Table of Contents
Introduction xxvii
Chapter 1 Understanding Internet Security 1
What Are Secure Sockets? 2
“Insecure” Communications: Understanding the HTTP Protocol 4
Implementing an HTTP Client 5
Adding Support for HTTP Proxies 12
Reliable Transmission of Binary Data with Base64 Encoding 17
Implementing an HTTP Server 21
Roadmap for the Rest of This Book 27
Chapter 2 Protecting Against Eavesdroppers with Symmetric Cryptography 29
Understanding Block Cipher Cryptography Algorithms 30
Implementing the Data Encryption Standard (DES) Algorithm 31
DES Initial Permutation 34
DES Key Schedule 38
DES Expansion Function 40
DES Decryption 45
Padding and Chaining in Block Cipher Algorithms 46
Using the Triple-DES Encryption Algorithm to Increase Key Length 55
Faster Encryption with the Advanced Encryption Standard (AES) Algorithm 60
AES Key Schedule Computation 60
AES Encryption 67
Other Block Cipher Algorithms 83
Understanding Stream Cipher Algorithms 83
Understanding and Implementing the RC4 Algorithm 84
Chapter 3 Converting a Block Cipher to a Stream Cipher: The OFB and COUNTER Block-Chaining Modes 90
Secure Key Exchange over an Insecure Medium with Public Key Cryptography 91
Understanding the Theory Behind the RSA Algorithm 92
Performing Arbitrary Precision Binary Math to Implement Public-Key Cryptography 93
Implementing Large-Number Addition 93
Implementing Large-Number Subtraction 98
Implementing Large-Number Multiplication 101
Implementing Large-Number Division 106
Comparing Large Numbers 109
Optimizing for Modulo Arithmetic 112
Using Modulus Operations to Efficiently Compute Discrete Logarithms in a Finite Field 113
Encryption and Decryption with RSA 114
Encrypting with RSA 115
Decrypting with RSA 119
Encrypting a Plaintext Message 120
Decrypting an RSA-Encrypted Message 124
Testing RSA Encryption and Decryption 126
Achieving Perfect Forward Secrecy with Diffie-Hellman Key Exchange 130
Getting More Security per Key Bit: Elliptic Curve Cryptography 132
How Elliptic Curve Cryptography Relies on Modular Inversions 135
Using the Euclidean Algorithm to compute Greatest Common Denominators 135
Computing Modular Inversions with the Extended Euclidean Algorithm 137
Adding Negative Number Support to the Huge Number Library 138
Supporting Negative Remainders 147
Making ECC Work with Whole Integers: Elliptic-Curve Cryptography over Fp 150
Reimplementing Diffie-Hellman to Use ECC Primitives 150
Why Elliptic-Curve Cryptography? 154
Chapter 4 Authenticating Communications Using Digital Signatures 157
Using Message Digests to Create Secure Document Surrogates 158
Implementing the MD5 Digest Algorithm 159
Understanding MD 5 160
A Secure Hashing Example 161
Securely Hashing a Single Block of Data 166
MD5 Vulnerabilities 169
Increasing Collision Resistance with the SHA- 1
Digest Algorithm 171
Understanding SHA-1 Block Computation 171
Understanding the SHA-1 Input Processing Function 174
Understanding SHA-1 Finalization 176
Even More Collision Resistance with the SHA- 256
Digest Algorithm 180
Preventing Replay Attacks with the HMAC Keyed-Hash Algorithm 184
Implementing a Secure HMAC Algorithm 186
Completing the HMAC Operation 190
Creating Updateable Hash Functions 190
Defining a Digest Structure 191
Appending the Length to the Last Block 194
Computing the MD5 Hash of an Entire File 196
Where Does All of This Fit into SSL? 200
Understanding Digital Signature Algorithm (DSA) Signatures 201
Implementing Sender-Side DSA Signature Generation 202
Implementing Receiver-Side DSA Signature Verification 205
How to Make DSA Efficient 209
Getting More Security per Bit: Elliptic Curve DSA 210
Rewriting the Elliptic-Curve Math Functions to Support Large Numbers 211
Implementing ECDSA 215
Generating ECC Keypairs 218
Chapter 5 Creating a Network of Trust Using X.509 Certificates 221
Putting It Together: The Secure Channel Protocol 222
Encoding with ASN.1 225
Understanding Signed Certificate Structure 225
Version 226
serialNumber 227
signature 227
issuer 229
validity 232
subject 233
subjectPublicKeyInfo 235
extensions 237
Signed Certificates 238
Summary of X.509 Certificates 241
Transmitting Certificates with ASN.1 Distinguished Encoding Rules (DER) 241
Encoded Values 241
Strings and Dates 242
Bit Strings 243
Sequences and Sets: Grouping and Nesting ASN.1 Values 243
ASN.1 Explicit Tags 244
A Real-World Certificate Example 244
Using OpenSSL to Generate an RSA KeyPair and Certificate 244
Using OpenSSL to Generate a DSA KeyPair and Certificate 251
Developing an ASN.1 Parser 252
Converting a Byte Stream into an ASN.1 Structure 252
The asn1parse Code in Action 259
Turning a Parsed ASN.1 Structure into X.509 Certificate Components 264
Joining the X.509 Components into a Completed X. 509 Certificate Structure 268
Parsing Object Identifiers (OIDs) 270
Parsing Distinguished Names 271
Parsing Certificate Extensions 275
Signature Verification 279
Validating PKCS #7-Formatted RSA Signatures 280
Verifying a Self-Signed Certificate 281
Adding DSA Support to the Certificate Parser 286
Managing Certificates 292
How Authorities Handle Certificate Signing Requests (CSRs) 292
Correlating Public and Private Keys Using PKCS # 12
Formatting 293
Blacklisting Compromised Certificates Using Certificate Revocation Lists (CRLs) 294
Keeping Certificate Blacklists Up-to-Date with the Online Certificate Status Protocol (OCSP) 295
Other Problems with Certificates 296
Chapter 6 A Usable, Secure Communications Protocol: Client-Side TLS 297
Implementing the TLS 1.0 Handshake (Client Perspective) 299
Adding TLS Support to the HTTP Client 300
Understanding the TLS Handshake Procedure 303
TLS Client Hello 304
Tracking the Handshake State in the TLSParameters Structure 304
Describing Cipher Suites 308
Flattening and Sending the Client Hello Structure 309
TLS Server Hello 316
Adding a Receive Loop 317
Sending Alerts 318
Parsing the Server Hello Structure 319
Reporting Server Alerts 323
TLS Certificate 324
TLS Server Hello Done 328
TLS Client Key Exchange 329
Sharing Secrets Using TLS PRF (Pseudo-Random Function) 329
Creating Reproducible, Unpredictable Symmetric Keys with Master Secret Computation 336
RSA Key Exchange 337
Diffie-Hellman Key Exchange 343
TLS Change Cipher Spec 344
TLS Finished 346
Computing the Verify Message 347
Correctly Receiving the Finished Message 352
Secure Data Transfer with TLS 353
Assigning Sequence Numbers 353
Supporting Outgoing Encryption 355
Adding Support for Stream Ciphers 358
Updating Each Invocation of send_message 359
Decrypting and Authenticating 361
TLS Send 364
TLS Receive 365
Implementing TLS Shutdown 368
Examining HTTPS End-to-end Examples (TLS 1.0) 369
Dissecting the Client Hello Request 370
Dissecting the Server Response Messages 372
Dissecting the Key Exchange Message 373
Decrypting the Encrypted Exchange 374
Exchanging Application Data 377
Differences Between SSL 3.0 and TLS 1.0 378
Differences Between TLS 1.0 and TLS 1.1 379
Chapter 7 Adding Server-Side TLS 1.0 Support 381
Implementing the TLS 1.0 Handshake from the Server’s Perspective 381
TLS Client Hello 387
TLS Server Hello 390
TLS Certificate 391
TLS Server Hello Done 393
TLS Client Key Exchange 394
RSA Key Exchange and Private Key Location 395
Supporting Encrypted Private Key Files 399
Checking That Decryption was Successful 406
Completing the Key Exchange 407
TLS Change Cipher Spec 409
TLS Finished 409
Avoiding Common Pitfalls When Adding HTTPS Support to a Server 411
When a Browser Displays Errors: Browser Trust Issues 412
Chapter 8 Advanced SSL Topics 415
Passing Additional Information with Client Hello Extensions 415
Safely Reusing Key Material with Session Resumption 420
Adding Session Resumption on the Client Side 421
Requesting Session Resumption 422
Adding Session Resumption Logic to the Client 422
Restoring the Previous Session’s Master Secret 424
Testing Session Resumption 425
Viewing a Resumed Session 427
Adding Session Resumption on the Server Side 428
Assigning a Unique Session ID to Each Session 429
Adding Session ID Storage 429
Modifying parse_client_hello to Recognize Session Resumption Requests 433
Drawbacks of This Implementation 435
Avoiding Fixed Parameters with Ephemeral Key Exchange 436
Supporting the TLS Server Key Exchange Message 437
Authenticating the Server Key Exchange Message 439
Examining an Ephemeral Key Exchange Handshake 442
Verifying Identity with Client Authentication 448
Supporting the CertificateRequest Message 449
Adding Certificate Request Parsing Capability for the Client 450
Handling the Certificate Request 452
Supporting the Certificate Verify Message 453
Refactoring rsa_encrypt to Support Signing 453
Testing Client Authentication 458
Viewing a Mutually-Authenticated TLS Handshake 460
Dealing with Legacy Implementations: Exportable Ciphers 463
Export-Grade Key Calculation 463
Step-up Cryptography 465
Discarding Key Material Through Session Renegotiation 465
Supporting the Hello Request 466
Renegotiation Pitfalls and the Client Hello Extension 0xFF01 468
Defending Against the Renegotiation Attack 469
Implementing Secure Renegotiation 471
Chapter 9 Adding TLS 1.2 Support to Your TLS Library 479
Supporting TLS 1.2 When You Use RSA for the Key Exchange 479
TLS 1.2 Modifications to the PRF 481
TLS 1.2 Modifications to the Finished Messages Verify Data 483
Impact to Diffie-Hellman Key Exchange 485
Parsing Signature Types 485
Adding Support for AEAD Mode Ciphers 490
Maximizing Throughput with Counter Mode 490
Reusing Existing Functionality for Secure Hashes with CBC-MAC 494
Combining CTR and CBC-MAC into AES-CCM 496
Maximizing MAC Throughput with Galois-Field Authentication 502
Combining CTR and Galois-Field Authentication with AES-GCM 505
Authentication with Associated Data 510
Incorporating AEAD Ciphers into TLS 1.2 517
Working ECC Extensions into the TLS Library 523
ECDSA Certificate Parsing 527
ECDHE Support in TLS 533
ECC Client Hello Extensions 540
The Current State of TLS 1.2 540
Chapter 10 Other Applications of SSL 543
Adding the NTTPS Extension to the NTTP Algorithm 543
Implementing “Multi-hop” SMTP over TLS and Protecting Email Content with S/MIME 545
Understanding the Email Model 545
The SSL/TLS Design and Email 546
Multipurpose Internet Mail Extensions (MIME) 547
Protecting Email from Eavesdroppers with S/MIME 549
Securing Email When There Are Multiple Recipients 550
S/MIME Certificate Management 552
Securing Datagram Traffic 552
Securing the Domain Name System 553
Using the DNS Protocol to Query the Database 555
Disadvantages of the DNS Query 555
Preventing DNS Cache Poisoning with DNSSEC 556
TLS Without TCP — Datagram TLS 559
Supporting SSL When Proxies Are Involved 560
Possible Solutions to the Proxy Problem 560
Adding Proxy Support Using Tunneling 561
SSL with OpenSSL 564
Final Thoughts 566
Appendix A Binary Representation of Integers: A Primer 567
The Decimal and Binary Numbering Systems 567
Understanding Binary Logical Operations 568
The AND Operation 568
The OR Operation 569
The NOT Operation 569
The XOR Operation 569
Position Shifting of Binary Numbers 570
Two’s-Complement Representation of Negative Numbers 570
Big-Endian versus Little-Endian Number Formats 571
Appendix B Installing TCPDump and OpenSSL 573
Installing TCPDump 573
Installing TCPDump on a Windows System 574
Installing TCPDump on a Linux System 575
Installing OpenSSL 575
Installing OpenSSL on a Windows System 575
Installing OpenSSL on a Linux system 577
Appendix C Understanding the Pitfalls of SSLv 2 579
Implementing the SSL Handshake 582
SSL Client Hello 588
SSL Server Hello 592
SSL Client Master Key 600
SSL Client Finished 607
SSL Server Verify 612
SSL Server Finished 616
SSL send 617
SSL recv 617
Examining an HTTPS End-to-End Example 619
Viewing the TCPDump Output 619
Problems with SSLv 2 626
Man-in-the-Middle Attacks 626
Truncation Attacks 626
Same Key Used for Encryption and Authentication 626
No Extensions 627
Index 629
