[ANN] Working SSL In Squeak

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

[ANN] Working SSL In Squeak

Ron Teitelbaum

All,

 

A while back I started an implementation of TLS 1.2.  Rob Withers joined the effort a few weeks ago and is has made terrific progress.  He reorganized everything, added a proper protocol stack, and now has the certificates working.

 

Our version now works with SSL3.0 and TLS 1.1, and DH or RSA using x509v3 Certificates.  There are still a number of things that need to be done but we can now use squeak to connect as an SSL server and/or client.  See the examples in the workspace that opens when you load the code.  You will find our implementation at www.squeaksource.com/Cryptography.  There are two Monticello Configuration files available to make loading easier.  Load Cryptography-Configuration.mcm, and then Crypt-Xtra-Config.mcm.  

 

We could use some help with testing, code review, documentation or any other help you would like to offer.

 

There is also support for MS CryptoAPI and CertificateStores for Microsoft in the MSCert package.  In the future I will be working on integrating this functionality.  I will also be adding support for KomHttp which is mostly completed but needs to be updated to support Rob’s new version.

 

We hope you find this useful and will keep us updated on your use and issues with our implementation.  If you have any questions please let us know.  Also again we would like to invite anyone with interest or experience with cryptography to join our Cryptography Team at http://lists.squeakfoundation.org/mailman/listinfo/cryptography .

 

Thanks and enjoy,

 

Ron Teitelbaum

President / Principal Software Engineer

US Medical Record Specialists

www.USMedRec.com

[hidden email]

Squeak Cryptography Team Leader

 

 

 


_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

Re: [ANN] Working SSL In Squeak

Rob Withers
Hi all,

Let me add a few things to Ron's announcement.  First off I added a HttpsUrl class and support to retrieve pages with these Urls.  So you can do the following:

'https://www.fidelity.com' asUrl retrieveContents.

I tried to add support for a POST command, but I couldn't really test it because I couldn't find a WebBrowser.  Do we still have one?  I wanted to do my online banking in squeak! :-)

Second, without a patch the Monticello configurations won't work.  Let me list the packages needed from the Cryptography repository.  Load, in order:

CryptographyBase
Cryptography-Core
Cryptography-DES
Cryptography-DSA
Cryptography-ElGamal
Cryptography-RSA
Cryptography-SHA1
Cryptography-RC4
Cryptography-MD5
Cryptography-ASN1
Cryptography-X509
Cryptography-SSL


Lastly. you will need a DESPlugin, which you can find here: http://minnow.cc.gatech.edu/squeak/2410, including an updated one for Linux.

cheers,
Robert



On Oct 2, 2006, at 7:28 AM, Ron Teitelbaum wrote:

All,

 

A while back I started an implementation of TLS 1.2.  Rob Withers joined the effort a few weeks ago and is has made terrific progress.  He reorganized everything, added a proper protocol stack, and now has the certificates working.

 

Our version now works with SSL3.0 and TLS 1.1, and DH or RSA using x509v3 Certificates.  There are still a number of things that need to be done but we can now use squeak to connect as an SSL server and/or client.  See the examples in the workspace that opens when you load the code.  You will find our implementation at www.squeaksource.com/Cryptography.  There are two Monticello Configuration files available to make loading easier.  Load Cryptography-Configuration.mcm, and then Crypt-Xtra-Config.mcm.  

 

We could use some help with testing, code review, documentation or any other help you would like to offer.

 

There is also support for MS CryptoAPI and CertificateStores for Microsoft in the MSCert package.  In the future I will be working on integrating this functionality.  I will also be adding support for KomHttp which is mostly completed but needs to be updated to support Rob’s new version.

 

We hope you find this useful and will keep us updated on your use and issues with our implementation.  If you have any questions please let us know.  Also again we would like to invite anyone with interest or experience with cryptography to join our Cryptography Team athttp://lists.squeakfoundation.org/mailman/listinfo/cryptography .

 

Thanks and enjoy,

 

Ron Teitelbaum

President / Principal Software Engineer

US Medical Record Specialists

www.USMedRec.com

[hidden email]

Squeak Cryptography Team Leader

 

 

 




_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

Re:[croquet] [ANN] Working SSL In Squeak

Rob Withers
In reply to this post by Ron Teitelbaum
Hi all,

Let me add a few things to Ron's announcement.  First off I added a HttpsUrl class and support to retrieve pages with these Urls.  So you can do the following:

'https://www.fidelity.com' asUrl retrieveContents.

I tried to add support for a POST command, but I couldn't really test it because I couldn't find a WebBrowser.  Do we still have one?  I wanted to do my online banking in squeak! :-)

Second, without a patch the Monticello configurations won't work.  Let me list the packages needed from the Cryptography repository.  Load, in order:

CryptographyBase
Cryptography-Core
Cryptography-DES
Cryptography-DSA
Cryptography-ElGamal
Cryptography-RSA
Cryptography-SHA1
Cryptography-RC4
Cryptography-MD5
Cryptography-ASN1
Cryptography-X509
Cryptography-SSL


Lastly. you will need a DESPlugin, which you can find here: http://minnow.cc.gatech.edu/squeak/2410, including an updated one for Linux.

cheers,
Robert



On Oct 2, 2006, at 7:28 AM, Ron Teitelbaum wrote:

All,

 

A while back I started an implementation of TLS 1.2.  Rob Withers joined the effort a few weeks ago and is has made terrific progress.  He reorganized everything, added a proper protocol stack, and now has the certificates working.

 

Our version now works with SSL3.0 and TLS 1.1, and DH or RSA using x509v3 Certificates.  There are still a number of things that need to be done but we can now use squeak to connect as an SSL server and/or client.  See the examples in the workspace that opens when you load the code.  You will find our implementation at www.squeaksource.com/Cryptography.  There are two Monticello Configuration files available to make loading easier.  Load Cryptography-Configuration.mcm, and then Crypt-Xtra-Config.mcm.  

 

We could use some help with testing, code review, documentation or any other help you would like to offer.

 

There is also support for MS CryptoAPI and CertificateStores for Microsoft in the MSCert package.  In the future I will be working on integrating this functionality.  I will also be adding support for KomHttp which is mostly completed but needs to be updated to support Rob’s new version.

 

We hope you find this useful and will keep us updated on your use and issues with our implementation.  If you have any questions please let us know.  Also again we would like to invite anyone with interest or experience with cryptography to join our Cryptography Team athttp://lists.squeakfoundation.org/mailman/listinfo/cryptography .

 

Thanks and enjoy,

 

Ron Teitelbaum

President / Principal Software Engineer

US Medical Record Specialists

www.USMedRec.com

[hidden email]

Squeak Cryptography Team Leader

 

 

 



Reply | Threaded
Open this post in threaded view
|

Re: [ANN] Working SSL In Squeak

Hans-Martin Mosner
In reply to this post by Rob Withers
Robert Withers schrieb:
> Hi Stef,
>
> The DESPlugin implements the DES cryptography algorithm, which has
> basically two parts.  Key preparation, which DES calls "cooking the
> key", and transformation, where it takes the cooked key and the input
> block and encrypts it or decrypts it.  I have always wished that there
> were an in-image implementation so that the plugin isn't required when
> doing DES, but it hasn't happened yet.  Something to work on,
> perhaps.  Note that I didn't write it, I am only a user.
The in-image implementation existed as part of my OpenPGP efforts, and
I've now ported it to the Cryptography framework.
Load the MC packages CryptographyBase-hmm.18 and Cryptography-DES-hmm.3
to use it.

BTW, the SSL example workspace assumes that #asURL is able to create a
HttpsUrl. But that ain't so. Looking at the #asUrl code, I saw that at
least in 3.8.1 this is not written with extensions in mind. Does 3.9
have a more extensible method there? (I'm too tired to look myself right
now).

Cheers,
Hans-Martin
_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

RE: Re: [ANN] Working SSL In Squeak

Ron Teitelbaum
Hans-Martin,

That's terrific.  Did you get any sense of the performance difference?  I
understood that the reason for the DLL in the first place was performance;
I'm guessing that with current computer speeds the performance is now
adequate?  

Did you make any progress on openPGP?

Ron

> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of
> Hans-Martin Mosner
> Sent: Monday, October 02, 2006 5:20 PM
> To: The general-purpose Squeak developers list; Cryptography Team
> Development List
> Subject: [Cryptography Team] Re: [ANN] Working SSL In Squeak
>
> Robert Withers schrieb:
> > Hi Stef,
> >
> > The DESPlugin implements the DES cryptography algorithm, which has
> > basically two parts.  Key preparation, which DES calls "cooking the
> > key", and transformation, where it takes the cooked key and the input
> > block and encrypts it or decrypts it.  I have always wished that there
> > were an in-image implementation so that the plugin isn't required when
> > doing DES, but it hasn't happened yet.  Something to work on,
> > perhaps.  Note that I didn't write it, I am only a user.
> The in-image implementation existed as part of my OpenPGP efforts, and
> I've now ported it to the Cryptography framework.
> Load the MC packages CryptographyBase-hmm.18 and Cryptography-DES-hmm.3
> to use it.
>
> BTW, the SSL example workspace assumes that #asURL is able to create a
> HttpsUrl. But that ain't so. Looking at the #asUrl code, I saw that at
> least in 3.8.1 this is not written with extensions in mind. Does 3.9
> have a more extensible method there? (I'm too tired to look myself right
> now).
>
> Cheers,
> Hans-Martin
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography


_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

Re: Re: [ANN] Working SSL In Squeak

Hans-Martin Mosner
Ron Teitelbaum schrieb:
> Hans-Martin,
>
> That's terrific.  Did you get any sense of the performance difference?  I
> understood that the reason for the DLL in the first place was performance;
> I'm guessing that with current computer speeds the performance is now
> adequate?  
>  
I did not do any comparison because I did not yet download the DES
plugin - just wanted to make this thing work in the unit tests before
going to bed :-) I just added a very thin layer (mostly converting from
ByteArrays to LargeIntegers and vice versa) to use my old code mostly
unchanged. The performance can probably be improved a bit by changing
that old code to directly work with ByteArrays.
> Did you make any progress on openPGP?
>  
No, but I will probably take this opportunity to work some more on that.

Cheers,
Hans-Martin
_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

Re: [ANN] Working SSL In Squeak

Rob Withers
In reply to this post by Hans-Martin Mosner
Hi,

On Oct 2, 2006, at 2:20 PM, Hans-Martin Mosner wrote:

> The in-image implementation existed as part of my OpenPGP efforts, and
> I've now ported it to the Cryptography framework.
> Load the MC packages CryptographyBase-hmm.18 and Cryptography-DES-
> hmm.3
> to use it.

I tested it too, with SSL, and it works great!  Thanks!  No plugin  
needed, now.


> BTW, the SSL example workspace assumes that #asURL is able to create a
> HttpsUrl. But that ain't so. Looking at the #asUrl code, I saw that at
> least in 3.8.1 this is not written with extensions in mind. Does 3.9
> have a more extensible method there? (I'm too tired to look myself  
> right
> now).

In the Cryptography-SSL Extensions, I overwrote Url  
class>>#urlClassForScheme: to include 'https' mapped to the new  
HttpsUrl class.  This only works if you have SSL loaded, of course.

I also added HierarchicalUrl>>#= and changed HTTPSocket  
class>>#expandUrl:ip:port: to provide an ability to HttpsSocket to  
redirect and also to detect infinite redirections, which I  
experienced on one of my test urls.  Unfortunately, I could not  
update HTTPSocket class>>#httpGetDocument:args:accept:request: to  
take advantage.  It loses the value of CrLf, for some reason.  I only  
barely added support to the HttpsSocket, so these things will change,  
I'm sure.

Cheers,
Robert

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

Re: Re: [ANN] Working SSL In Squeak

Hans-Martin Mosner
In reply to this post by Hans-Martin Mosner
Hans-Martin Mosner schrieb:
>
> I did not do any comparison because I did not yet download the DES
> plugin - just wanted to make this thing work in the unit tests before
> going to bed :-) I just added a very thin layer (mostly converting from
> ByteArrays to LargeIntegers and vice versa) to use my old code mostly
> unchanged. The performance can probably be improved a bit by changing
> that old code to directly work with ByteArrays.
>  
Ok, I did some measurements. Results are pretty disappointing.
Squeak on my AMD 3800+ processor encrypts 32 KBytes using 3DES CBC mode
in about 8 seconds - unusable for anything but a proof-of-concept.
Therefore I think that DES (and maybe some other small cryptographic
primitives) should be part of the base VM.

Cheers,
Hans-Martin
_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

RE: Re: [ANN] Working SSL In Squeak

Ron Teitelbaum
I'll post the bug and stir the pot.

Ron

> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of
> Hans-Martin Mosner
> Sent: Wednesday, October 11, 2006 4:54 PM
> To: Cryptography Team Development List
> Subject: Re: [Cryptography Team] Re: [ANN] Working SSL In Squeak
>
> Hans-Martin Mosner schrieb:
> >
> > I did not do any comparison because I did not yet download the DES
> > plugin - just wanted to make this thing work in the unit tests before
> > going to bed :-) I just added a very thin layer (mostly converting from
> > ByteArrays to LargeIntegers and vice versa) to use my old code mostly
> > unchanged. The performance can probably be improved a bit by changing
> > that old code to directly work with ByteArrays.
> >
> Ok, I did some measurements. Results are pretty disappointing.
> Squeak on my AMD 3800+ processor encrypts 32 KBytes using 3DES CBC mode
> in about 8 seconds - unusable for anything but a proof-of-concept.
> Therefore I think that DES (and maybe some other small cryptographic
> primitives) should be part of the base VM.
>
> Cheers,
> Hans-Martin
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography


_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography