[erlang-patches] TLS: add PSK and SRP cipher suites

Fredrik <>
Wed Jan 16 14:28:53 CET 2013


Thanks,
Building in 'master-pu'.

BR Fredrik Gustafsson
Erlang OTP Team
On 01/16/2013 01:45 PM, Andreas Schultz wrote:
> done!
>
> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites
> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites.patch
>
> Andreas
>
> ----- Original Message -----
>> Yes, please do so.
>> Thanks,
>>
>> BR Fredrik Gustafsson
>> Erlang OTP Team
>> On 01/16/2013 01:20 PM, Andreas Schultz wrote:
>>> Hi Fredrik,
>>>
>>> I just realized that I'm still using the ?line macro in the new SRP crypto
>>> test.
>>>
>>> Should I remove it?
>>>
>>> Andreas
>>>
>>> ----- Original Message -----
>>>> Thanks,
>>>> I have re-fetched and building it now with the rest of the patches in
>>>> the 'master-pu' branch.
>>>>
>>>> BR Fredrik Gustafsson
>>>> Erlang OTP Team
>>>> On 01/15/2013 08:19 PM, Andreas Schultz wrote:
>>>>> Hi,
>>>>>
>>>>> I have address the issues:
>>>>>
>>>>>     * documentation for SSL API options added
>>>>>     * header files internalized
>>>>>     * crypto function generalized and support for multiple SRP variants
>>>>>
>>>>> New version can be found here:
>>>>>
>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites
>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites.patch
>>>>>
>>>>>
>>>>> Even if the PSK and SRP do not make it into R16, could you consider the
>>>>> first two
>>>>> changesets from this series, please? They are mostly code consolidations,
>>>>> making
>>>>> adding new key exchange algorithms much simpler.
>>>>>
>>>>> https://github.com/RoadRunnr/otp/compare/master...cf4512a
>>>>> https://github.com/RoadRunnr/otp/compare/master...cf4512a.patch
>>>>>
>>>>> Andreas
>>>>>
>>>>> ----- Original Message -----
>>>>>> Hello Andreas,
>>>>>> Your patch has finally been into review and the response was:
>>>>>> "
>>>>>>
>>>>>>      * The patch introduces new API options without documenting them.
>>>>>>      * The patch introduces new include file ssl_srp.hrl that I think
>>>>>>      shall
>>>>>>        be internal and put in src. It is undesirable to have records in
>>>>>>        the
>>>>>>        user API as it makes the user application compile time dependent
>>>>>>        on
>>>>>>        our code, better to use a proplist and then create the record
>>>>>>        internally. (Yes "sslsocket" is a record due to legacy)
>>>>>>      * The patch introduces new include file ssl_srp_primes.hrl I think
>>>>>>      it
>>>>>>        feels better to input such values as atoms and internaly uses the
>>>>>>        macros defined in this file, that would be more consistent with
>>>>>>        the
>>>>>>        rest of the API.
>>>>>>      * Functions in crypto being named TLS something seems a little
>>>>>>        strange, is this necessary?!
>>>>>>
>>>>>> "
>>>>>> Please correct this and give me a notice when it is done.
>>>>>>
>>>>>> BR Fredrik Gustafsson
>>>>>> Erlang OTP Team
>>>>>> On 10/12/2012 11:38 AM, Henrik Nord wrote:
>>>>>>> refetching
>>>>>>>
>>>>>>> On 10/12/2012 10:27 AM, Andreas Schultz wrote:
>>>>>>>> Hi Henrik,
>>>>>>>>
>>>>>>>> When I rebased my changes to the current master, a change crept in
>>>>>>>> that
>>>>>>>> shouldn't have:
>>>>>>>>
>>>>>>>> https://github.com/erlang/otp/commit/747ce9191f4dc7558e12e2b6e5696396392ffbd8
>>>>>>>>
>>>>>>>>
>>>>>>>> I have removed it from my tree and pushed it.
>>>>>>>>
>>>>>>>> Andreas
>>>>>>>>
>>>>>>>> ----- Original Message -----
>>>>>>>>> Thanks, I will refetch!
>>>>>>>>> On 10/11/2012 12:49 PM, Andreas Schultz wrote:
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> I have pushed a change that should fix the compile error. The
>>>>>>>>>> buffer has
>>>>>>>>>> a fixed length now.
>>>>>>>>>>
>>>>>>>>>> https://github.com/RoadRunnr/otp/commit/ad73b09d948d0414132bfca2f67ff0de729fa7b2
>>>>>>>>>>
>>>>>>>>>> https://github.com/RoadRunnr/otp/commit/ad73b09d948d0414132bfca2f67ff0de729fa7b2.patch
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Andreas
>>>>>>>>>>
>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>> Does not compile on Windows.
>>>>>>>>>>>
>>>>>>>>>>> Function SHA1_Update_PAD in crypto.c is not correct. Arrays with
>>>>>>>>>>> dynamic
>>>>>>>>>>> size is not supported by the C standard we use.
>>>>>>>>>>> Use a static array instead, presuming that there is a reasonable
>>>>>>>>>>> upper
>>>>>>>>>>> limit of its size.
>>>>>>>>>>>
>>>>>>>>>>> /Sverker, Erlang/OTP
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Henrik Nord wrote:
>>>>>>>>>>>> Hi
>>>>>>>>>>>>
>>>>>>>>>>>> I have added your branch to 'master'pu' for testing.
>>>>>>>>>>>> Thank you for your contribution!
>>>>>>>>>>>>
>>>>>>>>>>>> On 10/04/2012 06:29 PM, Andreas Schultz wrote:
>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>
>>>>>>>>>>>>> Tree is rebased onto latest master.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Andreas
>>>>>>>>>>>>>
>>>>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>>>>> Would you be so kind as to rebase this branch upon the latest
>>>>>>>>>>>>>> 'master'
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thank you for your contribution!
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On 09/26/2012 07:19 PM, Andreas Schultz wrote:
>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I have implemented the more interesting parts of RFC 4279, RFC
>>>>>>>>>>>>>>> 5487
>>>>>>>>>>>>>>> and RFC 5054 (aka TLS PSK and SRP ciphers). The use and
>>>>>>>>>>>>>>> usefulness
>>>>>>>>>>>>>>> of those ciphers is rather limited, the one notable exception
>>>>>>>>>>>>>>> being
>>>>>>>>>>>>>>> the eID server protocol for German national identity cards
>>>>>>>>>>>>>>> (nPA).
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> The test suite can only verify some PSK suites against openssl
>>>>>>>>>>>>>>> as
>>>>>>>>>>>>>>> currently no openssl version supports them all. There is patch
>>>>>>>>>>>>>>> that add some to openssl, but it has not been  incorporated
>>>>>>>>>>>>>>> into
>>>>>>>>>>>>>>> upstream. GNU-TLS implements some more (but not all) PSK
>>>>>>>>>>>>>>> suites
>>>>>>>>>>>>>>> and I have manually tested interoperability.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Patch info:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> git fetch git://github.com/RoadRunnr/otp.git
>>>>>>>>>>>>>>> tls-psk-srp-suites
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites.patch
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>>> Andreas
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> /Henrik Nord Erlang/OTP
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> /Henrik Nord Erlang/OTP
>>>>>>>>>
>>>>>>>>>
>>



More information about the erlang-patches mailing list