From tarun at pinelabs.com Mon May 8 08:35:43 2000 From: tarun at pinelabs.com (Tarun Upadhyay) Date: Mon, 8 May 2000 12:05:43 +0530 Subject: I am back Message-ID: <00bb01bfb8b7$b0c500d0$3f00a8c0@FORTYTWO> hi, the delivery schedule is over and I am back. Presently I am studying the code as left by nikos. Plan to put something up by tomorrow. regards tarun From nmav at hellug.gr Sun May 14 23:35:05 2000 From: nmav at hellug.gr (Nikos Mavroyanopoulos) Date: Mon, 15 May 2000 00:35:05 +0300 Subject: I am back In-Reply-To: <00bb01bfb8b7$b0c500d0$3f00a8c0@FORTYTWO>; from tarun@pinelabs.com on Mon, May 08, 2000 at 12:05:43PM +0530 References: <00bb01bfb8b7$b0c500d0$3f00a8c0@FORTYTWO> Message-ID: <20000515003505.A9469@i-net.paiko.gr> On Mon, May 08, 2000 at 12:05:43PM +0530, Tarun Upadhyay wrote: > hi, > the delivery schedule is over and I am back. > Presently I am studying the code as left by nikos. > Plan to put something up by tomorrow. hello, I'm also here (I finally returned home), but I've got a lot of work to do for my university. I really do not know when I'm going to continue development. I've only updated the client and server examples, in order to check both directions for encryption/decryption. > regards > tarun -- Nikos Mavroyanopoulos mailto:nmav at hellug.gr From tarunupadhyay at yahoo.com Mon May 15 22:01:49 2000 From: tarunupadhyay at yahoo.com (Tarun Upadhyay) Date: Tue, 16 May 2000 01:31:49 +0530 Subject: I am back References: <00bb01bfb8b7$b0c500d0$3f00a8c0@FORTYTWO> <20000515003505.A9469@i-net.paiko.gr> Message-ID: <001101bfbea8$6e539da0$0a00a8c0@dontpanic> Nikos, Even I am a little busy. however, I will try to work for about 2-3 hours every night on gnutls. Unfortunately, even though I know something about encryption, I have never written a "real" library for web-server. So, you have to guide me a little. I am reading your code and figuring out things but if you could guide me on exactly where the functions need to be added and how they fit together then it could be done that much faster. In a nutshell, try giving me at least a broad skeleton of handshaking API. Thanks Tarun > On Mon, May 08, 2000 at 12:05:43PM +0530, Tarun Upadhyay wrote: > > hi, > > the delivery schedule is over and I am back. > > Presently I am studying the code as left by nikos. > > Plan to put something up by tomorrow. > hello, I'm also here (I finally returned home), but I've got a lot of work to > do for my university. I really do not know when I'm going to continue development. > I've only updated the client and server examples, in order to check both > directions for encryption/decryption. > > > regards > > tarun > > -- > Nikos Mavroyanopoulos > mailto:nmav at hellug.gr __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com From nmav at hellug.gr Tue May 16 10:06:52 2000 From: nmav at hellug.gr (Nikos Mavroyanopoulos) Date: Tue, 16 May 2000 11:06:52 +0300 Subject: I am back In-Reply-To: <001101bfbea8$6e539da0$0a00a8c0@dontpanic>; from tarunupadhyay@yahoo.com on Tue, May 16, 2000 at 01:31:49AM +0530 References: <00bb01bfb8b7$b0c500d0$3f00a8c0@FORTYTWO> <20000515003505.A9469@i-net.paiko.gr> <001101bfbea8$6e539da0$0a00a8c0@dontpanic> Message-ID: <20000516110651.A6683@i-net.paiko.gr> On Tue, May 16, 2000 at 01:31:49AM +0530, Tarun Upadhyay wrote: > Nikos, > Even I am a little busy. however, I will try to work for about 2-3 hours > every night on gnutls. > Unfortunately, even though I know something about encryption, I have > never written a "real" library for web-server. So, you have to guide me a > little. I am reading your code and figuring out things but if you could > guide me on exactly where the functions need to be added and how they fit > together then it could be done that much faster. > In a nutshell, try giving me at least a broad skeleton of handshaking > API. Well, the main function in the handshake protocol is gnutls_handshake(). This does actually everything. Let's say we are on the client side. The client sends or receives hello messages (by calling gnutls_send_hello() to send a hello message, or _gnutls_recv_handshake(cd, state, NULL, NULL, GNUTLS_SERVER_HELLO), to receive one. _gnutls_recv_handshake(...) will receive handshake messages of the given type, and will pass the message to the right place in order to be processed. Eg. for the SERVER_HELLO message (if it is valid) it will be send to _gnutls_recv_hello()). Since we have a global state, all these functions do use the global variables to determine what to send. Eg gnutls_send_hello() does not require any parameters, and will determine from the state an from the available cipher suites which to use (currently there is no way for the user to select the priority of cipher suites). Then depending on the algorithm suite we should receive server certificates, which is not implemented (dh-anon does not use that). After that we receive the key exchange message of server by calling: _gnutls_recv_server_kx_message(). If that message is not required by the cipher suite, that function does nothing. (what is required and not, can be set in gnutls_algorithms.c and gnutls_algorithms.h). After that the client waits for the server hello done message by calling: _gnutls_recv_handshake(cd, state, NULL, NULL, GNUTLS_SERVER_HELLO_DONE); After that we should send the client certificates (also not implemented). This is the time for the client to send the key exchange message by calling: _gnutls_send_client_kx_message(). If everything was right we send the change cipher spec packet by calling: _gnutls_send_change_cipher_spec(). This is the time to start encryption (initialize the state) with: _gnutls_connection_state_init(state). This function initilizes and starts encryption (so it needs secrets and random numbers to have been negotiated) Then we send the finished packet (_gnutls_send_finished()), and we expect the server change cipher spec packet ( gnutls_recv_int(cd, state, GNUTLS_CHANGE_CIPHER_SPEC, NULL, 0)). Then we receive the last message by calling _gnutls_recv_finished(cd, state), and if everything was right, the connection was negotiated. I know that this help may not be sufficient. Ask me if there is anything else. (I should have updated doc/hacking) > Thanks > Tarun -- Nikos Mavroyanopoulos mailto:nmav at hellug.gr From wk at gnupg.org Tue May 16 11:30:17 2000 From: wk at gnupg.org (Werner Koch) Date: Tue, 16 May 2000 11:30:17 +0200 Subject: Global state (was: I am back) In-Reply-To: <20000516110651.A6683@i-net.paiko.gr>; from nmav@hellug.gr on Tue, May 16, 2000 at 11:06:52AM +0300 References: <00bb01bfb8b7$b0c500d0$3f00a8c0@FORTYTWO> <20000515003505.A9469@i-net.paiko.gr> <001101bfbea8$6e539da0$0a00a8c0@dontpanic> <20000516110651.A6683@i-net.paiko.gr> Message-ID: <20000516113017.B6271@djebel.gnupg.de> On Tue, 16 May 2000, Nikos Mavroyanopoulos wrote: > Since we have a global state, all these functions do use the global > variables to determine what to send. Eg gnutls_send_hello() does not require > any parameters, and will determine from the state an from the available Although I have not lloked at the code for a while, I have one suggestion: Do not use global variables, but pass a handle to a structure which actually is a pointer to an allocated structure carrying the "global" state. This greatly helps to make the lib reentrant. You either need an extra function to create a handle or you imlicitly create the handle by assuming that a handle pointing to NULL has to be initialized - however, you need a function to release the handle anyway (using reference counting is somewhat complicated) and therefore 2 functions would be better. Werner -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk at OpenIT.de D-40233 Duesseldorf http://www.OpenIT.de From tarunupadhyay at yahoo.com Fri May 19 08:43:43 2000 From: tarunupadhyay at yahoo.com (Tarun Upadhyay) Date: Fri, 19 May 2000 12:13:43 +0530 Subject: I am back References: <00bb01bfb8b7$b0c500d0$3f00a8c0@FORTYTWO> <20000515003505.A9469@i-net.paiko.gr> <001101bfbea8$6e539da0$0a00a8c0@dontpanic> <20000516110651.A6683@i-net.paiko.gr> Message-ID: <012601bfc15e$8cea86d0$3f00a8c0@FORTYTWO> Thanks for the help, nikos. Unfortunately I have been in Virginia for the last week and considering the brain-dead US crypto laws, I didn't touch any of gnutls there. Right now I am under tremendous jet lag but will try to get back by tomorrow. I will have a few more questions then. Regards Tarun ----- Original Message ----- From: "Nikos Mavroyanopoulos" To: Sent: Tuesday, May 16, 2000 1:36 PM Subject: Re: I am back > On Tue, May 16, 2000 at 01:31:49AM +0530, Tarun Upadhyay wrote: > > Nikos, > > Even I am a little busy. however, I will try to work for about 2-3 hours > > every night on gnutls. > > Unfortunately, even though I know something about encryption, I have > > never written a "real" library for web-server. So, you have to guide me a > > little. I am reading your code and figuring out things but if you could > > guide me on exactly where the functions need to be added and how they fit > > together then it could be done that much faster. > > In a nutshell, try giving me at least a broad skeleton of handshaking > > API. > > Well, the main function in the handshake protocol is gnutls_handshake(). > This does actually everything. Let's say we are on the client side. > The client sends or receives hello messages (by calling gnutls_send_hello() to > send a hello message, or _gnutls_recv_handshake(cd, state, NULL, NULL, GNUTLS_SERVER_HELLO), > to receive one. > > _gnutls_recv_handshake(...) will receive handshake messages of the > given type, and will pass the message to the right place in order > to be processed. Eg. for the SERVER_HELLO message (if it is valid) > it will be send to _gnutls_recv_hello()). > > Since we have a global state, all these functions do use the global > variables to determine what to send. Eg gnutls_send_hello() does not require > any parameters, and will determine from the state an from the available > cipher suites which to use (currently there is no way for the user > to select the priority of cipher suites). > > Then depending on the algorithm suite we should receive server > certificates, which is not implemented (dh-anon does not use that). > > After that we receive the key exchange message of server by calling: > _gnutls_recv_server_kx_message(). If that message is not required by > the cipher suite, that function does nothing. (what is required and not, > can be set in gnutls_algorithms.c and gnutls_algorithms.h). > > After that the client waits for the server hello done message by > calling: _gnutls_recv_handshake(cd, state, NULL, NULL, GNUTLS_SERVER_HELLO_DONE); > > After that we should send the client certificates (also not implemented). > This is the time for the client to send the key exchange message > by calling: _gnutls_send_client_kx_message(). > > If everything was right we send the change cipher spec packet by > calling: _gnutls_send_change_cipher_spec(). > > This is the time to start encryption (initialize the state) with: > _gnutls_connection_state_init(state). This function initilizes and starts > encryption (so it needs secrets and random numbers to have been negotiated) > > Then we send the finished packet (_gnutls_send_finished()), > and we expect the server change cipher spec packet > ( gnutls_recv_int(cd, state, GNUTLS_CHANGE_CIPHER_SPEC, NULL, 0)). > > Then we receive the last message by calling _gnutls_recv_finished(cd, state), > and if everything was right, the connection was negotiated. > > I know that this help may not be sufficient. Ask me if there is anything > else. (I should have updated doc/hacking) > > > Thanks > > Tarun > > -- > Nikos Mavroyanopoulos > mailto:nmav at hellug.gr __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com