Created on 2019-08-26 08:49 by wingel71, last changed 2021-04-07 13:57 by wingel71.
| Pull Requests | |||
|---|---|---|---|
| URL | Status | Linked | Edit |
| PR 25255 | open | wingel71, 2021-04-07 13:57 | |
| Messages (4) | |||
|---|---|---|---|
| msg350512 - (view) | Author: Christer Weinigel (wingel71) * | Date: 2019-08-26 08:49 | |
Add support for the export_keying_material function to the SSL library. Tested with Python 3.7.4 and Python master branch: https://github.com/wingel/cpython/tree/export_keying_material-3.7.4 https://github.com/wingel/cpython/tree/export_keying_material-master Is this the correct format for a patch? Should I include the automatically generated clinic changes in my patch or not? What about the "versionadded::" string in the documentation? Should I include a line like that or does it only generate unneccessary conflicts? Anything else I need to do? |
|||
| msg350513 - (view) | Author: Christian Heimes (christian.heimes) *  |
Date: 2019-08-26 09:16 | |
Could you please explain the purpose of the feature and why you want to expose the interface? What's the use case? As this is a new feature, Python 3.7 and 3.8 are out of scope. |
|||
| msg350514 - (view) | Author: Christer Weinigel (wingel71) * | Date: 2019-08-26 09:31 | |
I'm doing an implementation of the NTS protocol for my customer Netnod: https://github.com/Netnod/nts-poc-python NTS is draft RFC on its way to become a standard: https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp/ NTS requires the export_keying_material functionality as described in RFC5705. Basically it's a part of the TLS standard, is used by 10 existing protocols with more on the way. And I can't implement a NTS key establishment server or client without the function. That's why I added the functionality and verified that it works both with the stable 3.7.4 release and with the master branch of the cpython repository. I tested with 3.7.4 first on my machine because that's the release of Python that comes with Ubuntu and I wanted to have as few differences as as possible compared to the distribution version. I then forward ported the patch to the master branch and verified that my NTS implementation still works with that branch. |
|||
| msg390433 - (view) | Author: Christer Weinigel (wingel71) * | Date: 2021-04-07 13:51 | |
OpenSSL has a function to "SSL_export_keying_material" as described in RFC5705. This functionality is needed to be able to support a bunch of other protocols such as "Network Time Security for the Network Time Protocol" which has now become a proper RFC as RFC8915. There are half a dozen other RFCs which also use this functionality. I have written a patch to add support for this function which can be found on github: https://github.com/wingel/cpython And it is used in my implementation of the NTS procotol which can also be found on github: https://github.com/Netnod/nts-poc-python It would be very nice if mainline Python could support for this function in the future so that I don't have to maintain a patched version of Python for this. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2021-04-07 13:57:39 | wingel71 | set | keywords:
+ patch stage: patch review pull_requests: + pull_request23991 |
| 2021-04-07 13:51:42 | wingel71 | set | messages:
+ msg390433 versions: + Python 3.10, - Python 3.9 |
| 2019-08-26 09:31:13 | wingel71 | set | messages: + msg350514 |
| 2019-08-26 09:16:27 | christian.heimes | set | messages:
+ msg350513 versions: - Python 3.7 |
| 2019-08-26 08:49:04 | wingel71 | create | |