[gnutls-dev] GnuTLS OpenPGP key support

Werner Koch wk at gnupg.org
Tue May 11 14:05:59 CEST 2004

On Tue, 11 May 2004 14:34:46 +0300, Nikos Mavroyanopoulos said:

> On Tuesday 11 May 2004 13:31, Werner Koch wrote:
>> On Sun, 11 Apr 2004 02:35:39 +0300, Nikos Mavroyanopoulos said:
>> > Currently it would help having a second implementation of the openpgp
>> > draft.
>> Did you asked the Caudium or Roxen folks?
> No. I don't know them.

There is a mailing list caudium-general at caudium.net and other stuff as
well. www.gnupg.org runs Caudium.

Caudium and Rozen both use their own SSL implementation which comes
with the Pike language.  Below is some documentation on Pike's SSL.



=== snip ===
Overview of the SSL implementation.


  alert.pike:      Used for creating the alert packets we transmit.
  cipher.pike:     Encryption and MAC algorithms used in SSL.
  connection.pike: SSL packet layer. Inherits handshake.
                   Described below.
  constants.pike:  Protocol constants.
  context.pike:    "Context" state (see below).
  handshake.pike:  SSL handshake and key exchange.
  https.pike:      Dummy https-server. (*)
  packet.pike:     Handle formatting and parsing of packets.
  server.pike:     Not used.
  session.pike:    Session state (see below).
  sslfile.pike:    Interface similar to Stdio.File. Inherits
                   connection and Stdio.File.
  sslport.pike:    Interface similar to Stdio.Port. (*)
  state.pike:      Encryption state.

(*) These files are not currently used by Roxen, and may suffer some


There's lot of state in an SSL-server, at several levels. We start at
the top.

SSL.context keeps the state that is shared by all SSL-connections for
one server (or one port). It includes policy configuration, a server
certificate, the server's private key(s), etc. It also includes the
session cache.

SSL.session: The most important information in a session object is a
choice of encryption algorithms and a "master secret" created by
keyexchange with a client. Each connection can either do a full key
exchange to established a new session, or reuse a previously
established session. That is why we have the session abstraction and
the session cache. Each session is used by one or more connections, in
sequence or simultaneously.

It is also possible to change to a new session in the middle of a

SSL.handshake keeps the state relevant for SSL handshaking. This
includes a pointer to a context object (which doesn't change), various
buffers, a pointer to a session object (reuse or created as
appropriate), and pending read and write states being negotiated.

Each connection will have two sets or read and write state: The
current read and write states used for encryption, and pending read
and write states to be taken into use when the current keyexchange
handshake is finished.

SSL.connection inherits SSL.handshake, and in addition to the state in
the handshake super class, it contains the current read and write
states, packet queues. This object is responsible for receiving and
sending packets, processing handshake packets, and providing a clear
text packages for some application.

SSL.state: At last, the state objects. As described above, a
connection switches from one set of state objects to another, one or
more times during its lifetime. Each state object handles a one-way
stream of packets, and operates in either decryption or encryption


When describing these classes in more detail, let's start from the
other end.


  object session

    For information about the used algorithms.

  object mac

    Message Authentication Code

  object crypt

    Encryption or decryption object

  object seq_num

    64-bit sequence number

  object decrypt_packet(object packet)

    Decrypts a packet (including inflating and MAC-verification, if
    needed). On success, returns the decrypted packet. On failure,
    returns an alert packet. These cases are distinguished by looking
    at the is_alert attribute of the returned packet.

  object encrypt_packet(object packet)

    Encrypts a packet (including deflating and MAC-generation).

SSL.session (inherits cipher)

  string identity

    Session identifier

  int compression_algorithm

    Always COMPRESSION_null.

  int cipher_suite

    Constant defining a choice of keyexchenge, encryption and mac

  object cipher_spec

    Information about the encryption method derived from the

  int ke_method

    Key exchange method, also derived from the cipher_suite.

  string master_secret

    Secret shared with the client. Used for deriving the actual keys.

  void set_cipher_suite(int suite)
  void set_compression_method(int compr)

  array new_server_states(string client_random, string server_random)

    Computes a new set of encryption stetes, derived from the
    client_random, server_random and master_secret strings. Returns an
    array ({ read_state, write_state }).

  array new_client_states(string client_random, string server_random)

    Similar function for the client end.


  object rsa

    The server's private key

  object long_rsa
  object short_rsa

    Temporary, non-certified, private keys, used with a
    server_key_exchange message. The rules are as follows:

    If the negotiated cipher_suite has the "exportable" property, and
    short_rsa is not zero, send a server_key_exchange message with the
    (public part of) the short_rsa key.

    If the negotiated cipher_suite does not have the exportable
    property, and long_rsa is not zero, send a server_key_exchange
    message with the (public part of) the long_rsa key.

    Otherwise, dont send any server_key_exchange message.

  function(int:string) random;

    Used to generate random cookies for the hello-message. If we use
    the RSA keyexchange method, and this is a server, this random
    number generator is not used for generating the master_secret.

  array(string) certificates;

    The server's certificate, or a chain of certificates, with the
    server's certificate first and root certificate last.

  array(int) preferred_auth_methods

    For client authentication. Used only if auth_level is AUTH_ask or

  array(int) preferred_suites

    Cipher suites we want the server to support, best first. 

  array(int) preferred_compressors

    Always ({ COMPRESSION_null })

  int use_cache

    Non-zero to enable cahing of sessions

  int session_lifetime

    Sessions are removed from the cache when they are older than this
    limit (in seconds). Sessions are also removed from the cache if a
    connection using the session dies unexpectedly.

  void export_mode()

    Change the preferred_suites variable to use only exportable

  object new_session()

    Create a new session.

  void record_session(object s)

    Add a session to the cache (if caching is enabled).

  void purge_session(object s)

    Remove a session from the cache.

  object lookup_session(string id)

    Lookup a session identifier in the cache. Returns the
    corresponding session, or zero if it is not found or caching is


  int auth_level

    Policy for client authentication. One of AUTHLEVEL_none,
    AUTHLEVEL_ask and AUTHLEVEL_require.

  array(string) authorities

    Array of authorities that are accepted for client certificates.
    The client will only send certificates that are signed by any of
    these authorities. The string is the DER-encoded issuer.

  object session
  object context

  object pending_read_state
  object pending_write_state

  int handshake_state
  int certificate_state
  int expect_change_cipher

  string my_random
  string other_random

    Random cookies, sent and received with the hello-messages.

  void send_packet(object packet, int|void fatal)

    Prototype. Must be defined in inheriting classes, i.e.

  int handle_handshake(int type, string data, string raw)

    Do handshake processing. Type is one of HANDSHAKE_*, data is the
    contents of the packet, and raw is the raw packet received (needed
    for supporting SSLv2 hello messages).

    This function returns 0 if hadshake is in progress, 0 if handshake
    is finished, and -1 if a fatal error occured. It uses the
    send_packet() function to trasnmit packets.

  void create(int is_server)

    Only create(1) is implemented.

SSL.connection (inherits SSL.handshake)

  object current_read_state
  object current_write_state

  void create(int is_server)

  void set_alert_callback(function(object,int|object,string:void) callback)

    Installs a callback that is called if a bad packet is received.
    Used to implement Roxen's https->http fallback redirect.

  object recv_packet(string data)

    Low-level recieve handler. Returns a packet, an alert, or zero if
    more data is needed to get a complete packet.

  void send_packet(object packet, int|void priority)

    Queues a packet for write.

  string|int got_data(string s)

    Main receive handler. Returns a string of received application
    data, or 1 if a close was received, or -1 if an error occured.

    This function is intended to be called from an i/o read callback.

  string|int to_write()

    Extracts data from the packet queues. Returns "" if there are no
    pending packets, 1 of the connection is being closed politely,
    and -1 if the connection died unexpectedly.

    This function is intended to be called from an i/o write callback.

  void send_close()

    Initiate close.

More information about the Gnutls-devel mailing list