[erlang-patches] TLS: add PSK and SRP cipher suites

Fredrik <>
Mon Jan 21 14:09:45 CET 2013


Hello,
Could you rebase this patch upon the current 'master' branch?

BR Fredrik Gustafsson
Erlang OTP Team
On 01/16/2013 01:20 PM, Andreas Schultz wrote:
> Hi Fredrik,
>
> I just realized that I'm still using the ?line macro in the new SRP crypto test.
>
> Should I remove it?
>
> Andreas
>
> ----- Original Message -----
>> Thanks,
>> I have re-fetched and building it now with the rest of the patches in
>> the 'master-pu' branch.
>>
>> BR Fredrik Gustafsson
>> Erlang OTP Team
>> On 01/15/2013 08:19 PM, Andreas Schultz wrote:
>>> Hi,
>>>
>>> I have address the issues:
>>>
>>>    * documentation for SSL API options added
>>>    * header files internalized
>>>    * crypto function generalized and support for multiple SRP variants
>>>
>>> New version can be found here:
>>>
>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites
>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites.patch
>>>
>>>
>>> Even if the PSK and SRP do not make it into R16, could you consider the
>>> first two
>>> changesets from this series, please? They are mostly code consolidations,
>>> making
>>> adding new key exchange algorithms much simpler.
>>>
>>> https://github.com/RoadRunnr/otp/compare/master...cf4512a
>>> https://github.com/RoadRunnr/otp/compare/master...cf4512a.patch
>>>
>>> Andreas
>>>
>>> ----- Original Message -----
>>>> Hello Andreas,
>>>> Your patch has finally been into review and the response was:
>>>> "
>>>>
>>>>     * The patch introduces new API options without documenting them.
>>>>     * The patch introduces new include file ssl_srp.hrl that I think shall
>>>>       be internal and put in src. It is undesirable to have records in the
>>>>       user API as it makes the user application compile time dependent on
>>>>       our code, better to use a proplist and then create the record
>>>>       internally. (Yes "sslsocket" is a record due to legacy)
>>>>     * The patch introduces new include file ssl_srp_primes.hrl I think it
>>>>       feels better to input such values as atoms and internaly uses the
>>>>       macros defined in this file, that would be more consistent with the
>>>>       rest of the API.
>>>>     * Functions in crypto being named TLS something seems a little
>>>>       strange, is this necessary?!
>>>>
>>>> "
>>>> Please correct this and give me a notice when it is done.
>>>>
>>>> BR Fredrik Gustafsson
>>>> Erlang OTP Team
>>>> On 10/12/2012 11:38 AM, Henrik Nord wrote:
>>>>> refetching
>>>>>
>>>>> On 10/12/2012 10:27 AM, Andreas Schultz wrote:
>>>>>> Hi Henrik,
>>>>>>
>>>>>> When I rebased my changes to the current master, a change crept in that
>>>>>> shouldn't have:
>>>>>>
>>>>>> https://github.com/erlang/otp/commit/747ce9191f4dc7558e12e2b6e5696396392ffbd8
>>>>>>
>>>>>>
>>>>>> I have removed it from my tree and pushed it.
>>>>>>
>>>>>> Andreas
>>>>>>
>>>>>> ----- Original Message -----
>>>>>>> Thanks, I will refetch!
>>>>>>> On 10/11/2012 12:49 PM, Andreas Schultz wrote:
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I have pushed a change that should fix the compile error. The
>>>>>>>> buffer has
>>>>>>>> a fixed length now.
>>>>>>>>
>>>>>>>> https://github.com/RoadRunnr/otp/commit/ad73b09d948d0414132bfca2f67ff0de729fa7b2
>>>>>>>>
>>>>>>>> https://github.com/RoadRunnr/otp/commit/ad73b09d948d0414132bfca2f67ff0de729fa7b2.patch
>>>>>>>>
>>>>>>>>
>>>>>>>> Andreas
>>>>>>>>
>>>>>>>> ----- Original Message -----
>>>>>>>>> Does not compile on Windows.
>>>>>>>>>
>>>>>>>>> Function SHA1_Update_PAD in crypto.c is not correct. Arrays with
>>>>>>>>> dynamic
>>>>>>>>> size is not supported by the C standard we use.
>>>>>>>>> Use a static array instead, presuming that there is a reasonable
>>>>>>>>> upper
>>>>>>>>> limit of its size.
>>>>>>>>>
>>>>>>>>> /Sverker, Erlang/OTP
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Henrik Nord wrote:
>>>>>>>>>> Hi
>>>>>>>>>>
>>>>>>>>>> I have added your branch to 'master'pu' for testing.
>>>>>>>>>> Thank you for your contribution!
>>>>>>>>>>
>>>>>>>>>> On 10/04/2012 06:29 PM, Andreas Schultz wrote:
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>> Tree is rebased onto latest master.
>>>>>>>>>>>
>>>>>>>>>>> Andreas
>>>>>>>>>>>
>>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>>> Would you be so kind as to rebase this branch upon the latest
>>>>>>>>>>>> 'master'
>>>>>>>>>>>>
>>>>>>>>>>>> Thank you for your contribution!
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On 09/26/2012 07:19 PM, Andreas Schultz wrote:
>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>
>>>>>>>>>>>>> I have implemented the more interesting parts of RFC 4279, RFC
>>>>>>>>>>>>> 5487
>>>>>>>>>>>>> and RFC 5054 (aka TLS PSK and SRP ciphers). The use and
>>>>>>>>>>>>> usefulness
>>>>>>>>>>>>> of those ciphers is rather limited, the one notable exception
>>>>>>>>>>>>> being
>>>>>>>>>>>>> the eID server protocol for German national identity cards
>>>>>>>>>>>>> (nPA).
>>>>>>>>>>>>>
>>>>>>>>>>>>> The test suite can only verify some PSK suites against openssl
>>>>>>>>>>>>> as
>>>>>>>>>>>>> currently no openssl version supports them all. There is patch
>>>>>>>>>>>>> that add some to openssl, but it has not been  incorporated
>>>>>>>>>>>>> into
>>>>>>>>>>>>> upstream. GNU-TLS implements some more (but not all) PSK
>>>>>>>>>>>>> suites
>>>>>>>>>>>>> and I have manually tested interoperability.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Patch info:
>>>>>>>>>>>>>
>>>>>>>>>>>>> git fetch git://github.com/RoadRunnr/otp.git
>>>>>>>>>>>>> tls-psk-srp-suites
>>>>>>>>>>>>>
>>>>>>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites
>>>>>>>>>>>>>
>>>>>>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites.patch
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards
>>>>>>>>>>>>> Andreas
>>>>>>>>>>>> --
>>>>>>>>>>>> /Henrik Nord Erlang/OTP
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>> --
>>>>>>> /Henrik Nord Erlang/OTP
>>>>>>>
>>>>>>>
>>



More information about the erlang-patches mailing list