OSDev.org

The Place to Start for Operating System Developers
It is currently Thu Mar 28, 2024 4:15 pm

All times are UTC - 6 hours




Post new topic Reply to topic  [ 21 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: Re: SSL/TLS
PostPosted: Sat May 21, 2016 4:47 am 
Offline
Member
Member

Joined: Wed Jun 03, 2015 5:03 am
Posts: 397
SpyderTL wrote:
I think that the technical byte-by-byte packet definition of the SSL standard(s) deserves it's own page

In fact it's about mathematics. If you understand the math then it's simple to pack the bytes as required.

In case of RSA algorithm it's relatively simple. Just google the "RSA" and the first link is a good start for it. After understanding RSA it is possible to read about something more complex.
SpyderTL wrote:
I understand that you understand how it all fits together, but someone just starting in OS Development or Network Security is going to have a hard time picking it apart.

The overall picture is relatively simple, so you can tell what doesn't fit in your head and we can help you. But if you want to understand the algorithms and why they are as they are then it's time to study a lot of mathematics. And that's why it is important to have an introductory page about security, where the big picture can be shown and links for further study can be provided.

_________________
My previous account (embryo) was accidentally deleted, so I have no chance but to use something new. But may be it was a good lesson about software reliability :)


Top
 Profile  
 
 Post subject: Re: SSL/TLS
PostPosted: Fri May 27, 2016 3:44 pm 
Offline
Member
Member
User avatar

Joined: Sun Sep 19, 2010 10:05 pm
Posts: 1074
embryo2 wrote:
The overall picture is relatively simple, so you can tell what doesn't fit in your head and we can help you. But if you want to understand the algorithms and why they are as they are then it's time to study a lot of mathematics. And that's why it is important to have an introductory page about security, where the big picture can be shown and links for further study can be provided.

I was just pointing out that there was a lot of technical information about the packets, themselves, that was missing, and would be needed to implement this in a hobby OS. It seemed like the article was, to use an analogy, jumping directly to HTML without first describing HTTP, or TCP/IP, or Ethernet. :)


lpoulain wrote:
I've split the page into 3. I will also work on adding more details about the TLS packets.

Thanks. I think that works much better. I added a few enums and header structs as well. I'll try to add some more when I get some free time.


lpoulain wrote:
But the best way to understand how they are formed is to examine at a TLS communication using Wireshark.

#-o

Please don't put that on the wiki page :)

_________________
Project: OZone
Source: GitHub
Current Task: LIB/OBJ file support
"The more they overthink the plumbing, the easier it is to stop up the drain." - Montgomery Scott


Top
 Profile  
 
 Post subject: Re: SSL/TLS
PostPosted: Sat May 28, 2016 2:58 am 
Offline
Member
Member

Joined: Wed Jun 03, 2015 5:03 am
Posts: 397
SpyderTL wrote:
I was just pointing out that there was a lot of technical information about the packets, themselves, that was missing, and would be needed to implement this in a hobby OS.

But the article is just an introduction and it would be too large if all details should be present. And there's the link to the TLS protocol specification. May be it's also can be helpful to add the wikipedia link.

It's more interesting how to separate OSDev wiki from the wikipedia.org, because there are some similar sections. Wikipedia.org provides some general information on the subject while OSDev wiki can provide something specific to OSDev, but it is also possible to describe something in a more clear manner than it is the case for wikipedia.org. In case of TLS I think there's nothing special for the OSDev wiki to provide, but for the security it's the important information how to design a secure OS, so it seems as a good idea to have OSDev specific security page.

_________________
My previous account (embryo) was accidentally deleted, so I have no chance but to use something new. But may be it was a good lesson about software reliability :)


Top
 Profile  
 
 Post subject: Re: SSL/TLS
PostPosted: Mon May 30, 2016 3:01 pm 
Offline
Member
Member

Joined: Mon Dec 21, 2015 7:09 pm
Posts: 38
@SpyderTL: believe or not, the format of the TLS packets was the easiest part to code when I implemented TLS. The hardest part was how the crypto algorithms are used in practice by TLS, which is what I focused on the wiki. I might add a section about very large number computation (e.g. how to compute a ^ b mod c when using 1024-bit integers)

@Embryo2: If you manage to get a Security page stub referenced in the main wiki page I will gladly contribute to it (BTW it would be nice if the Networking page was referenced as well). But I feel like an InfoSec page found only by searching isn't likely to be read by many people, if any.


Top
 Profile  
 
 Post subject: Re: SSL/TLS
PostPosted: Mon May 30, 2016 4:05 pm 
Offline
Member
Member
User avatar

Joined: Sun Sep 19, 2010 10:05 pm
Posts: 1074
The Security page is actually on the old "short" main page, but not on the new "expanded" main page. I've already asked to get it added to the new main page.

And it doesn't do any good to explain what values go in the packets without including "where" in the packet those values go...

I've added a few details already, but I'll add more when I get some time.

_________________
Project: OZone
Source: GitHub
Current Task: LIB/OBJ file support
"The more they overthink the plumbing, the easier it is to stop up the drain." - Montgomery Scott


Top
 Profile  
 
 Post subject: Re: SSL/TLS
PostPosted: Tue May 31, 2016 9:12 pm 
Offline
Member
Member

Joined: Mon Dec 21, 2015 7:09 pm
Posts: 38
I have updated the Handshake page and described in greater detail what each message corresponds to. I couldn't always use some C code as the message size can vary.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 21 posts ]  Go to page Previous  1, 2

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 19 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group