status update - end of july 2011

26 views
Skip to first unread message

Paul Querna

unread,
Jul 31, 2011, 1:03:41 PM7/31/11
to selen...@googlegroups.com
Updated the TODO:
<https://github.com/pquerna/selene/blob/master/TODO.md>

Okay, so I've started banging out wrappers around digests + HMACs.

Currently targeting both OpenSSL and OSX's CommonCrypto for the first
two backends -- it should accommodate windows crypto APIs
<http://en.wikipedia.org/wiki/Microsoft_CryptoAPI> without any changes
I believe.

Next up is getting the PRF + pre-master-key / master key generation
working. After that, going to focus on getting the HMACs throughout
the handshake to get generated correctly. (This is going to need some
struct mangling in the later stages)

Once the PRF is done, we should be just about ready to finish the
handshake.... and then its just bug fixing + hardening before
0.1.0.... there is light at the end of that tunnel.

I'll also be at defcon in vegas this coming weekend in vegas if anyone
wants to talk tls.

Paul Querna

unread,
Sep 11, 2011, 6:55:45 PM9/11/11
to selen...@googlegroups.com
Update, early September.

On Sun, Jul 31, 2011 at 10:03 AM, Paul Querna <pa...@querna.org> wrote:
> Updated the TODO:
>  <https://github.com/pquerna/selene/blob/master/TODO.md>

TODO updated in master.


> Okay, so I've started banging out wrappers around digests + HMACs.
>
> Currently targeting both OpenSSL and OSX's CommonCrypto for the first
> two backends -- it should accommodate windows crypto APIs
> <http://en.wikipedia.org/wiki/Microsoft_CryptoAPI> without any changes
> I believe.

Mostly done.

Digests, HMACs, Ciphers are all backed by both OpenSSL and OSX's
CommonCrypto libraries.

Key Exchange using RSA is currently only supported by the openssl
backend. OSX does have methods for this, (main api is CSSM_SignData),
but I've not had time to dig into getting it to work. I'm unsure
about all the APIs to go from the public modulus of the RSA key to the
structures that CSSM uses... its all there, just need to dig and find
out how.

> Next up is getting the PRF + pre-master-key / master key generation
> working.  After that, going to focus on getting the HMACs throughout
> the handshake to get generated correctly. (This is going to need some
> struct mangling in the later stages)

PRF work is done.

Currently messing with tls_io.c to get the handshakes and encrypted
messages going out. Keys are actually exchanged (woooo), but we
aren't yet switching to full encrypted traffic quite yet.

Reply all
Reply to author
Forward
0 new messages