/hotplace

study RFCs (JOSE, CBOR, COSE, HTTP and etc)

Primary LanguageC++Apache License 2.0Apache-2.0

hotplace

implemented

  • Authenticode (1. for Digital Certificate verification 2. plugin_msi, plugin_cabinet not included)

    • sdk/crypto/authenticode/
    • test/authenticode/
  • RFC 7049 Concise Binary Object Representation (CBOR)

  • RFC 8949 Concise Binary Object Representation (CBOR)

    • sdk/io/cbor/
    • test/cbor/
  • RFC 7515 JSON Web Signature (JWS)

  • RFC 7516 JSON Web Encryption (JWE)

  • RFC 7517 JSON Web Key (JWK)

  • RFC 7518 JSON Web Algorithms (JWA)

  • RFC 7520 Examples of Protecting Content Using JSON Object Signing and Encryption (JOSE)

  • RFC 8037 CFRG Elliptic Curve Diffie-Hellman (ECDH) and Signatures in JSON Object Signing and Encryption (JOSE)

    • sdk/crypto/jose/
    • test/jose/
  • RFC 8152 CBOR Object Signing and Encryption (COSE)

  • RFC 8230 Using RSA Algorithms with CBOR Object Signing and Encryption (COSE) Messages

  • RFC 8392 CBOR Web Token (CWT)

  • RFC 8812 CBOR Object Signing and Encryption (COSE) and JSON Object Signing and Encryption (JOSE) Registrations for Web Authentication (WebAuthn) Algorithms

  • RFC 9052 CBOR Object Signing and Encryption (COSE): Structures and Process

  • RFC 9053 CBOR Object Signing and Encryption (COSE): Initial Algorithms

  • RFC 9338 CBOR Object Signing and Encryption (COSE): Countersignatures

    • sdk/crypto/cose/
    • test/cose/
  • RFC 7541 HPACK: Header Compression for HTTP/2

    • sdk/net/http/http2
    • test/hpack
    • test/httpserver2

applied

  • Pattern Search (KMP algorithm, Trie, Suffix Tree, Ukkonen algorithm, Aho-Corasick algorithm)

    • sdk/base/nostd/
    • test/pattern/
    • test/parser/
  • RFC 4648 The Base16, Base32, and Base64 Data Encodings

    • sdk/io/basic/
    • test/encode/
  • RFC 2144 The CAST-128 Encryption Algorithm (May 1997)

  • RFC 2612 The CAST-256 Encryption Algorithm (June 1999)

  • RFC 3217 Triple-DES and RC2 Key Wrapping (December 2001)

  • RFC 3394 Advanced Encryption Standard (AES) Key Wrap Algorithm (September 2002)

  • RFC 3610 Counter with CBC-MAC (CCM)

  • RFC 4615 The Advanced Encryption Standard-Cipher-based Message Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128) Algorithm for the Internet Key Exchange Protocol (IKE)

  • RFC 4772 Security Implications of Using the Data Encryption Standard (DES) (December 2006)

  • RFC 5649 Advanced Encryption Starndard (AES) Key Wrap with Padding Algorithm (September 2009)

  • RFC 5794 A Description of the ARIA Encryption Algorithm (March 2010)

  • RFC 5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF)

  • RFC 6070 PKCS #5: Password-Based Key Derivation Function 2 (PBKDF2) Test Vectors

  • RFC 7539 ChaCha20 and Poly1305 for IETF Protocols

  • RFC 7914 The scrypt Password-Based Key Derivation Function

  • RFC 8017 PKCS #1: RSA Cryptography Specifications Version 2.2

  • RFC 8439 ChaCha20 and Poly1305 for IETF Protocols

  • RFC 9106 Argon2 Memory-Hard Function for Password Hashing and Proof-of-Work Applications

  • Authenticated Encryption with AES-CBC and HMAC-SHA

    • sdk/crypto/basic/
    • test/crypto/
    • test/kdf/
  • RFC 2104 HMAC: Keyed-Hashing for Message Authentication

  • RFC 4226 HOTP: An HMAC-Based One-Time Password Algorithm

  • RFC 4231 HMAC-SHA Identifiers and Test Vectors December 2005

  • RFC 4493 The AES-CMAC Algorithm

  • RFC 6238 TOTP: Time-Based One-Time Password Algorithm

  • RFC 6979 Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)

  • NIST CAVP (Cryptographic Algorithm Validation Program) ECDSA

    • sdk/crypto/basic/
    • test/hash/
    • test/sign/
  • RFC 1951 DEFLATE Compressed Data Format Specification version 1.3

  • RFC 1952 GZIP file format specification version 4.3

  • RFC 1945 Hypertext Transfer Protocol -- HTTP/1.0

  • RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1

  • RFC 2069 An Extension to HTTP : Digest Access Authentication

  • RFC 2396 Uniform Resource Identifiers (URI): Generic Syntax

  • RFC 2616 Hypertext Transfer Protocol -- HTTP/1.1

  • RFC 2617 HTTP Authentication: Basic and Digest Access Authentication

  • RFC 6749 OAuth 2.0

  • RFC 6750 The OAuth 2.0 Authorization Framework: Bearer Token Usage

  • RFC 7616 HTTP Digest Access Authentication

    • sdk/net/http/
    • test/httpserver/
    • test/httpauth/
    • test/httptest/
  • RFC 7540 Hypertext Transfer Protocol Version 2 (HTTP/2)

  • RFC 7301 Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension

  • RFC 9113 HTTP/2

    • sdk/net/http/http2/
    • sdk/net/tls/
    • test/payload/
    • test/hpack/
    • test/httpserver2/
  • RFC 7638 3.1. Example JWK Thumbprint Computation

    • test/jose/
  • RFC 8446 The Transport Layer Security (TLS) Protocol Version 1.3

  • RFC 8996 Deprecating TLS 1.0 and TLS 1.1

    • sdk/net/tls/
    • test/tlsserver/
  • IEEE 754

    • test/ieee754/

not applied

studying

  • RFC 2817 Upgrading to TLS Within HTTP/1.1

  • RFC 4347 Datagram Transport Layer Security

  • RFC 6347 Datagram Transport Layer Security Version 1.2

  • RFC 9147 The Datagram Transport Layer Security (DTLS) Protocol Version 1.3

  • RFC 9204 QPACK: Field Compression for HTTP/3

  • RFC 9114 HTTP/3

  • ITU-T X.680-X.699

    • X.680-X.693 : Information Technology - Abstract Syntax Notation One (ASN.1) & ASN.1 encoding rules
      • Recommendation X.680-X.693 (02/21)
    • ASN.1 (Abstract Syntax Notation One) is the international standard for representing data types and structures.
      • ITU-T X.680 ISO/IEC 8824-1 Abstract Syntax Notation One (ASN.1): Specification of basic notation
      • ITU-T X.681 ISO/IEC 8824-2 Abstract Syntax Notation One (ASN.1): Information object specification
      • ITU-T X.682 ISO/IEC 8824-3 Abstract Syntax Notation One (ASN.1): Constraint specification
      • ITU-T X.683 ISO/IEC 8824-4 Abstract Syntax Notation One (ASN.1): Parameterization of ASN.1 specifications
      • ITU-T X.690 ISO/IEC 8825-1 ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)
      • ITU-T X.691 ISO/IEC 8825-2 ASN.1 encoding rules: Specification of Packed Encoding Rules (PER)
      • ITU-T X.692 ISO/IEC 8825-3 ASN.1 encoding rules: Specification of Encoding Control Notation (ECN)
      • ITU-T X.693 ISO/IEC 8825-4 ASN.1 encoding rules: XML Encoding Rules (XER)
  • Neural Networks / Machine Learning

    • sketch repository (private, spin off, in progress)

next time

  • RFC 1951 DEFLATE Compressed Data Format Specification version 1.3

  • RFC 1952 GZIP file format specification version 4.3

  • RFC 7932 Brotli Compressed Data Format

  • RFC 8478 Zstandard Compression and the application/zstd Media Type

  • RFC 8878 Zstandard Compression and the 'application/zstd' Media Type

  • RFC 9114 HTTP/3

  • RFC 8778 Use of the HSS/LMS Hash-Based Signature Algorithm with CBOR Object Signing and Encryption (COSE)

  • RFC 9021 Use of the Walnut Digital Signature Algorithm with CBOR Object Signing and Encryption (COSE)

  • RFC 9054 CBOR Object Signing and Encryption (COSE): Hash Algorithms

  • RFC 9360 CBOR Object Signing and Encryption (COSE): Header Parameters for Carrying and Referencing X.509 Certificates

build

  • platform support - mingw, linux
  • packages to install
    • gcc, g++, binutils, cmake, gdb
    • openssl-devel jansson-devel zlib-devel unixodbc (MINGW)
    • openssl-devel jansson zlib-devel unixodbc-devel (Rocky/CentOS/RHEL)
    • libssl-dev libjansson-dev zlib1g-dev unixodbc-dev (ubuntu)
    • valgrind (linux)
    • clang-tools-extra
  • build script
    • cd hotplace
    • ./make.sh debug pch
  • os support
    • tested
      • RHEL 7 and newer, (including CentOS, Rocky Linux)
      • ubuntu 20.04 and newer
      • mingw
      • Fedora Core release 4 (Stentz) w/ custom toolchain (GCC 4.8)

custom toolchain

openssl

  • important

    • openssl 1.1.1 or newer
      • RSA-OAEP-256
      • Ed25519 Ed448 X25519 X448
      • sha3
    • openssl 3.0, 3.1
      • EVP_CIPHER_fetch/EVP_CIPHER_free, EVP_MD_fetch/EVP_MD_free
      • truncated sha ("sha2-512/224", "sha2-512/256")
      • failed to load PEM file containing HMAC private key
    • openssl 3.2
      • argon2d, argon2i, argon2id
    • custom build required in RHEL (RHEL, centos, rocky) and older version
      • -fPIC required
      • algoritm test, random SEGV, ctr_update SEGV (older linux), ...
  • how to custom build

    • build custom openssl (example)
      • install perl
        • $ sudo yum install perl
      • download openssl
      • extract and unzip
        • $ tar xvfz openssl-1.1.1w.tar.gz
      • cd
        • $ cd openssl-1.1.1v
      • prefix variable
        • never overwrite system libraries (must not set install_dir=/usr)
        • RHEL openssl package customized (krb, kdf ??)
        • $ install_dir=somewhere/thirdparty
      • configure linux ex.
        • $ ./Configure linux-x86_64 enable-idea enable-bf enable-seed --prefix=${install_dir} --with-rand-seed=devrandom -D__USE_UNIX98=1 -D_GNU_SOURCE=1 no-egd shared
      • configure mingw ex.
        • $ ./Configure mingw64 enable-idea enable-bf enable-seed --prefix=${install_dir} --with-rand-seed=os -D__USE_UNIX98=1 -D_GNU_SOURCE=1 no-egd shared
      • make
        • $ make
      • openssl SEGV ctr_update - FC4, centos5
        • $ touch crypto/rand/drbg_ctr.c
        • $ make
      • no thanks man pages
        • $ make install_sw install_ssldirs

jansson

  • build custom jansson (example)
    • see https://github.com/akheron/jansson
    • aclocal; autoheader; autoconf;
    • libtoolize --automake --copy --force
    • automake --foreign --copy --add-missing
    • $ install_dir=somewhere/thirdparty
    • ./configure --prefix=${install_dir} --enable-static --enable-shared CPPFLAGS="-fPIC"
    • make
    • make install

FC4 custom toolchain

  • toolchain dependencies
    • cmake (2.8.10.2)
    • perl (5.10.0)
    • m4 (1.4.13)
    • autoconf (2.65)
    • automake (1.16.4)
    • libtool (1.5.2)
    • make (3.80)
    • gmp (4.3.2)
    • mpfr (2.4.2)
    • mpc (1.0.3)
    • isl (0.10)
    • binutils (2.18)
    • gcc (4.8.5)

link