but it has not been  incorporated
>>>>>>>>>>>>>>>> into
>>>>>>>>>>>>>>>> upstream. GNU-TLS implements some more (but not all) PSK
>>>>>>>>>>>>>>>> suites
>>>>>>>>>>>>>>>> and I have manually tested interoperability.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Patch info:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> git fetch git://github.com/RoadRunnr/otp.git
>>>>>>>>>>>>>>>> tls-psk-srp-suites
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites.patch
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>>>> Andreas
>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>> /Henrik Nord Erlang/OTP
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> /Henrik Nord Erlang/OTP
>>>>>>>>>>
>>>>>>>>>>
>>>
>> --
>> --
>> Dipl. Inform.
>> Andreas Schultz
>>
>> email: 
>> phone: +49-391-819099-224
>> mobil: +49-170-2226073
>>
>> ------------------ managed broadband access ------------------
>>
>> Travelping GmbH               phone:           +49-391-8190990
>> Roentgenstr. 13               fax:           +49-391-819099299
>> D-39108 Magdeburg             email:       
>> GERMANY                       web:   http://www.travelping.com
>>
>> Company Registration: HRB21276 Handelsregistergericht Chemnitz
>> Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
>> --------------------------------------------------------------
>>
>> _______________________________________________
>> erlang-patches mailing list
>> 
>> http://erlang.org/mailman/listinfo/erlang-patches
>>
Hello!
Re-fetched, Thanks.

-- 

BR Fredrik Gustafsson
Erlang OTP Team



More information about the erlang-patches mailing list