From bb8c0fd417589d67be1f5aabe9b8895aaa55eced Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Tue, 25 Sep 2001 17:55:21 +0000 Subject: more documentation --- doc/tex/Makefile.am | 2 +- doc/tex/ciphersuites.tex | 90 ++++++++++++++++++++++++++++++++++++++++++++++++ doc/tex/gnutls.tex | 2 +- 3 files changed, 92 insertions(+), 2 deletions(-) create mode 100644 doc/tex/ciphersuites.tex diff --git a/doc/tex/Makefile.am b/doc/tex/Makefile.am index 2e75795194..afcd846c45 100644 --- a/doc/tex/Makefile.am +++ b/doc/tex/Makefile.am @@ -4,7 +4,7 @@ EXTRA_DIST = gnutls.tex gnutls.ps gnutls.html \ cover.tex.in TEX_OBJECTS = gnutls.tex ../../lib/gnutls-api.tex serv1.tex ex1.tex ex2.tex ex3.tex fdl.tex \ - macros.tex cover.tex + macros.tex cover.tex ciphersuites.tex gnutls.ps: $(TEX_OBJECTS) -$(LN_S) ../../lib/gnutls-api.tex . diff --git a/doc/tex/ciphersuites.tex b/doc/tex/ciphersuites.tex new file mode 100644 index 0000000000..de90f4b0b8 --- /dev/null +++ b/doc/tex/ciphersuites.tex @@ -0,0 +1,90 @@ +\newpage +\section{TLS Cipher suites} +\par +% \tls 1.0 supports ciphersuites like {\bf TLS\_DHE\_RSA\_WITH\_3DES\_CBC\_SHA}. +These ciphersuites contain three parameters: +\begin{itemize} +\item The key exchange algorithm (DHE\_RSA in the example) +\item The Symmetric encryption algorithm and mode (3DES\_CBC in this +example) +\item The MAC\footnote{MAC stands for Message Authentication Code. It can +be described as a keyed hash algorithm} algorithm used for authentication. +MAC-SHA is used in the above example. +\end{itemize} + +\par The key exchange algorithms currently in the \tls protocol +are: + +\par +\begin{tabular}{|l|p{9cm}|} + +\hline +RSA & The RSA algorithm is used to encrypt a key and send it to the peer. +The certificate must allow the key to be used for encryption. +\\ +\hline +DHE\_RSA & The RSA algorithm is used to sign Ephemeral Diffie Hellman +parameters which are send to the peer. The key in the certificate must allow +the key to be used for signing +\\ +\hline +DHE\_DSS & The DSS\footnote{DSS stands for Digital Signature Standard} algorithm is used to sign Ephemeral Diffie Hellman +parameters which are send to the peer \\ +\hline +DH\_DSS & Static Diffie Hellman parameters signed by a DSS certificate. +\\ +\hline +DH\_RSA & Static Diffie Hellman parameters signed by an RSA certificate. +\\ +\hline +DH\_ANON & Diffie Hellman parameters not signed. This key exchange method is +vulnerable to man in the middle attack. +\\ +\hline +SRP\footnote{The SRP key exchange is not a part of the TLS 1.0 protocol} & Authentication using the SRP\footnote{SRP stands for Secure Remote Password protocol} +protocol +\\ +\hline +\end{tabular} + +\addvspace{1.5cm} +\par + The Bulk Cipher algorithms used in \gnutls are: +\par +\begin{tabular}{|l|p{9cm}|} + +\hline +3DES\_CBC & 3DES\_CBC is the DES block cipher algorithm used with multiple (triple) +encryption (EDE). Has 64 bits block size and is used in CBC mode. +\\ +\hline +ARCFOUR & ARCFOUR\footnote{A compatible cipher with RC4 of RSADSI} is a +fast stream cipher. +\\ +\hline +AES\_CBC & AES or RIJNDAEL is the block cipher algorithm that replaces the old +(and insecure\footnote{due to small key length}) DES algorithm. Has +128 bits block size and is used in CBC mode. +\\ +\hline +TWOFISH\_CBC & TWOFISH is a block cipher algorithm by Counterpane. Has +128 bits block size and is used in CBC mode. +\\ +\hline +\end{tabular} + +\addvspace{1.5cm} +\par + The MAC\footnote{see RFC2104} algorithms used in \gnutls are: +\par +\begin{tabular}{|l|p{9cm}|} + +\hline +MAC\_MD5 & MD5 is a hash algorithm by Ron Rivest. Outputs 128 bits of data. +\\ +\hline +MAC\_SHA & SHA is a hash algorithm by NSA. Outputs 160 bits of data. +\\ +\hline +\end{tabular} + diff --git a/doc/tex/gnutls.tex b/doc/tex/gnutls.tex index 04f8bd490e..ef919bd622 100644 --- a/doc/tex/gnutls.tex +++ b/doc/tex/gnutls.tex @@ -67,7 +67,7 @@ The following authentication schemas are supported in \gnutls: \item SRP authentication \end{enumerate} - +\input{ciphersuites} \section{Client Examples} This section contains examples of TLS and SSL clients, using \gnutls. -- cgit v1.2.1