[erlang-patches] TLS: add PSK and SRP cipher suites

Andreas Schultz <>
Sat Feb 16 12:04:31 CET 2013


Hi,

Patch rebased on current master.

Andreas

----- Original Message -----
> On 02/13/2013 09:19 AM, Andreas Schultz wrote:
> > Hi,
> >
> > Klaus Trainer @ github found some spelling errors. I have pushed a fixed
> > version. Please refetch.
> >
> > Thanks
> > Andreas
> >
> > ----- Original Message -----
> >> Hi,
> >>
> >> patch is rebased.
> >>
> >> Andreas
> >>
> >> ----- Original Message -----
> >>> Hello,
> >>> Could you rebase this patch upon the current 'master' branch?
> >>>
> >>> BR Fredrik Gustafsson
> >>> Erlang OTP Team
> >>> On 01/16/2013 01:20 PM, Andreas Schultz wrote:
> >>>> Hi Fredrik,
> >>>>
> >>>> I just realized that I'm still using the ?line macro in the new SRP
> >>>> crypto
> >>>> test.
> >>>>
> >>>> Should I remove it?
> >>>>
> >>>> Andreas
> >>>>
> >>>> ----- Original Message -----
> >>>>> Thanks,
> >>>>> I have re-fetched and building it now with the rest of the patches in
> >>>>> the 'master-pu' branch.
> >>>>>
> >>>>> BR Fredrik Gustafsson
> >>>>> Erlang OTP Team
> >>>>> On 01/15/2013 08:19 PM, Andreas Schultz wrote:
> >>>>>> Hi,
> >>>>>>
> >>>>>> I have address the issues:
> >>>>>>
> >>>>>>     * documentation for SSL API options added
> >>>>>>     * header files internalized
> >>>>>>     * crypto function generalized and support for multiple SRP
> >>>>>>     variants
> >>>>>>
> >>>>>> New version can be found here:
> >>>>>>
> >>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites
> >>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites.patch
> >>>>>>
> >>>>>>
> >>>>>> Even if the PSK and SRP do not make it into R16, could you consider
> >>>>>> the
> >>>>>> first two
> >>>>>> changesets from this series, please? They are mostly code
> >>>>>> consolidations,
> >>>>>> making
> >>>>>> adding new key exchange algorithms much simpler.
> >>>>>>
> >>>>>> https://github.com/RoadRunnr/otp/compare/master...cf4512a
> >>>>>> https://github.com/RoadRunnr/otp/compare/master...cf4512a.patch
> >>>>>>
> >>>>>> Andreas
> >>>>>>
> >>>>>> ----- Original Message -----
> >>>>>>> Hello Andreas,
> >>>>>>> Your patch has finally been into review and the response was:
> >>>>>>> "
> >>>>>>>
> >>>>>>>      * The patch introduces new API options without documenting them.
> >>>>>>>      * The patch introduces new include file ssl_srp.hrl that I think
> >>>>>>>      shall
> >>>>>>>        be internal and put in src. It is undesirable to have records
> >>>>>>>        in
> >>>>>>>        the
> >>>>>>>        user API as it makes the user application compile time
> >>>>>>>        dependent
> >>>>>>>        on
> >>>>>>>        our code, better to use a proplist and then create the record
> >>>>>>>        internally. (Yes "sslsocket" is a record due to legacy)
> >>>>>>>      * The patch introduces new include file ssl_srp_primes.hrl I
> >>>>>>>      think
> >>>>>>>      it
> >>>>>>>        feels better to input such values as atoms and internaly uses
> >>>>>>>        the
> >>>>>>>        macros defined in this file, that would be more consistent
> >>>>>>>        with
> >>>>>>>        the
> >>>>>>>        rest of the API.
> >>>>>>>      * Functions in crypto being named TLS something seems a little
> >>>>>>>        strange, is this necessary?!
> >>>>>>>
> >>>>>>> "
> >>>>>>> Please correct this and give me a notice when it is done.
> >>>>>>>
> >>>>>>> BR Fredrik Gustafsson
> >>>>>>> Erlang OTP Team
> >>>>>>> On 10/12/2012 11:38 AM, Henrik Nord wrote:
> >>>>>>>> refetching
> >>>>>>>>
> >>>>>>>> On 10/12/2012 10:27 AM, Andreas Schultz wrote:
> >>>>>>>>> Hi Henrik,
> >>>>>>>>>
> >>>>>>>>> When I rebased my changes to the current master, a change crept in
> >>>>>>>>> that
> >>>>>>>>> shouldn't have:
> >>>>>>>>>
> >>>>>>>>> https://github.com/erlang/otp/commit/747ce9191f4dc7558e12e2b6e5696396392ffbd8
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> I have removed it from my tree and pushed it.
> >>>>>>>>>
> >>>>>>>>> Andreas
> >>>>>>>>>
> >>>>>>>>> ----- Original Message -----
> >>>>>>>>>> Thanks, I will refetch!
> >>>>>>>>>> On 10/11/2012 12:49 PM, Andreas Schultz wrote:
> >>>>>>>>>>> Hi,
> >>>>>>>>>>>
> >>>>>>>>>>> I have pushed a change that should fix the compile error. The
> >>>>>>>>>>> buffer has
> >>>>>>>>>>> a fixed length now.
> >>>>>>>>>>>
> >>>>>>>>>>> https://github.com/RoadRunnr/otp/commit/ad73b09d948d0414132bfca2f67ff0de729fa7b2
> >>>>>>>>>>>
> >>>>>>>>>>> https://github.com/RoadRunnr/otp/commit/ad73b09d948d0414132bfca2f67ff0de729fa7b2.patch
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> Andreas
> >>>>>>>>>>>
> >>>>>>>>>>> ----- Original Message -----
> >>>>>>>>>>>> Does not compile on Windows.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Function SHA1_Update_PAD in crypto.c is not correct. Arrays with
> >>>>>>>>>>>> dynamic
> >>>>>>>>>>>> size is not supported by the C standard we use.
> >>>>>>>>>>>> Use a static array instead, presuming that there is a reasonable
> >>>>>>>>>>>> upper
> >>>>>>>>>>>> limit of its size.
> >>>>>>>>>>>>
> >>>>>>>>>>>> /Sverker, Erlang/OTP
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> Henrik Nord wrote:
> >>>>>>>>>>>>> Hi
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> I have added your branch to 'master'pu' for testing.
> >>>>>>>>>>>>> Thank you for your contribution!
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> On 10/04/2012 06:29 PM, Andreas Schultz wrote:
> >>>>>>>>>>>>>> Hi,
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Tree is rebased onto latest master.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Andreas
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> ----- Original Message -----
> >>>>>>>>>>>>>>> Would you be so kind as to rebase this branch upon the latest
> >>>>>>>>>>>>>>> 'master'
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Thank you for your contribution!
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> On 09/26/2012 07:19 PM, Andreas Schultz wrote:
> >>>>>>>>>>>>>>>> Hi,
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> I have implemented the more interesting parts of RFC 4279,
> >>>>>>>>>>>>>>>> RFC
> >>>>>>>>>>>>>>>> 5487
> >>>>>>>>>>>>>>>> and RFC 5054 (aka TLS PSK and SRP ciphers). The use and
> >>>>>>>>>>>>>>>> usefulness
> >>>>>>>>>>>>>>>> of those ciphers is rather limited, the one notable
> >>>>>>>>>>>>>>>> exception
> >>>>>>>>>>>>>>>> being
> >>>>>>>>>>>>>>>> the eID server protocol for German national identity cards
> >>>>>>>>>>>>>>>> (nPA).
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> The test suite can only verify some PSK suites against
> >>>>>>>>>>>>>>>> openssl
> >>>>>>>>>>>>>>>> as
> >>>>>>>>>>>>>>>> currently no openssl version supports them all. There is
> >>>>>>>>>>>>>>>> patch
> >>>>>>>>>>>>>>>> that add some to openssl, but it has not been  incorporated
> >>>>>>>>>>>>>>>> into
> >>>>>>>>>>>>>>>> upstream. GNU-TLS implements some more (but not all) PSK
> >>>>>>>>>>>>>>>> suites
> >>>>>>>>>>>>>>>> and I have manually tested interoperability.
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Patch info:
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> git fetch git://github.com/RoadRunnr/otp.git
> >>>>>>>>>>>>>>>> tls-psk-srp-suites
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites.patch
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Regards
> >>>>>>>>>>>>>>>> Andreas
> >>>>>>>>>>>>>>> --
> >>>>>>>>>>>>>>> /Henrik Nord Erlang/OTP
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>> --
> >>>>>>>>>> /Henrik Nord Erlang/OTP
> >>>>>>>>>>
> >>>>>>>>>>
> >>>
> >> --
> >> --
> >> Dipl. Inform.
> >> Andreas Schultz
> >>
> >> email: 
> >> phone: +49-391-819099-224
> >> mobil: +49-170-2226073
> >>
> >> ------------------ managed broadband access ------------------
> >>
> >> Travelping GmbH               phone:           +49-391-8190990
> >> Roentgenstr. 13               fax:           +49-391-819099299
> >> D-39108 Magdeburg             email:       
> >> GERMANY                       web:   http://www.travelping.com
> >>
> >> Company Registration: HRB21276 Handelsregistergericht Chemnitz
> >> Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
> >> --------------------------------------------------------------
> >>
> >> _______________________________________________
> >> erlang-patches mailing list
> >> 
> >> http://erlang.org/mailman/listinfo/erlang-patches
> >>
> Hello,
> Could you rebase this patch upon the current 'master' branch?
> Thanks,
> 
> --
> 
> BR Fredrik Gustafsson
> Erlang OTP Team
> 
> 

-- 
-- 
Dipl. Inform.
Andreas Schultz

email: 
phone: +49-391-819099-224
mobil: +49-170-2226073

------------------ managed broadband access ------------------

Travelping GmbH               phone:           +49-391-8190990
Roentgenstr. 13               fax:           +49-391-819099299
D-39108 Magdeburg             email:       
GERMANY                       web:   http://www.travelping.com

Company Registration: HRB21276 Handelsregistergericht Chemnitz
Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
--------------------------------------------------------------



More information about the erlang-patches mailing list