more documentation

3 files changed, 92 insertions, 2 deletions

diff --git a/doc/tex/Makefile.am b/doc/tex/Makefile.am
index 2e75795194..afcd846c45 100644
--- a/doc/tex/Makefile.am
+++ b/doc/tex/Makefile.am
@@ -4,7 +4,7 @@ EXTRA_DIST = gnutls.tex gnutls.ps gnutls.html  \
 	cover.tex.in
 
 TEX_OBJECTS = gnutls.tex ../../lib/gnutls-api.tex serv1.tex ex1.tex ex2.tex ex3.tex fdl.tex \
-	macros.tex cover.tex
+	macros.tex cover.tex ciphersuites.tex
 
 gnutls.ps: $(TEX_OBJECTS)
 	-$(LN_S) ../../lib/gnutls-api.tex .
diff --git a/doc/tex/ciphersuites.tex b/doc/tex/ciphersuites.tex
new file mode 100644
index 0000000000..de90f4b0b8
--- /dev/null
+++ b/doc/tex/ciphersuites.tex
@@ -0,0 +1,90 @@
+\newpage
+\section{TLS Cipher suites}
+\par 
+% \tls 1.0 supports ciphersuites like {\bf TLS\_DHE\_RSA\_WITH\_3DES\_CBC\_SHA}.
+These ciphersuites contain three parameters:
+\begin{itemize}
+\item The key exchange algorithm (DHE\_RSA in the example)
+\item The Symmetric encryption algorithm and mode (3DES\_CBC in this
+example)
+\item The MAC\footnote{MAC stands for Message Authentication Code. It can
+be described as a keyed hash algorithm} algorithm used for authentication.
+MAC-SHA is used in the above example.
+\end{itemize}
+
+\par The key exchange algorithms currently in the \tls protocol
+are:
+
+\par
+\begin{tabular}{|l|p{9cm}|}
+
+\hline
+RSA & The RSA algorithm is used to encrypt a key and send it to the peer.
+The certificate must allow the key to be used for encryption.
+\\
+\hline
+DHE\_RSA & The RSA algorithm is used to sign Ephemeral Diffie Hellman
+parameters which are send to the peer. The key in the certificate must allow
+the key to be used for signing 
+\\
+\hline
+DHE\_DSS & The DSS\footnote{DSS stands for Digital Signature Standard} algorithm is used to sign Ephemeral Diffie Hellman
+parameters which are send to the peer \\
+\hline
+DH\_DSS & Static Diffie Hellman parameters signed by a DSS certificate.
+\\
+\hline
+DH\_RSA & Static Diffie Hellman parameters signed by an RSA certificate.
+\\
+\hline
+DH\_ANON & Diffie Hellman parameters not signed. This key exchange method is
+vulnerable to man in the middle attack.
+\\
+\hline
+SRP\footnote{The SRP key exchange is not a part of the TLS 1.0 protocol} & Authentication using the SRP\footnote{SRP stands for Secure Remote Password protocol}
+protocol
+\\
+\hline
+\end{tabular}
+
+\addvspace{1.5cm}
+\par
+ The Bulk Cipher algorithms used in \gnutls are: 
+\par
+\begin{tabular}{|l|p{9cm}|}
+
+\hline
+3DES\_CBC & 3DES\_CBC is the DES block cipher algorithm used with multiple (triple)
+encryption (EDE). Has 64 bits block size and is used in CBC mode.
+\\
+\hline
+ARCFOUR & ARCFOUR\footnote{A compatible cipher with RC4 of RSADSI} is a
+fast stream cipher.
+\\
+\hline
+AES\_CBC & AES or RIJNDAEL is the block cipher algorithm that replaces the old 
+(and insecure\footnote{due to small key length}) DES algorithm. Has
+128 bits block size and is used in CBC mode.
+\\
+\hline
+TWOFISH\_CBC & TWOFISH is a block cipher algorithm by Counterpane. Has
+128 bits block size and is used in CBC mode.
+\\
+\hline
+\end{tabular}
+
+\addvspace{1.5cm}
+\par
+ The MAC\footnote{see RFC2104} algorithms used in \gnutls are: 
+\par
+\begin{tabular}{|l|p{9cm}|}
+
+\hline
+MAC\_MD5 & MD5 is a hash algorithm by Ron Rivest. Outputs 128 bits of data.
+\\
+\hline
+MAC\_SHA & SHA is a hash algorithm by NSA. Outputs 160 bits of data.
+\\
+\hline
+\end{tabular}
+
diff --git a/doc/tex/gnutls.tex b/doc/tex/gnutls.tex
index 04f8bd490e..ef919bd622 100644
--- a/doc/tex/gnutls.tex
+++ b/doc/tex/gnutls.tex
@@ -67,7 +67,7 @@ The following authentication schemas are supported in \gnutls:
  \item SRP authentication
 \end{enumerate}
 
-
+\input{ciphersuites}
 
 \section{Client Examples}
 This section contains examples of TLS and SSL clients, using \gnutls.