[erlang-patches] TLS: add PSK and SRP cipher suites

Andreas Schultz aschultz@REDACTED
Wed Jan 16 13:20:28 CET 2013


Hi Fredrik,

I just realized that I'm still using the ?line macro in the new SRP crypto test.

Should I remove it?

Andreas

----- Original Message -----
> Thanks,
> I have re-fetched and building it now with the rest of the patches in
> the 'master-pu' branch.
> 
> BR Fredrik Gustafsson
> Erlang OTP Team
> On 01/15/2013 08:19 PM, Andreas Schultz wrote:
> > Hi,
> >
> > I have address the issues:
> >
> >   * documentation for SSL API options added
> >   * header files internalized
> >   * crypto function generalized and support for multiple SRP variants
> >
> > New version can be found here:
> >
> > https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites
> > https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites.patch
> >
> >
> > Even if the PSK and SRP do not make it into R16, could you consider the
> > first two
> > changesets from this series, please? They are mostly code consolidations,
> > making
> > adding new key exchange algorithms much simpler.
> >
> > https://github.com/RoadRunnr/otp/compare/master...cf4512a
> > https://github.com/RoadRunnr/otp/compare/master...cf4512a.patch
> >
> > Andreas
> >
> > ----- Original Message -----
> >> Hello Andreas,
> >> Your patch has finally been into review and the response was:
> >> "
> >>
> >>    * The patch introduces new API options without documenting them.
> >>    * The patch introduces new include file ssl_srp.hrl that I think shall
> >>      be internal and put in src. It is undesirable to have records in the
> >>      user API as it makes the user application compile time dependent on
> >>      our code, better to use a proplist and then create the record
> >>      internally. (Yes "sslsocket" is a record due to legacy)
> >>    * The patch introduces new include file ssl_srp_primes.hrl I think it
> >>      feels better to input such values as atoms and internaly uses the
> >>      macros defined in this file, that would be more consistent with the
> >>      rest of the API.
> >>    * Functions in crypto being named TLS something seems a little
> >>      strange, is this necessary?!
> >>
> >> "
> >> Please correct this and give me a notice when it is done.
> >>
> >> BR Fredrik Gustafsson
> >> Erlang OTP Team
> >> On 10/12/2012 11:38 AM, Henrik Nord wrote:
> >>> refetching
> >>>
> >>> On 10/12/2012 10:27 AM, Andreas Schultz wrote:
> >>>> Hi Henrik,
> >>>>
> >>>> When I rebased my changes to the current master, a change crept in that
> >>>> shouldn't have:
> >>>>
> >>>> https://github.com/erlang/otp/commit/747ce9191f4dc7558e12e2b6e5696396392ffbd8
> >>>>
> >>>>
> >>>> I have removed it from my tree and pushed it.
> >>>>
> >>>> Andreas
> >>>>
> >>>> ----- Original Message -----
> >>>>> Thanks, I will refetch!
> >>>>> On 10/11/2012 12:49 PM, Andreas Schultz wrote:
> >>>>>> Hi,
> >>>>>>
> >>>>>> I have pushed a change that should fix the compile error. The
> >>>>>> buffer has
> >>>>>> a fixed length now.
> >>>>>>
> >>>>>> https://github.com/RoadRunnr/otp/commit/ad73b09d948d0414132bfca2f67ff0de729fa7b2
> >>>>>>
> >>>>>> https://github.com/RoadRunnr/otp/commit/ad73b09d948d0414132bfca2f67ff0de729fa7b2.patch
> >>>>>>
> >>>>>>
> >>>>>> Andreas
> >>>>>>
> >>>>>> ----- Original Message -----
> >>>>>>> Does not compile on Windows.
> >>>>>>>
> >>>>>>> Function SHA1_Update_PAD in crypto.c is not correct. Arrays with
> >>>>>>> dynamic
> >>>>>>> size is not supported by the C standard we use.
> >>>>>>> Use a static array instead, presuming that there is a reasonable
> >>>>>>> upper
> >>>>>>> limit of its size.
> >>>>>>>
> >>>>>>> /Sverker, Erlang/OTP
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> Henrik Nord wrote:
> >>>>>>>> Hi
> >>>>>>>>
> >>>>>>>> I have added your branch to 'master'pu' for testing.
> >>>>>>>> Thank you for your contribution!
> >>>>>>>>
> >>>>>>>> On 10/04/2012 06:29 PM, Andreas Schultz wrote:
> >>>>>>>>> Hi,
> >>>>>>>>>
> >>>>>>>>> Tree is rebased onto latest master.
> >>>>>>>>>
> >>>>>>>>> Andreas
> >>>>>>>>>
> >>>>>>>>> ----- Original Message -----
> >>>>>>>>>> Would you be so kind as to rebase this branch upon the latest
> >>>>>>>>>> 'master'
> >>>>>>>>>>
> >>>>>>>>>> Thank you for your contribution!
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> On 09/26/2012 07:19 PM, Andreas Schultz wrote:
> >>>>>>>>>>> Hi,
> >>>>>>>>>>>
> >>>>>>>>>>> I have implemented the more interesting parts of RFC 4279, RFC
> >>>>>>>>>>> 5487
> >>>>>>>>>>> and RFC 5054 (aka TLS PSK and SRP ciphers). The use and
> >>>>>>>>>>> usefulness
> >>>>>>>>>>> of those ciphers is rather limited, the one notable exception
> >>>>>>>>>>> being
> >>>>>>>>>>> the eID server protocol for German national identity cards
> >>>>>>>>>>> (nPA).
> >>>>>>>>>>>
> >>>>>>>>>>> The test suite can only verify some PSK suites against openssl
> >>>>>>>>>>> as
> >>>>>>>>>>> currently no openssl version supports them all. There is patch
> >>>>>>>>>>> that add some to openssl, but it has not been  incorporated
> >>>>>>>>>>> into
> >>>>>>>>>>> upstream. GNU-TLS implements some more (but not all) PSK
> >>>>>>>>>>> suites
> >>>>>>>>>>> and I have manually tested interoperability.
> >>>>>>>>>>>
> >>>>>>>>>>> Patch info:
> >>>>>>>>>>>
> >>>>>>>>>>> git fetch git://github.com/RoadRunnr/otp.git
> >>>>>>>>>>> tls-psk-srp-suites
> >>>>>>>>>>>
> >>>>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites
> >>>>>>>>>>>
> >>>>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites.patch
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> Regards
> >>>>>>>>>>> Andreas
> >>>>>>>>>> --
> >>>>>>>>>> /Henrik Nord Erlang/OTP
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>> --
> >>>>> /Henrik Nord Erlang/OTP
> >>>>>
> >>>>>
> >>
> 
> 

-- 
-- 
Dipl. Inform.
Andreas Schultz

email: as@REDACTED
phone: +49-391-819099-224
mobil: +49-170-2226073

------------------ managed broadband access ------------------

Travelping GmbH               phone:           +49-391-8190990
Roentgenstr. 13               fax:           +49-391-819099299
D-39108 Magdeburg             email:       info@REDACTED
GERMANY                       web:   http://www.travelping.com

Company Registration: HRB21276 Handelsregistergericht Chemnitz
Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
--------------------------------------------------------------



More information about the erlang-patches mailing list