I am back
Tarun Upadhyay
tarunupadhyay@yahoo.com
Fri, 19 May 2000 12:13:43 +0530
Thanks for the help, nikos.
Unfortunately I have been in Virginia for the last week and considering the
brain-dead US crypto laws, I didn't touch any of gnutls there. Right now I
am under tremendous jet lag but will try to get back by tomorrow.
I will have a few more questions then.
Regards
Tarun
----- Original Message -----
From: "Nikos Mavroyanopoulos" <nmav@hellug.gr>
To: <gnutls-dev@gnupg.org>
Sent: Tuesday, May 16, 2000 1:36 PM
Subject: Re: I am back
> On Tue, May 16, 2000 at 01:31:49AM +0530, Tarun Upadhyay wrote:
> > Nikos,
> > Even I am a little busy. however, I will try to work for about 2-3
hours
> > every night on gnutls.
> > Unfortunately, even though I know something about encryption, I have
> > never written a "real" library for web-server. So, you have to guide me
a
> > little. I am reading your code and figuring out things but if you could
> > guide me on exactly where the functions need to be added and how they
fit
> > together then it could be done that much faster.
> > In a nutshell, try giving me at least a broad skeleton of
handshaking
> > API.
>
> Well, the main function in the handshake protocol is gnutls_handshake().
> This does actually everything. Let's say we are on the client side.
> The client sends or receives hello messages (by calling
gnutls_send_hello() to
> send a hello message, or _gnutls_recv_handshake(cd, state, NULL, NULL,
GNUTLS_SERVER_HELLO),
> to receive one.
>
> _gnutls_recv_handshake(...) will receive handshake messages of the
> given type, and will pass the message to the right place in order
> to be processed. Eg. for the SERVER_HELLO message (if it is valid)
> it will be send to _gnutls_recv_hello()).
>
> Since we have a global state, all these functions do use the global
> variables to determine what to send. Eg gnutls_send_hello() does not
require
> any parameters, and will determine from the state an from the available
> cipher suites which to use (currently there is no way for the user
> to select the priority of cipher suites).
>
> Then depending on the algorithm suite we should receive server
> certificates, which is not implemented (dh-anon does not use that).
>
> After that we receive the key exchange message of server by calling:
> _gnutls_recv_server_kx_message(). If that message is not required by
> the cipher suite, that function does nothing. (what is required and not,
> can be set in gnutls_algorithms.c and gnutls_algorithms.h).
>
> After that the client waits for the server hello done message by
> calling: _gnutls_recv_handshake(cd, state, NULL, NULL,
GNUTLS_SERVER_HELLO_DONE);
>
> After that we should send the client certificates (also not implemented).
> This is the time for the client to send the key exchange message
> by calling: _gnutls_send_client_kx_message().
>
> If everything was right we send the change cipher spec packet by
> calling: _gnutls_send_change_cipher_spec().
>
> This is the time to start encryption (initialize the state) with:
> _gnutls_connection_state_init(state). This function initilizes and starts
> encryption (so it needs secrets and random numbers to have been
negotiated)
>
> Then we send the finished packet (_gnutls_send_finished()),
> and we expect the server change cipher spec packet
> ( gnutls_recv_int(cd, state, GNUTLS_CHANGE_CIPHER_SPEC, NULL, 0)).
>
> Then we receive the last message by calling _gnutls_recv_finished(cd,
state),
> and if everything was right, the connection was negotiated.
>
> I know that this help may not be sufficient. Ask me if there is anything
> else. (I should have updated doc/hacking)
>
> > Thanks
> > Tarun
>
> --
> Nikos Mavroyanopoulos
> mailto:nmav@hellug.gr
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com