Introduction xxvii

Chapter 1 Understanding Internet Security 1

What Are Secure Sockets? 2

"Insecure" Communications: Understanding the HTTP Protocol 4

Implementing an HTTP Client 5

Adding Support for HTTP Proxies 12

Reliable Transmission of Binary Data with Base64 Encoding 17

Implementing an HTTP Server 21

Roadmap for the Rest of This Book 27

Chapter 2 Protecting Against Eavesdroppers with Symmetric Cryptography 29

Understanding Block Cipher Cryptography Algorithms 30

Implementing the Data Encryption Standard (DES) Algorithm 31

DES Initial Permutation 34

DES Key Schedule 38

DES Expansion Function 40

DES Decryption 45

Padding and Chaining in Block Cipher Algorithms 46

Using the Triple-DES Encryption Algorithm to Increase Key Length 55

Faster Encryption with the Advanced Encryption Standard (AES) Algorithm 60

AES Key Schedule Computation 60

AES Encryption 67

Other Block Cipher Algorithms 83

Understanding Stream Cipher Algorithms 83

Understanding and Implementing the RC4 Algorithm 84

Chapter 3 Converting a Block Cipher to a Stream Cipher: The OFB and COUNTER Block-Chaining Modes 90

Secure Key Exchange over an Insecure Medium with Public Key Cryptography 91

Understanding the Theory Behind the RSA Algorithm 92

Performing Arbitrary Precision Binary Math to Implement Public-Key Cryptography 93

Implementing Large-Number Addition 93

Implementing Large-Number Subtraction 98

Implementing Large-Number Multiplication 101

Implementing Large-Number Division 106

Comparing Large Numbers 109

Optimizing for Modulo Arithmetic 112

Using Modulus Operations to Efficiently Compute Discrete Logarithms in a Finite Field 113

Encryption and Decryption with RSA 114

Encrypting with RSA 115

Decrypting with RSA 119

Encrypting a Plaintext Message 120

Decrypting an RSA-Encrypted Message 124

Testing RSA Encryption and Decryption 126

Achieving Perfect Forward Secrecy with Diffie-Hellman Key Exchange 130

Getting More Security per Key Bit: Elliptic Curve Cryptography 132

How Elliptic Curve Cryptography Relies on Modular Inversions 135

Using the Euclidean Algorithm to compute Greatest Common Denominators 135

Computing Modular Inversions with the Extended Euclidean Algorithm 137

Adding Negative Number Support to the Huge Number Library 138

Supporting Negative Remainders 147

Making ECC Work with Whole Integers: Elliptic-Curve Cryptography over Fp 150

Reimplementing Diffie-Hellman to Use ECC Primitives 150

Why Elliptic-Curve Cryptography? 154

Chapter 4 Authenticating Communications Using Digital Signatures 157

Using Message Digests to Create Secure Document Surrogates 158

Implementing the MD5 Digest Algorithm 159

Understanding MD 5 160

A Secure Hashing Example 161

Securely Hashing a Single Block of Data 166

MD5 Vulnerabilities 169

Increasing Collision Resistance with the SHA- 1

Digest Algorithm 171

Understanding SHA-1 Block Computation 171

Understanding the SHA-1 Input Processing Function 174

Understanding SHA-1 Finalization 176

Even More Collision Resistance with the SHA- 256

Digest Algorithm 180

Preventing Replay Attacks with the HMAC Keyed-Hash Algorithm 184

Implementing a Secure HMAC Algorithm 186

Completing the HMAC Operation 190

Creating Updateable Hash Functions 190

Defining a Digest Structure 191

Appending the Length to the Last Block 194

Computing the MD5 Hash of an Entire File 196

Where Does All of This Fit into SSL? 200

Understanding Digital Signature Algorithm (DSA) Signatures 201

Implementing Sender-Side DSA Signature Generation 202

Implementing Receiver-Side DSA Signature Verification 205

How to Make DSA Efficient 209

Getting More Security per Bit: Elliptic Curve DSA 210

Rewriting the Elliptic-Curve Math Functions to Support Large Numbers 211

Implementing ECDSA 215

Generating ECC Keypairs 218

Chapter 5 Creating a Network of Trust Using X.509 Certificates 221

Putting It Together: The Secure Channel Protocol 222

Encoding with ASN.1 225

Understanding Signed Certificate Structure 225

Version 226

serialNumber 227

signature 227

issuer 229

validity 232

subject 233

subjectPublicKeyInfo 235

extensions 237

Signed Certificates 238

Summary of X.509 Certificates 241

Transmitting Certificates with ASN.1 Distinguished Encoding Rules (DER) 241

Encoded Values 241

Strings and Dates 242

Bit Strings 243

Sequences and Sets: Grouping and Nesting ASN.1 Values 243

ASN.1 Explicit Tags 244

A Real-World Certificate Example 244

Using OpenSSL to Generate an RSA KeyPair and Certificate 244

Using OpenSSL to Generate a DSA KeyPair and Certificate 251

Developing an ASN.1 Parser 252

Converting a Byte Stream into an ASN.1 Structure 252

The asn1parse Code in Action 259

Turning a Parsed ASN.1 Structure into X.509 Certificate Components 264

Joining the X.509 Components into a Completed X. 509 Certificate Structure 268

Parsing Object Identifiers (OIDs) 270

Parsing Distinguished Names 271

Parsing Certificate Extensions 275

Signature Verification 279

Validating PKCS #7-Formatted RSA Signatures 280

Verifying a Self-Signed Certificate 281

Adding DSA Support to the Certificate Parser 286

Managing Certificates 292

How Authorities Handle Certificate Signing Requests (CSRs) 292

Correlating Public and Private Keys Using PKCS # 12

Formatting 293

Blacklisting Compromised Certificates Using Certificate Revocation Lists (CRLs) 294

Keeping Certificate Blacklists Up-to-Date with the Online Certificate Status Protocol (OCSP) 295

Other Problems with Certificates 296

Chapter 6 A Usable, Secure Communications Protocol: Client-Side TLS 297

Implementing the TLS 1.0 Handshake (Client Perspective) 299

Adding TLS Support to the HTTP Client 300

Understanding the TLS Handshake Procedure 303

TLS Client Hello 304

Tracking the Handshake State in the TLSParameters Structure 304

Describing Cipher Suites 308

Flattening and Sending the Client Hello Structure 309

TLS Server Hello 316

Adding a Receive Loop 317

Sending Alerts 318

Parsing the Server Hello Structure 319

Reporting Server Alerts 323

TLS Certificate 324

TLS Server Hello Done 328

TLS Client Key Exchange 329

Sharing Secrets Using TLS PRF (Pseudo-Random Function) 329

Creating Reproducible, Unpredictable Symmetric Keys with Master Secret Computation 336

RSA Key Exchange 337

Diffie-Hellman Key Exchange 343

TLS Change Cipher Spec 344

TLS Finished 346

Computing the Verify Message 347

Correctly Receiving the Finished Message 352

Secure Data Transfer with TLS 353

Assigning Sequence Numbers 353

Supporting Outgoing Encryption 355

Adding Support for Stream Ciphers 358

Updating Each Invocation of send_message 359

Decrypting and Authenticating 361

TLS Send 364

TLS Receive 365

Implementing TLS Shutdown 368

Examining HTTPS End-to-end Examples (TLS 1.0) 369

Dissecting the Client Hello Request 370

Dissecting the Server Response Messages 372

Dissecting the Key Exchange Message 373

Decrypting the Encrypted Exchange 374

Exchanging Application Data 377

Differences Between SSL 3.0 and TLS 1.0 378

Differences Between TLS 1.0 and TLS 1.1 379

Chapter 7 Adding Server-Side TLS 1.0 Support 381

Implementing the TLS 1.0 Handshake from the Server's Perspective 381

TLS Client Hello 387

TLS Server Hello 390

TLS Certificate 391

TLS Server Hello Done 393

TLS Client Key Exchange 394

RSA Key Exchange and Private Key Location 395

Supporting Encrypted Private Key Files 399

Checking That Decryption was Successful 406

Completing the Key Exchange 407

TLS Change Cipher Spec 409

TLS Finished 409

Avoiding Common Pitfalls When Adding HTTPS Support to a Server 411

When a Browser Displays Errors: Browser Trust Issues 412

Chapter 8 Advanced SSL Topics 415

Passing Additional Information with Client Hello Extensions 415

Safely Reusing Key Material with Session Resumption 420

Adding Session Resumption on the Client Side 421

Requesting Session Resumption 422

Adding Session Resumption Logic to the Client 422

Restoring the Previous Session's Master Secret 424

Testing Session Resumption 425

Viewing a Resumed Session 427

Adding Session Resumption on the Server Side 428

Assigning a Unique Session ID to Each Session 429

Adding Session ID Storage 429

Modifying parse_client_hello to Recognize Session Resumption Requests 433

Drawbacks of This Implementation 435

Avoiding Fixed Parameters with Ephemeral Key Exchange 436

Supporting the TLS Server Key Exchange Message 437

Authenticating the Server Key Exchange Message 439

Examining an Ephemeral Key Exchange Handshake 442

Verifying Identity with Client Authentication 448

Supporting the CertificateRequest Message 449

Adding Certificate Request Parsing Capability for the Client 450

Handling the Certificate Request 452