added missing files

2 files changed, 142 insertions, 0 deletions

diff --git a/doc/tex/auth.tex b/doc/tex/auth.tex
new file mode 100644
index 0000000000..16dcb02da6
--- /dev/null
+++ b/doc/tex/auth.tex
@@ -0,0 +1,83 @@
+\section{Authentication methods}
+\par
+The following authentication schemas are supported in \gnutls:
+\begin{enumerate}
+ \item X509 Public Key Infrastructure
+ \item Anonymous authentication
+ \item SRP authentication
+\end{enumerate}
+
+\subsection{Authentication using X.509 certificates}
+If using this kind of authentication then the key exchange methods
+shown in \hyperref{figure}{figure }{}{fig:x509} are
+available to use. Authentication in this method is performed using signed
+certificates by a trusted Certificate Authority (CA). Note that \gnutls is
+not a generic purpose X.509 toolkit\footnote{Aegypten is such a toolkit.}. 
+It does only include the required,
+in order to use the TLS ciphersuites which require X.509 certificates.
+
+\begin{figure}[hbtp]
+\begin{tabular}{|l|p{9cm}|}
+\hline
+RSA & The RSA algorithm is used to encrypt a key and send it to the peer.
+The certificate must allow the key to be used for encryption.
+\\
+\hline
+DHE\_RSA & The RSA algorithm is used to sign Ephemeral Diffie Hellman
+parameters which are send to the peer. The key in the certificate must allow
+the key to be used for signing 
+\\
+\hline
+DHE\_DSS & The DSS\footnote{DSS stands for Digital Signature Standard} algorithm is used to sign Ephemeral Diffie Hellman
+parameters which are send to the peer. Currently \gnutls does not support this ciphersuite.
+\\
+\hline
+\end{tabular}
+
+\caption{Supported X.509 key exchange algorithms}
+\label{fig:x509}
+
+\end{figure}
+
+\subsection{Anonymous authentication}
+The anonymous key exchanges perform encryption but there is no indication of the 
+identity of the peer. This kind of authentication is vulnerable to man in the middle attack, 
+but this protocol can be used even if there is no prior communication or common trusted
+parties with the peer. Unless really required, do not use anonymous authentication.
+Available key exchange methods are shown in \hyperref{figure}{figure }{}{fig:anon}.
+
+\begin{figure}[hbtp]
+\begin{tabular}{|l|p{9cm}|}
+
+\hline
+ANON\_DH & This algorithm exchanges Diffie Hellman parameters. 
+\\
+\hline
+\end{tabular}
+
+\caption{Supported anonymous key exchange algorithms}
+\label{fig:anon}
+
+\end{figure}
+
+\subsection{Authentication using SRP}
+Authentication using the SRP\footnote{SRP stands for Secure Password Protocol and 
+is described in RFC2945. The SRP key exchange is not a part of the TLS 1.0 protocol}
+is actually password authentication, since the two peers are identified by the knowledge 
+of a password. This protocol also offers protection against off-line attacks (password file stealing
+etc.). Use SRP authentication if password based authentication is required.
+Available key exchange methods are shown in \hyperref{figure}{figure }{}{fig:srp}.
+
+\begin{figure}[hbtp]
+\begin{tabular}{|l|p{9cm}|}
+
+\hline
+SRP & Authentication using the SRP protocol. 
+\\
+\hline
+\end{tabular}
+
+\caption{Supported SRP key exchange algorithms}
+\label{fig:srp}
+
+\end{figure}
diff --git a/doc/tex/ciphers.tex b/doc/tex/ciphers.tex
new file mode 100644
index 0000000000..a7a2945555
--- /dev/null
+++ b/doc/tex/ciphers.tex
@@ -0,0 +1,59 @@
+\section{Symmetric encryption algorithms}
+\par
+Confidentiality is provided by using block encryption algorithms like {\bf 3DES}, 
+{\bf AES\footnote{AES or Advanced Encryption Standard is actually the RIJNDAEL algorithm. This is the
+algorithm that will replace DES.}}, or
+stream algorithms like {\bf ARCFOUR\footnote{ARCFOUR is a compatible
+algorithm with RSA's RC4 algorithm.}} See \hyperref{fig:ciphers}{figure }{}{fig:ciphers} for a complete list. 
+Ciphers are encryption algorithms that use a single (secret) key
+to encrypt and decrypt data. Block algorithms in TLS also provide protection
+against statistical analysis of the data. \gnutls makes use of this property
+thus, if you're operating in TLS 1.0 mode, a random number of blocks will be
+appended to the data. This will prevent eavesdroppers from guessing the 
+actual data size.
+
+\begin{figure}[hbtp]
+\begin{tabular}{|l|p{9cm}|}
+
+\hline
+3DES\_CBC & 3DES\_CBC is the DES block cipher algorithm used with multiple (triple)
+encryption (EDE). Has 64 bits block size and is used in CBC mode.
+\\
+\hline
+ARCFOUR & ARCFOUR\footnote{A compatible cipher with RC4 of RSADSI} is a
+fast stream cipher.
+\\
+\hline
+AES\_CBC & AES or RIJNDAEL is the block cipher algorithm that replaces the old 
+(and insecure\footnote{due to small key length}) DES algorithm. Has
+128 bits block size and is used in CBC mode.
+\\
+\hline
+TWOFISH\_CBC & TWOFISH is a block cipher algorithm by Counterpane. Has
+128 bits block size and is used in CBC mode.
+\\
+\hline
+\end{tabular}
+\caption{Supported cipher algorithms}
+\label{fig:ciphers}
+\end{figure}
+
+
+
+\addvspace{1.5cm}
+
+\begin{figure}[hbtp]
+\begin{tabular}{|l|p{9cm}|}
+
+\hline
+MAC\_MD5 & MD5 is a hash algorithm by Ron Rivest. Outputs 128 bits of data.
+\\
+\hline
+MAC\_SHA & SHA is a hash algorithm by NSA. Outputs 160 bits of data.
+\\
+\hline
+\end{tabular}
+\caption{Supported MAC algorithms}
+\label{fig:mac}
+\end{figure}
+