[erlang-patches] TLS: add PSK and SRP cipher suites

Andreas Schultz aschultz@REDACTED
Mon Jan 21 14:16:24 CET 2013


Hi,

patch is rebased.

Andreas

----- Original Message -----
> Hello,
> Could you rebase this patch upon the current 'master' branch?
> 
> BR Fredrik Gustafsson
> Erlang OTP Team
> On 01/16/2013 01:20 PM, Andreas Schultz wrote:
> > Hi Fredrik,
> >
> > I just realized that I'm still using the ?line macro in the new SRP crypto
> > test.
> >
> > Should I remove it?
> >
> > Andreas
> >
> > ----- Original Message -----
> >> Thanks,
> >> I have re-fetched and building it now with the rest of the patches in
> >> the 'master-pu' branch.
> >>
> >> BR Fredrik Gustafsson
> >> Erlang OTP Team
> >> On 01/15/2013 08:19 PM, Andreas Schultz wrote:
> >>> Hi,
> >>>
> >>> I have address the issues:
> >>>
> >>>    * documentation for SSL API options added
> >>>    * header files internalized
> >>>    * crypto function generalized and support for multiple SRP variants
> >>>
> >>> New version can be found here:
> >>>
> >>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites
> >>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites.patch
> >>>
> >>>
> >>> Even if the PSK and SRP do not make it into R16, could you consider the
> >>> first two
> >>> changesets from this series, please? They are mostly code consolidations,
> >>> making
> >>> adding new key exchange algorithms much simpler.
> >>>
> >>> https://github.com/RoadRunnr/otp/compare/master...cf4512a
> >>> https://github.com/RoadRunnr/otp/compare/master...cf4512a.patch
> >>>
> >>> Andreas
> >>>
> >>> ----- Original Message -----
> >>>> Hello Andreas,
> >>>> Your patch has finally been into review and the response was:
> >>>> "
> >>>>
> >>>>     * The patch introduces new API options without documenting them.
> >>>>     * The patch introduces new include file ssl_srp.hrl that I think
> >>>>     shall
> >>>>       be internal and put in src. It is undesirable to have records in
> >>>>       the
> >>>>       user API as it makes the user application compile time dependent
> >>>>       on
> >>>>       our code, better to use a proplist and then create the record
> >>>>       internally. (Yes "sslsocket" is a record due to legacy)
> >>>>     * The patch introduces new include file ssl_srp_primes.hrl I think
> >>>>     it
> >>>>       feels better to input such values as atoms and internaly uses the
> >>>>       macros defined in this file, that would be more consistent with
> >>>>       the
> >>>>       rest of the API.
> >>>>     * Functions in crypto being named TLS something seems a little
> >>>>       strange, is this necessary?!
> >>>>
> >>>> "
> >>>> Please correct this and give me a notice when it is done.
> >>>>
> >>>> BR Fredrik Gustafsson
> >>>> Erlang OTP Team
> >>>> On 10/12/2012 11:38 AM, Henrik Nord wrote:
> >>>>> refetching
> >>>>>
> >>>>> On 10/12/2012 10:27 AM, Andreas Schultz wrote:
> >>>>>> Hi Henrik,
> >>>>>>
> >>>>>> When I rebased my changes to the current master, a change crept in
> >>>>>> that
> >>>>>> shouldn't have:
> >>>>>>
> >>>>>> https://github.com/erlang/otp/commit/747ce9191f4dc7558e12e2b6e5696396392ffbd8
> >>>>>>
> >>>>>>
> >>>>>> I have removed it from my tree and pushed it.
> >>>>>>
> >>>>>> Andreas
> >>>>>>
> >>>>>> ----- Original Message -----
> >>>>>>> Thanks, I will refetch!
> >>>>>>> On 10/11/2012 12:49 PM, Andreas Schultz wrote:
> >>>>>>>> Hi,
> >>>>>>>>
> >>>>>>>> I have pushed a change that should fix the compile error. The
> >>>>>>>> buffer has
> >>>>>>>> a fixed length now.
> >>>>>>>>
> >>>>>>>> https://github.com/RoadRunnr/otp/commit/ad73b09d948d0414132bfca2f67ff0de729fa7b2
> >>>>>>>>
> >>>>>>>> https://github.com/RoadRunnr/otp/commit/ad73b09d948d0414132bfca2f67ff0de729fa7b2.patch
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> Andreas
> >>>>>>>>
> >>>>>>>> ----- Original Message -----
> >>>>>>>>> Does not compile on Windows.
> >>>>>>>>>
> >>>>>>>>> Function SHA1_Update_PAD in crypto.c is not correct. Arrays with
> >>>>>>>>> dynamic
> >>>>>>>>> size is not supported by the C standard we use.
> >>>>>>>>> Use a static array instead, presuming that there is a reasonable
> >>>>>>>>> upper
> >>>>>>>>> limit of its size.
> >>>>>>>>>
> >>>>>>>>> /Sverker, Erlang/OTP
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> Henrik Nord wrote:
> >>>>>>>>>> Hi
> >>>>>>>>>>
> >>>>>>>>>> I have added your branch to 'master'pu' for testing.
> >>>>>>>>>> Thank you for your contribution!
> >>>>>>>>>>
> >>>>>>>>>> On 10/04/2012 06:29 PM, Andreas Schultz wrote:
> >>>>>>>>>>> Hi,
> >>>>>>>>>>>
> >>>>>>>>>>> Tree is rebased onto latest master.
> >>>>>>>>>>>
> >>>>>>>>>>> Andreas
> >>>>>>>>>>>
> >>>>>>>>>>> ----- Original Message -----
> >>>>>>>>>>>> Would you be so kind as to rebase this branch upon the latest
> >>>>>>>>>>>> 'master'
> >>>>>>>>>>>>
> >>>>>>>>>>>> Thank you for your contribution!
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> On 09/26/2012 07:19 PM, Andreas Schultz wrote:
> >>>>>>>>>>>>> Hi,
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> I have implemented the more interesting parts of RFC 4279, RFC
> >>>>>>>>>>>>> 5487
> >>>>>>>>>>>>> and RFC 5054 (aka TLS PSK and SRP ciphers). The use and
> >>>>>>>>>>>>> usefulness
> >>>>>>>>>>>>> of those ciphers is rather limited, the one notable exception
> >>>>>>>>>>>>> being
> >>>>>>>>>>>>> the eID server protocol for German national identity cards
> >>>>>>>>>>>>> (nPA).
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> The test suite can only verify some PSK suites against openssl
> >>>>>>>>>>>>> as
> >>>>>>>>>>>>> currently no openssl version supports them all. There is patch
> >>>>>>>>>>>>> that add some to openssl, but it has not been  incorporated
> >>>>>>>>>>>>> into
> >>>>>>>>>>>>> upstream. GNU-TLS implements some more (but not all) PSK
> >>>>>>>>>>>>> suites
> >>>>>>>>>>>>> and I have manually tested interoperability.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Patch info:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> git fetch git://github.com/RoadRunnr/otp.git
> >>>>>>>>>>>>> tls-psk-srp-suites
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites.patch
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Regards
> >>>>>>>>>>>>> Andreas
> >>>>>>>>>>>> --
> >>>>>>>>>>>> /Henrik Nord Erlang/OTP
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>> --
> >>>>>>> /Henrik Nord Erlang/OTP
> >>>>>>>
> >>>>>>>
> >>
> 
> 

-- 
-- 
Dipl. Inform.
Andreas Schultz

email: as@REDACTED
phone: +49-391-819099-224
mobil: +49-170-2226073

------------------ managed broadband access ------------------

Travelping GmbH               phone:           +49-391-8190990
Roentgenstr. 13               fax:           +49-391-819099299
D-39108 Magdeburg             email:       info@REDACTED
GERMANY                       web:   http://www.travelping.com

Company Registration: HRB21276 Handelsregistergericht Chemnitz
Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
--------------------------------------------------------------




More information about the erlang-patches mailing list