SSL/TLS

All about the OSDev Wiki. Discussions about the organization and general structure of articles and how to use the wiki. Request changes here if you don't know how to use the wiki.
Post Reply
embryo2
Member
Member
Posts: 397
Joined: Wed Jun 03, 2015 5:03 am

Re: SSL/TLS

Post by embryo2 »

SpyderTL wrote:I think that the technical byte-by-byte packet definition of the SSL standard(s) deserves it's own page
In fact it's about mathematics. If you understand the math then it's simple to pack the bytes as required.

In case of RSA algorithm it's relatively simple. Just google the "RSA" and the first link is a good start for it. After understanding RSA it is possible to read about something more complex.
SpyderTL wrote:I understand that you understand how it all fits together, but someone just starting in OS Development or Network Security is going to have a hard time picking it apart.
The overall picture is relatively simple, so you can tell what doesn't fit in your head and we can help you. But if you want to understand the algorithms and why they are as they are then it's time to study a lot of mathematics. And that's why it is important to have an introductory page about security, where the big picture can be shown and links for further study can be provided.
My previous account (embryo) was accidentally deleted, so I have no chance but to use something new. But may be it was a good lesson about software reliability :)
Top
User avatar
SpyderTL
Member
Member
Posts: 1074
Joined: Sun Sep 19, 2010 10:05 pm

Re: SSL/TLS

Post by SpyderTL »

embryo2 wrote:The overall picture is relatively simple, so you can tell what doesn't fit in your head and we can help you. But if you want to understand the algorithms and why they are as they are then it's time to study a lot of mathematics. And that's why it is important to have an introductory page about security, where the big picture can be shown and links for further study can be provided.
I was just pointing out that there was a lot of technical information about the packets, themselves, that was missing, and would be needed to implement this in a hobby OS. It seemed like the article was, to use an analogy, jumping directly to HTML without first describing HTTP, or TCP/IP, or Ethernet. :)

lpoulain wrote:I've split the page into 3. I will also work on adding more details about the TLS packets.
Thanks. I think that works much better. I added a few enums and header structs as well. I'll try to add some more when I get some free time.

lpoulain wrote:But the best way to understand how they are formed is to examine at a TLS communication using Wireshark.

#-o

Please don't put that on the wiki page :)
Project: OZone
Source: GitHub
Current Task: LIB/OBJ file support
"The more they overthink the plumbing, the easier it is to stop up the drain." - Montgomery Scott
Top
embryo2
Member
Member
Posts: 397
Joined: Wed Jun 03, 2015 5:03 am

Re: SSL/TLS

Post by embryo2 »

SpyderTL wrote:I was just pointing out that there was a lot of technical information about the packets, themselves, that was missing, and would be needed to implement this in a hobby OS.
But the article is just an introduction and it would be too large if all details should be present. And there's the link to the TLS protocol specification. May be it's also can be helpful to add the wikipedia link.

It's more interesting how to separate OSDev wiki from the wikipedia.org, because there are some similar sections. Wikipedia.org provides some general information on the subject while OSDev wiki can provide something specific to OSDev, but it is also possible to describe something in a more clear manner than it is the case for wikipedia.org. In case of TLS I think there's nothing special for the OSDev wiki to provide, but for the security it's the important information how to design a secure OS, so it seems as a good idea to have OSDev specific security page.
My previous account (embryo) was accidentally deleted, so I have no chance but to use something new. But may be it was a good lesson about software reliability :)
Top
lpoulain
Member
Member
Posts: 38
Joined: Mon Dec 21, 2015 7:09 pm

Re: SSL/TLS

Post by lpoulain »

@SpyderTL: believe or not, the format of the TLS packets was the easiest part to code when I implemented TLS. The hardest part was how the crypto algorithms are used in practice by TLS, which is what I focused on the wiki. I might add a section about very large number computation (e.g. how to compute a ^ b mod c when using 1024-bit integers)

@Embryo2: If you manage to get a Security page stub referenced in the main wiki page I will gladly contribute to it (BTW it would be nice if the Networking page was referenced as well). But I feel like an InfoSec page found only by searching isn't likely to be read by many people, if any.
Top
User avatar
SpyderTL
Member
Member
Posts: 1074
Joined: Sun Sep 19, 2010 10:05 pm

Re: SSL/TLS

Post by SpyderTL »

The Security page is actually on the old "short" main page, but not on the new "expanded" main page. I've already asked to get it added to the new main page.

And it doesn't do any good to explain what values go in the packets without including "where" in the packet those values go...

I've added a few details already, but I'll add more when I get some time.
Project: OZone
Source: GitHub
Current Task: LIB/OBJ file support
"The more they overthink the plumbing, the easier it is to stop up the drain." - Montgomery Scott
Top
lpoulain
Member
Member
Posts: 38
Joined: Mon Dec 21, 2015 7:09 pm

Re: SSL/TLS

Post by lpoulain »

I have updated the Handshake page and described in greater detail what each message corresponds to. I couldn't always use some C code as the message size can vary.
Top
Post Reply

Return to “OSDev Wiki”