[erlang-patches] TLS: add PSK and SRP cipher suites

Fredrik <>
Mon Feb 18 10:06:56 CET 2013


On 02/16/2013 12:04 PM, Andreas Schultz wrote:
> Hi,
>
> Patch rebased on current master.
>
> Andreas
>
> ----- Original Message -----
>> On 02/13/2013 09:19 AM, Andreas Schultz wrote:
>>> Hi,
>>>
>>> Klaus Trainer @ github found some spelling errors. I have pushed a fixed
>>> version. Please refetch.
>>>
>>> Thanks
>>> Andreas
>>>
>>> ----- Original Message -----
>>>> Hi,
>>>>
>>>> patch is rebased.
>>>>
>>>> Andreas
>>>>
>>>> ----- Original Message -----
>>>>> Hello,
>>>>> Could you rebase this patch upon the current 'master' branch?
>>>>>
>>>>> BR Fredrik Gustafsson
>>>>> Erlang OTP Team
>>>>> On 01/16/2013 01:20 PM, Andreas Schultz wrote:
>>>>>> Hi Fredrik,
>>>>>>
>>>>>> I just realized that I'm still using the ?line macro in the new SRP
>>>>>> crypto
>>>>>> test.
>>>>>>
>>>>>> Should I remove it?
>>>>>>
>>>>>> Andreas
>>>>>>
>>>>>> ----- Original Message -----
>>>>>>> Thanks,
>>>>>>> I have re-fetched and building it now with the rest of the patches in
>>>>>>> the 'master-pu' branch.
>>>>>>>
>>>>>>> BR Fredrik Gustafsson
>>>>>>> Erlang OTP Team
>>>>>>> On 01/15/2013 08:19 PM, Andreas Schultz wrote:
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I have address the issues:
>>>>>>>>
>>>>>>>>      * documentation for SSL API options added
>>>>>>>>      * header files internalized
>>>>>>>>      * crypto function generalized and support for multiple SRP
>>>>>>>>      variants
>>>>>>>>
>>>>>>>> New version can be found here:
>>>>>>>>
>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites
>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites.patch
>>>>>>>>
>>>>>>>>
>>>>>>>> Even if the PSK and SRP do not make it into R16, could you consider
>>>>>>>> the
>>>>>>>> first two
>>>>>>>> changesets from this series, please? They are mostly code
>>>>>>>> consolidations,
>>>>>>>> making
>>>>>>>> adding new key exchange algorithms much simpler.
>>>>>>>>
>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...cf4512a
>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...cf4512a.patch
>>>>>>>>
>>>>>>>> Andreas
>>>>>>>>
>>>>>>>> ----- Original Message -----
>>>>>>>>> Hello Andreas,
>>>>>>>>> Your patch has finally been into review and the response was:
>>>>>>>>> "
>>>>>>>>>
>>>>>>>>>       * The patch introduces new API options without documenting them.
>>>>>>>>>       * The patch introduces new include file ssl_srp.hrl that I think
>>>>>>>>>       shall
>>>>>>>>>         be internal and put in src. It is undesirable to have records
>>>>>>>>>         in
>>>>>>>>>         the
>>>>>>>>>         user API as it makes the user application compile time
>>>>>>>>>         dependent
>>>>>>>>>         on
>>>>>>>>>         our code, better to use a proplist and then create the record
>>>>>>>>>         internally. (Yes "sslsocket" is a record due to legacy)
>>>>>>>>>       * The patch introduces new include file ssl_srp_primes.hrl I
>>>>>>>>>       think
>>>>>>>>>       it
>>>>>>>>>         feels better to input such values as atoms and internaly uses
>>>>>>>>>         the
>>>>>>>>>         macros defined in this file, that would be more consistent
>>>>>>>>>         with
>>>>>>>>>         the
>>>>>>>>>         rest of the API.
>>>>>>>>>       * Functions in crypto being named TLS something seems a little
>>>>>>>>>         strange, is this necessary?!
>>>>>>>>>
>>>>>>>>> "
>>>>>>>>> Please correct this and give me a notice when it is done.
>>>>>>>>>
>>>>>>>>> BR Fredrik Gustafsson
>>>>>>>>> Erlang OTP Team
>>>>>>>>> On 10/12/2012 11:38 AM, Henrik Nord wrote:
>>>>>>>>>> refetching
>>>>>>>>>>
>>>>>>>>>> On 10/12/2012 10:27 AM, Andreas Schultz wrote:
>>>>>>>>>>> Hi Henrik,
>>>>>>>>>>>
>>>>>>>>>>> When I rebased my changes to the current master, a change crept in
>>>>>>>>>>> that
>>>>>>>>>>> shouldn't have:
>>>>>>>>>>>
>>>>>>>>>>> https://github.com/erlang/otp/commit/747ce9191f4dc7558e12e2b6e5696396392ffbd8
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> I have removed it from my tree and pushed it.
>>>>>>>>>>>
>>>>>>>>>>> Andreas
>>>>>>>>>>>
>>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>>> Thanks, I will refetch!
>>>>>>>>>>>> On 10/11/2012 12:49 PM, Andreas Schultz wrote:
>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>
>>>>>>>>>>>>> I have pushed a change that should fix the compile error. The
>>>>>>>>>>>>> buffer has
>>>>>>>>>>>>> a fixed length now.
>>>>>>>>>>>>>
>>>>>>>>>>>>> https://github.com/RoadRunnr/otp/commit/ad73b09d948d0414132bfca2f67ff0de729fa7b2
>>>>>>>>>>>>>
>>>>>>>>>>>>> https://github.com/RoadRunnr/otp/commit/ad73b09d948d0414132bfca2f67ff0de729fa7b2.patch
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Andreas
>>>>>>>>>>>>>
>>>>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>>>>> Does not compile on Windows.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Function SHA1_Update_PAD in crypto.c is not correct. Arrays with
>>>>>>>>>>>>>> dynamic
>>>>>>>>>>>>>> size is not supported by the C standard we use.
>>>>>>>>>>>>>> Use a static array instead, presuming that there is a reasonable
>>>>>>>>>>>>>> upper
>>>>>>>>>>>>>> limit of its size.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> /Sverker, Erlang/OTP
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Henrik Nord wrote:
>>>>>>>>>>>>>>> Hi
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I have added your branch to 'master'pu' for testing.
>>>>>>>>>>>>>>> Thank you for your contribution!
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On 10/04/2012 06:29 PM, Andreas Schultz wrote:
>>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Tree is rebased onto latest master.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Andreas
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>>>>>>>> Would you be so kind as to rebase this branch upon the latest
>>>>>>>>>>>>>>>>> 'master'
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Thank you for your contribution!
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> On 09/26/2012 07:19 PM, Andreas Schultz wrote:
>>>>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> I have implemented the more interesting parts of RFC 4279,
>>>>>>>>>>>>>>>>>> RFC
>>>>>>>>>>>>>>>>>> 5487
>>>>>>>>>>>>>>>>>> and RFC 5054 (aka TLS PSK and SRP ciphers). The use and
>>>>>>>>>>>>>>>>>> usefulness
>>>>>>>>>>>>>>>>>> of those ciphers is rather limited, the one notable
>>>>>>>>>>>>>>>>>> exception
>>>>>>>>>>>>>>>>>> being
>>>>>>>>>>>>>>>>>> the eID server protocol for German national identity cards
>>>>>>>>>>>>>>>>>> (nPA).
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> The test suite can only verify some PSK suites against
>>>>>>>>>>>>>>>>>> openssl
>>>>>>>>>>>>>>>>>> as
>>>>>>>>>>>>>>>>>> currently no openssl version supports them all. There is
>>>>>>>>>>>>>>>>>> patch
>>>>>>>>>>>>>>>>>> that add some to openssl, but it has not been  incorporated
>>>>>>>>>>>>>>>>>> into
>>>>>>>>>>>>>>>>>> upstream. GNU-TLS implements some more (but not all) PSK
>>>>>>>>>>>>>>>>>> suites
>>>>>>>>>>>>>>>>>> and I have manually tested interoperability.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Patch info:
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> git fetch git://github.com/RoadRunnr/otp.git
>>>>>>>>>>>>>>>>>> tls-psk-srp-suites
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites.patch
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>>>>>> Andreas
>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>> /Henrik Nord Erlang/OTP
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> /Henrik Nord Erlang/OTP
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>> --
>>>> --
>>>> Dipl. Inform.
>>>> Andreas Schultz
>>>>
>>>> email: 
>>>> phone: +49-391-819099-224
>>>> mobil: +49-170-2226073
>>>>
>>>> ------------------ managed broadband access ------------------
>>>>
>>>> Travelping GmbH               phone:           +49-391-8190990
>>>> Roentgenstr. 13               fax:           +49-391-819099299
>>>> D-39108 Magdeburg             email:       
>>>> GERMANY                       web:   http://www.travelping.com
>>>>
>>>> Company Registration: HRB21276 Handelsregistergericht Chemnitz
>>>> Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
>>>> --------------------------------------------------------------
>>>>
>>>> _______________________________________________
>>>> erlang-patches mailing list
>>>> 
>>>> http://erlang.org/mailman/listinfo/erlang-patches
>>>>
>> Hello,
>> Could you rebase this patch upon the current 'master' branch?
>> Thanks,
>>
>> --
>>
>> BR Fredrik Gustafsson
>> Erlang OTP Team
>>
>>
Re-fetched. Thanks!

-- 

BR Fredrik Gustafsson
Erlang OTP Team



More information about the erlang-patches mailing list