Last updated at 8:39 pm UTC on 1 November 2006
The main goal is to provide the tools necessary so that anyone can successfully implement current cryptography into their application.
This page is a work in progress
Currently we are assembling a team, and setting team goals. for information contact: Ron@USMedRec.com
Also see our mailing list: http://lists.squeakfoundation.org/mailman/listinfo/cryptography
Cryptography Team Notes
information, information for both Common Criteria and FIPS.
- Identify and isolate Cryptographic classes and define SM package for base image classes.
- Maintain Current Cryptography Standards in the image.
- Make sure that the external package stays current with image implementations. (SHA1 and SecureHashAlgorithm are copies of each other but there were differences in implementations. I'm not sure why we need both but there you are.) If they export the same interface, it may be because of differences in processing speed on different platforms. If that's the case, we may need to implement x86, RISC, PowerPC, m68k, etc versions for when the processor is known. -Kyle H
- Fix errors in Cryptography in package or in image like ThrityTwoBitRegister, The byteArray appears to be implemented backwards. We will need rights to make/change assignments in Mantis.
- Get external US Government certification of Security for external package and image components.
- Research and add cryptography as necessary to stay current with cryptographic changes in the industry. Isn't this part of #2, above? -Kyle H
- Support CACert.
- Integrate Signatures and Encryption into Email Packages.
- Write Security Articles for cross promotion with squeak news team (and publish some articles outside this group for squeak promotion).
Start Cryptography list for people using the internal or external package for cryptographic news and alerts, or changes in implementations planned so that consumers of the cryptographic code can understand what changes are needed to integrate new code. This task is complete, firstname.lastname@example.org -Kyle H
- Support PGP
- Fix PKI
- Assess adding SFTP
- Review ANS1 (and voip or other high profile implementations for reference implementation) Is this ASN.1? PKI depends on it anyway if that's the case – we just need to support Basic, Distinct, and XML encoding rules. -Kyle H
- Support and Develop SUnit cases for everything.
- PKI Tasks
- Review Current Implementation
- Isolate classes and convert to Monticello Format
- Develop / Round out Streaming Protocol (similar to SSH or SSL)
- Add State machine
- Add PKI/Diffie Hellman Handshaking
- Project path:
- ASN1 implementation
- Compare Cincom's non comercial version to the Squeak Asn1 implementation
- Port Cincom's non comercial version features or entire package if necessary
- x509 version3
- Diffie Helmann (see 12.3b)
- AES, 3DES and various other block and symmetric ciphers.
- ssl / tls version 3 of ssl.
CC validation Notes
- Decide on the Protection Profile(s) we want to address
- Define the claims and security target (Most probably we would need 3-4 configurations)
- Start a function List and Test Matrix
- Where can we host a Wiki?
Here for now
- This will help us prove our case, so we should start this task ASAP
- Develop the ToE (Target of Evaluation – the software system that will be evaluated against the Protection Profile) -Kyle H
- Understand and document the CC process relevant to us. Read and mark the CC documents, talk with Labs et al
- Formal CC Validation effort
- List of PPs http://www.commoncriteriaportal.org/public/expert/index.php?menu=8
- I think we would fall under the Operating Systems - Single-Level Operating Systems in Medium Robustness Environments PP Note: we must meet all protection profile objectives for everything that the base system does, or provide an automated means of configuring those things out (key management, certificate management, etc) – Kyle H
- Section 3 contains the threats, security policy (SP), and the assumptions made about things that affect security.
- Section 4 contains the objectives to be met
- Section 5 has the cryptographic module requirements (and there are a LOT of them -Kyle H)
- Interesting to see how JavaCard has done it - with it's VM, configurations et al. http://java.sun.com/products/javacard/pp.html also available at http://www.commoncriteriaportal.org/public/expert/index.php?menu=8. A perhaps more legible reference can be found at http://niap.bahialab.com/cc-scheme/pp/index.cfm, which includes most of the same data.
We have a lot of work ahead of us. Among other things:
- get the VM team to start using an SVN export (tagging each exported release with source file revision information) for each release, instead of merely copying the data out of the development environment (as suggested they do at http://www.squeakvm.org/svn/squeak/trunk/platforms/win32/HowToBuild.txt).
- get a means to set a "security flag" within the image that places system tasks inside their own scheduler and outside the control of any user task
- make reflection of the cryptographic classes impossible
- create a means of preventing cryptographic operations from being interrupted by a "save image" process (thus possibly exposing plaintext key material or seeds in the image file)
- must generate a cryptographic signature of the image when it is saved, and verify it after it is saved
- must provide graceful fallback to prior versions of the image file
- must get a means of saving images to a round-robin collection of files
- must separate sysadmin and cryptadmin tasks
- must identify all possible object accesses (for example, debugging a running process, or debugging an unhandled exception), and determine a means of controlling access to them
This is just off the top of my head after reading the PP. There's a lot more, and it is going to take a lot of time to do... and what we come up with is only superficially going to resemble the current Squeak when we're done. -Kyle H