From mboxrd@z Thu Jan 1 00:00:00 1970 From: erik quanstrom Date: Fri, 18 Sep 2015 06:01:30 -0700 To: 9fans@9fans.net Message-ID: <29fe99829da149fd41023ca72d20141a@brasstown.quanstro.net> In-Reply-To: <00ce469417599e7228b4eb1207cba938@felloff.net> References: <00ce469417599e7228b4eb1207cba938@felloff.net> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: Re: [9fans] tls and iphones and ios9 (sigh) Topicbox-Message-UUID: 6aef0f8c-ead9-11e9-9d60-3106f5b1d025 On Fri Sep 18 06:01:44 PDT 2015, cinap_lenrek@felloff.net wrote: > so you need server side support for what cipher suits and protocol > versions exactly? > > the work has been done in 9front libsec and devtls to support ecdhe > and dhe and tls 1.2 on the *client* side at least. so you can start > from there. whats missing is the signing and signature verification > of the dh parameters. quite a bit of work that looks good. thanks. here are some current differences i've got. the - is your version. * i think aes_xts should take u32ints as this is defined in the standard. the assumption that ulong is 32 bits is suspect. * sorry for the ignorance, but why do we need ripemd160? ../../../include/libsec.h:396,403 - /mnt/term/sys/include/libsec.h:407,414 PEMChain*readcertchain(char *filename); /* aes_xts.c */ - int aes_xts_encrypt(ulong tweak[], ulong ecb[], vlong sectorNumber, uchar *input, uchar *output, ulong len) ; - int aes_xts_decrypt(ulong tweak[], ulong ecb[], vlong sectorNumber, uchar *input, uchar *output, ulong len); + int aes_xts_encrypt(u32int tweak[], u32int ecb[], vlong sectorNumber, uchar *input, uchar *output, usize len) ; + int aes_xts_decrypt(u32int tweak[], u32int ecb[], vlong sectorNumber, uchar *input, uchar *output, usize len); typedef struct ECpoint{ int inf; ../../../include/libsec.h:432,439 - /mnt/term/sys/include/libsec.h:443,448 void base58enc(uchar *, char *, int); int base58dec(char *, uchar *, int); - DigestState* ripemd160(uchar *, ulong, uchar *, DigestState *); - /* * Diffie-Hellman key exchange */ - erik