[gnutls-dev] GnuTLS 1.2.8 with TLS Inner Application (TLS/IA) support

[Simon Josefsson]

We are pleased to present a customized version of GnuTLS 1.2.8 that
adds an implementation of the TLS Inner Application (TLS/IA) protocol.

The TLS/IA protocol was designed to be used in the EAP-TTLSv1
protocol, to perform user authentication of Wireless LAN network nodes
using IEEE 802.1x.  The TLS/IA and TTLSv1 protocols were published
through the IETF and descriptions can be found at:

http://josefsson.org/tlsia/draft-funk-tls-inner-application-extension-01.txt
http://josefsson.org/tlsia/draft-ietf-pppext-eap-ttls-05.txt

The goal is to merge this TLS/IA branch with the main development
branch (1.3.x) and then to investigate how EAP-TTLSv1 can be
implemented.  We invite suggestions and comments on these matters.

This work was done by Simon Josefsson Datakonsult in close
co-operation with Emile van Bergen of E-advies, under commission for
Lumiad.

Lumiad is a Dutch based privately held company. Lumiad is specialized
in wireless applications and wireless security solutions. Lumiad
supports open source projects, from which large parts will be used in
Lumiad products.  Lumiad was happy to sponsor this specific TLS/IA
module.  We see this module as a first step for the correct
implementation of the EAP-TTLSV1 standard in open source products.
http://www.lumiad.nl/

E-advies is a privately held company based in the Netherlands that
designs and develops software and solutions, and provides consultancy
in telecommunications and storage.  Its flagship product is
OpenRADIUS, an industrial strength RADIUS server that offers complete
freedom in policy definition, and is available under the GNU General
Public License.

Simon Josefsson Datakonsult, a Stockholm based privately held company
that specialize in development and standardization of security and
internationalization technologies, is currently funding GnuTLS
maintenance.  Commercial support contracts for GnuTLS are available,
and they help finance continued maintenance.

GnuTLS is a modern C library that implement the standard network
security protocol Transport Layer Security (TLS), for use by network
applications.

The NEWS entries for this release are:

- GnuTLS now support TLS Inner application (TLS/IA) as per
  draft-funk-tls-inner-application-extension-01.  This functionality
  is added to libgnutls-extra, so it is licensed under the GPL.
- API and ABI modifications:
  gnutls_ia_handshake: New function, to perform TLS/IA handshake.

  gnutls_ia_handshake_p: New function, a predicate to decide whether
    to TLS/IA handshake.

  gnutls_ia_free_client_credentials,
  gnutls_ia_allocate_client_credentials,
  gnutls_ia_free_server_credentials,
  gnutls_ia_allocate_server_credentials: New functions to allocate a
    TLS/IA credential.

  gnutls_ia_set_client_avp_function,
  gnutls_ia_set_server_avp_function,
  gnutls_ia_set_client_avp_ptr,
  gnutls_ia_get_client_avp_ptr,
  gnutls_ia_set_server_avp_ptr,
  gnutls_ia_get_server_avp_ptr: New functions to handle the AVP callback.

  gnutls_ia_require_inner_phase: New functions, to toggle TLS/IA
    application phases.

  gnutls_ia_permute_inner_secret: New function to mix session keys
    with inner secret.

  gnutls_ia_endphase_send,
  gnutls_ia_send,
  gnutls_ia_recv: Low-level API.

  gnutls_ia_generate_challenge,
  gnutls_ia_extract_inner_secret: New functions that can be used
    after successful TLS/IA negotiation.

  gnutls_ia_mode_t: Enum type with TLS/IA modes.

  gnutls_ia_apptype_t: Enum type with TLS/IA packet types.

  GNUTLS_A_INNER_APPLICATION_FAILURE,
  GNUTLS_A_INNER_APPLICATION_VERIFICATION: Enum values for TLS/IA alerts.

  GNUTLS_E_WARNING_IA_IPHF_RECEIVED,
  GNUTLS_E_WARNING_IA_FPHF_RECEIVED: New error codes, to signal when
    an application phase has finished.
  GNUTLS_E_IA_VERIFY_FAILED: New error code to signal TLS/IA verify failure.

If you need help to use GnuTLS, or want to help others, you are
invited to join our help-gnutls mailing list, see:
<http://lists.gnu.org/mailman/listinfo/help-gnutls>.

The project page of the library is available at:
  http://josefsson.org/gnutls/

Here are the compressed sources:
  http://josefsson.org/gnutls/releases/tlsia/gnutls-1.2.8+ia.1.tar.bz2 (2.5MB)

Here are GPG detached signatures signed using key 0xB565716F:
  http://josefsson.org/gnutls/releases/tlsia/gnutls-1.2.8+ia.1.tar.bz2.sig

The software is cryptographically signed by the author using an
OpenPGP key identified by the following information:
  1280R/B565716F 2002-05-05 [expires: 2006-02-28]
  Key fingerprint = 0424 D4EE 81A0 E3D1 19C6  F835 EDA2 1E94 B565 716F

The key is available from:
  http://josefsson.org/key.txt
  dns:b565716f.josefsson.org?TYPE=CERT

Here are the SHA-1 checksums:

4296d3bcdd32f11df9b3ea16f1811f4bc6569fd9  gnutls-1.2.8+ia.1.tar.bz2
da6445dfb716adbbcb696a205f0361c0add2a9e1  gnutls-1.2.8+ia.1.tar.bz2.sig

Enjoy,
Simon