Personal tools

User:Eskuat

From MozillaWiki

Jump to: navigation, search

Hi, I'm Kuat Eshengazin.

On this page I will provide my progress on GSoC 2010 project which aims to add TLS 1.1 and TLS 1.2 support to NSS library

My mentor: Robert Relyea
Weekly reports: click here to see my progress

Timeline

Apr 26 - May 9 (2 weeks)
Thorough reading the TLS 1.1 spec, learning how the new features can be mapped to the code.

May 10 - May 24 (2 weeks)
Making changes to ClientHello, ServerHello and Record layer headers to advertise the support of
TLS 1.1 (as per Appendix E and subsections of 6.2 of the [3]).

May 25 - Jun 6 (2 weeks)
Coding the implicit IV for block ciphers (as per 6.2.3.2. of [3]). Micro patch ssl3_HandleRecord() to
return bad_record_mac(as per 7.2.2 of the [3]).
Need to make prematurely closed sessions resumable (as per 7.2.1 of the [3]) - at the moment not
sure how to implement this. Will take some time to research.
At this point I should be done with TLS 1.1

Jun 6 - Jun 20 (2 weeks)
Thorough reading the TLS 1.2 spec, learning how the new features can be mapped to the code.
Making changes to ClientHello, ServerHello and Record layer headers to advertise the support of
TLS 1.2 (as per Appendix E and subsections of 6.2 of the [4]).

Jun 21 - Jul 4 (2 weeks)
Coding changes in PRF to use P_SHA256 for TLS 1.2 sessions. Sending empty ClientCertificate
response when no clients certs are available (as per 7.4.6 of the [4]).

Jul 5 - Jul 18 (2 weeks)
Coding the support of algorithm field in digitally-signed elements (as per 4.7 of the [4])
Coding the support of varying length verify_data (as per 7.4.9 of the [4])

Jul 19 - Aug 8 (3 weeks)
Coding checks for EncryptedPreMasterSecret structure (as per 7.4.7.1 of the [4]).
Making TLS_RSA_WITH_AES_128_CBC_SHA "default" cipher suite (as per 9 of the [4])
[4] makes error alerts MUST in many cases, but I need some time to make a list of cases,
so accurate timing estimation will be available after some research.

Aug 9 - Aug 15 (1 week)
Cleaning up the code, writing required specs, preparing the demo tools for evaluation.


References

[0]. TLS 1.2 RFC
[1]. TLS 1.1 RFC
[2]. PKCS article on Wikipedia
[3]. "TLS 1.2 in PRF" thread on IETF's TLS mailing list
[4.] TLS Extensions RFC