Security/CryptoEngineering

From MozillaWiki
< Security
Revision as of 20:12, 15 November 2016 by Dkeeler (talk | contribs) (add link to platform use of NSS improvements project)
Jump to navigation Jump to search

Last Updated: 3 Nov 2016

Crypto Engineering Projects

Our team's major projects are broken down by module:

NSS

NSS is the cryptography and transport security library that powers Firefox.

In 2016Q4 and 2017Q1 we're working on three aspects of NSS.

Improve Developer Ergonomics

NSS dates back to Netscape Navigator, and much of the infrastructure for working inside the codebase dated back nearly that far, making an artificially-high barrier to entry for new community contributors.

  • 2016 Q4: Change build systems to Gyp for dramatically faster builds, with an easier-to-maintain set of build scripts.
  • 2016 Q4: Move reviews to Phabricator.
    • MozReview's lack of a security-restricted mode makes it unacceptable
  • 2016 Q4: Semi-Automatic Branch Uplifts to Mozilla-Central, so that changes can be tested in Nightly.
  • 2016 Q4: [MWOS] Add new NSS demonstration code to show how to use NSS in a modern way.

Cleanup

Many things in NSS are old without being a barrier to community contribution.

  • 2016 Q4: Support ARM and ARM64 testing in TaskCluster.
    • While NSS is security-critical on all our platforms, historically we only found out about breakage in ARM platforms after the fact, so we're now treating ARM and ARM64 as first-class testing environments.
  • 2016 Q4: Support fuzzing the internal interfaces.
    • If you build security-critical code today, you plan to fuzz it from the start. NSS wasn't built that way, so it needs some adjustments to make it fuzzy on the inside.
  • 2016 Q4: Port the AES-NI speedup Linux-x86 assembly code to NASM and cross-assemble it for Windows and OSX.

New Functions

We're thought leaders in producing a more secure Internet; our software needs to keep up with our ideas.

  • 2016 Q4: Support TLS v1.3.
    • This is a major revision to the transport security specification, and a large boon for protecting our users from adversaries and surveillance.
  • 2016 Q4: Integrate BoGo's integration tests into NSS builds.
    • The automated tests for NSS are mostly unit tests. Integration testing was historically assumed to happen at Firefox, but that's limited. BoGo is a rich set of integration tests that can diagnose protocol issues during automated testing.
  • 2016 Q4: [MWOS] Implement Argon2 to provide a basis to modernize the Master Password in Firefox.
  • 2017 Q1: Post-Quantum Research and Development.
    • Mozilla is intending to join the efforts in developing cryptography that will remain secure once quantum computers come online. This is expected to be a long-duration R&D effort.

PSM

PSM performs the business logic of deciding whether a given secure network connection is actually trustworthy. It applies logic from the user's choices, the Mozilla Root Program, and the platform in order to make a trust determination. E.g., whether to show a connection as secure.

  • 2016 Q4 / 2017 Q1: Re-architect PSM/NSS interaction to eliminate shutdown crashes.
    • The interaction between PSM and NSS is extremely old, and doesn't follow the modern methods Gecko uses to initialize and shutdown modules. As such, NSS sometimes crashes when shutting down; this is a leading crash on Android. Fixing this is a substantial architectural change.
    • Details here: Platform Use of NSS
  • 2016 Q4 / 2017 Q1: Implement the SHA-1 Shutoff Plan.
    • The WebPKI is halting use of SHA-1 for publicly-trusted certificates. PSM will be enforcing that halt starting in early 2017.

Web Authentication

Password authentication is known to be a security liability on the Web. The W3C Web Authentication Working Group is developing a specification for using Scoped Credentials to supplement or replace passwords. Mozilla intends to implement Web Authentication (WebAuthn) specification.

  • 2016 Q2: FIDO U2F v1.1 JS API landed, hidden behind preferences.
  • 2016 Q4: Support USB HID U2F devices on Linux.
  • 2016 Q4: Draft WebAuthn JS API available, hidden behind a pref, using the Soft Token from U2F.
  • 2017 Q1: Support USB HID U2F devices on Windows / Mac OS X.
  • 2017 Q1: Integrate USB HID U2F devices with the WebAuthn JS API.
  • 2017 Q1-2: Update to the final implementation WebAuthn JS API.
Retrieved from "https://wiki.allizom.org/index.php?title=Security/CryptoEngineering&oldid=1154846"