-
Notifications
You must be signed in to change notification settings - Fork 0
/
TLS-Glossary.txt
378 lines (312 loc) · 18.5 KB
/
TLS-Glossary.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
Pieces from RFC5246 (http://tools.ietf.org/rfc/rfc5246.txt)
http://httpd.apache.org/docs/2.0/ssl/ssl_intro.html
more info:https://en.wikipedia.org/wiki/Transport_Layer_Security
The Internet Protocol Suite places TLS and SSL as tools to the application layer, while the OSI model characterizes them as being initialized in Layer 5 (session layer) and operating in Layer 6 (presentation layer).
https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations
=============================================================================================
(High level protocols)
=============================================================================================
Handshake Protocol / ChangeCipherSpec protocol / Alert protocol / Application Protocol
- TLS ---------------------------------------------------------------------------------------
Record Layer
=============================================================================================
TCP or other transmission protocol
=============================================================================================
Appendix B. Glossary
Advanced Encryption Standard (AES)
AES [AES] is a widely used symmetric encryption algorithm. AES is
a block cipher with a 128-, 192-, or 256-bit keys and a 16-byte
block size. TLS currently only supports the 128- and 256-bit key
sizes.
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
asymmetric cipher
See public key cryptography.
authenticated encryption with additional data (AEAD)
A symmetric encryption algorithm that simultaneously provides
confidentiality and message integrity.
authentication
Authentication is the ability of one entity to determine the
identity of another entity.
block cipher
A block cipher is an algorithm that operates on plaintext in
groups of bits, called blocks. 64 bits was, and 128 bits is, a
common block size.
bulk cipher
A symmetric encryption algorithm used to encrypt large quantities
of data.
cipher block chaining (CBC)
CBC is a mode in which every plaintext block encrypted with a
block cipher is first exclusive-ORed with the previous ciphertext
block (or, in the case of the first block, with the initialization
vector). For decryption, every block is first decrypted, then
exclusive-ORed with the previous ciphertext block (or IV).
certificate
As part of the X.509 protocol (a.k.a. ISO Authentication
framework), certificates are assigned by a trusted Certificate
Authority and provide a strong binding between a party's identity
or some other attributes and its public key.
client write key
The key used to encrypt data written by the client.
client write MAC key
The secret data used to authenticate data written by the client.
connection
A connection is a transport (in the OSI layering model definition)
that provides a suitable type of service. For TLS, such
connections are peer-to-peer relationships. The connections are
transient. Every connection is associated with one session.
Data Encryption Standard
DES [DES] still is a very widely used symmetric encryption
algorithm although it is considered as rather weak now. DES is a
block cipher with a 56-bit key and an 8-byte block size. Note
that in TLS, for key generation purposes, DES is treated as having
an 8-byte key length (64 bits), but it still only provides 56 bits
of protection. (The low bit of each key byte is presumed to be
set to produce odd parity in that key byte.) DES can also be
operated in a mode [3DES] where three independent keys and three
encryptions are used for each block of data; this uses 168 bits of
key (24 bytes in the TLS key generation method) and provides the
equivalent of 112 bits of security.
https://en.wikipedia.org/wiki/Data_Encryption_Standard
Digital Signature Standard (DSS)
A standard for digital signing, including the Digital Signing
Algorithm, approved by the National Institute of Standards and
Technology, defined in NIST FIPS PUB 186-2, "Digital Signature
Standard", published January 2000 by the U.S. Department of
Commerce [DSS]. A significant update [DSS-3] has been drafted and
was published in March 2006.
Digital Signature Algorithm (DSA)
Digital Signature Standard, which uses the Digital Signature Algorithm.
https://en.wikipedia.org/wiki/Digital_Signature_Algorithm
digital signatures
Digital signatures utilize public key cryptography and one-way
hash functions to produce a signature of the data that can be
authenticated, and is difficult to forge or repudiate.
handshake An initial negotiation between client and server that
establishes the parameters of their transactions.
Initialization Vector (IV)
When a block cipher is used in CBC mode, the initialization vector
is exclusive-ORed with the first plaintext block prior to
encryption.
Message Authentication Code (MAC)
A Message Authentication Code is a one-way hash computed from a
message and some secret data. It is difficult to forge without
knowing the secret data. Its purpose is to detect if the message
has been altered.
https://en.wikipedia.org/wiki/Hash-based_message_authentication_code
master secret
Secure secret data used for generating encryption keys, MAC
secrets, and IVs.
MD5
MD5 [MD5] is a hashing function that converts an arbitrarily long
data stream into a hash of fixed size (16 bytes). Due to
significant progress in cryptanalysis, at the time of publication
of this document, MD5 no longer can be considered a 'secure'
hashing function.
http://tools.ietf.org/rfc/rfc1321.txt
public key cryptography
A class of cryptographic techniques employing two-key ciphers.
Messages encrypted with the public key can only be decrypted with
the associated private key. Conversely, messages signed with the
private key can be verified with the public key.
good reference, https://developer.mozilla.org/en-US/docs/Archive/Security/Introduction_to_Public-Key_Cryptography
one-way hash function
A one-way transformation that converts an arbitrary amount of data
into a fixed-length hash. It is computationally hard to reverse
the transformation or to find collisions. MD5 and SHA are
examples of one-way hash functions.
RC4 (Prohibited by RFC7465)
A stream cipher invented by Ron Rivest. A compatible cipher is
described in [SCH].
RFC7465 Prohibiting RC4 Cipher Suites, http://tools.ietf.org/rfc/rfc7465.txt
RSA
A very widely used public key algorithm that can be used for
either encryption or digital signing. [RSA]
https://en.wikipedia.org/wiki/RSA_(cryptosystem)
session
A TLS session is an association between a client and a server.
Sessions are created by the handshake protocol. Sessions define a
set of cryptographic security parameters that can be shared among
multiple connections. Sessions are used to avoid the expensive
negotiation of new security parameters for each connection.
session identifier
A session identifier is a value generated by a server that
identifies a particular session.
server write key
The key used to encrypt data written by the server.
server write MAC key
The secret data used to authenticate data written by the server.
SHA
The Secure Hash Algorithm [SHS] is defined in FIPS PUB 180-2. It
produces a 20-byte output. Note that all references to SHA
(without a numerical suffix) actually use the modified SHA-1
algorithm.
SHA-256
The 256-bit Secure Hash Algorithm is defined in FIPS PUB 180-2.
It produces a 32-byte output.
PRF (pseudorandom function)[Page 14]
TLS's PRF is created by applying P_hash to the secret as:
PRF(secret, label, seed) = P_<hash>(secret, label + seed)
where + indicates concatenation.
[RFC5288] The Pseudo Random Function (PRF) algorithms SHALL be as follows:
For cipher suites ending with _SHA256, the PRF is the TLS PRF [RFC5246] with SHA-256 as the hash function.
For cipher suites ending with _SHA384, the PRF is the TLS PRF [RFC5246] with SHA-384 as the hash function.
SSL (Deprecated by RFC7568)
Netscape's Secure Socket Layer protocol [SSL3]. TLS is based on
SSL Version 3.0.
The 1996 draft of SSL 3.0 was published by IETF as a historical document in RFC6101, http://tools.ietf.org/rfc/rfc6101.txt
RFC7568 Deprecating Secure Sockets Layer Version 3.0, http://tools.ietf.org/rfc/rfc7568.txt
stream cipher
An encryption algorithm that converts a key into a
cryptographically strong keystream, which is then exclusive-ORed
with the plaintext.
symmetric cipher
See bulk cipher.
Diffie–Hellman(DH)
https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
https://weakdh.org/sysadmin.html
Ephemeral Diffie–Hellman (DHE or EDH)
Elliptic curve Diffie–Hellman (ECDH)
https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman
Transport Layer Security (TLS)
This protocol; also, the Transport Layer Security working group of
the Internet Engineering Task Force (IETF). See "Working Group
Information" at the end of this document (see page 99).
Cipher Suite Definition
CipherSuite TLS_NULL_WITH_NULL_NULL = { 0x00,0x00 }; // initial state of TLS connection, MUST NOT be negotiated
CipherSuite TLS_RSA_WITH_NULL_MD5 = { 0x00,0x01 };
CipherSuite TLS_RSA_WITH_NULL_SHA = { 0x00,0x02 };
CipherSuite TLS_RSA_WITH_NULL_SHA256 = { 0x00,0x3B };
CipherSuite TLS_RSA_WITH_RC4_128_MD5 = { 0x00,0x04 };
CipherSuite TLS_RSA_WITH_RC4_128_SHA = { 0x00,0x05 };
CipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x0A };
CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x2F };
CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x35 };
CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA256 = { 0x00,0x3C };
CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA256 = { 0x00,0x3D };
CipherSuite TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00,0x0D };
CipherSuite TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x10 };
CipherSuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00,0x13 };
CipherSuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x16 };
CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA = { 0x00,0x30 };
CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x31 };
CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA = { 0x00,0x32 };
CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x33 };
CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA = { 0x00,0x36 };
CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x37 };
CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA = { 0x00,0x38 };
CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x39 };
CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = { 0x00,0x3E };
CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = { 0x00,0x3F };
CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = { 0x00,0x40 };
CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = { 0x00,0x67 };
CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = { 0x00,0x68 };
CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = { 0x00,0x69 };
CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = { 0x00,0x6A };
CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = { 0x00,0x6B };
CipherSuite TLS_DH_anon_WITH_RC4_128_MD5 = { 0x00,0x18 };
CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00,0x1B };
CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA = { 0x00,0x34 };
CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA = { 0x00,0x3A };
CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA256 = { 0x00,0x6C };
CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA256 = { 0x00,0x6D };
Note: The cipher suite values { 0x00, 0x1C } and { 0x00, 0x1D } are reserved to avoid collision with Fortezza-based cipher suites in SSL 3.
AES Galois Counter Mode (GCM) Cipher Suites for TLS were introduced in RFC5288.
CipherSuite TLS_RSA_WITH_AES_128_GCM_SHA256 = {0x00,0x9C}
CipherSuite TLS_RSA_WITH_AES_256_GCM_SHA384 = {0x00,0x9D}
CipherSuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = {0x00,0x9E}
CipherSuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = {0x00,0x9F}
CipherSuite TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = {0x00,0xA0}
CipherSuite TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = {0x00,0xA1}
CipherSuite TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = {0x00,0xA2}
CipherSuite TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = {0x00,0xA3}
CipherSuite TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = {0x00,0xA4}
CipherSuite TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = {0x00,0xA5}
CipherSuite TLS_DH_anon_WITH_AES_128_GCM_SHA256 = {0x00,0xA6}
CipherSuite TLS_DH_anon_WITH_AES_256_GCM_SHA384 = {0x00,0xA7}
TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM) were introduced in RFC5289.
CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = {0xC0,0x2B};
CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = {0xC0,0x2C};
CipherSuite TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = {0xC0,0x2D};
CipherSuite TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = {0xC0,0x2E};
CipherSuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = {0xC0,0x2F};
CipherSuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = {0xC0,0x30};
CipherSuite TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = {0xC0,0x31};
CipherSuite TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = {0xC0,0x32};
Appendix C. Cipher Suite Definitions (https://en.wikipedia.org/wiki/Cipher_suite, https://cipherstuff.wordpress.com/)
Cipher Suite Key Cipher Mac
Exchange
TLS_NULL_WITH_NULL_NULL NULL NULL NULL
TLS_RSA_WITH_NULL_MD5 RSA NULL MD5
TLS_RSA_WITH_NULL_SHA RSA NULL SHA
TLS_RSA_WITH_NULL_SHA256 RSA NULL SHA256
TLS_RSA_WITH_RC4_128_MD5 RSA RC4_128 MD5
TLS_RSA_WITH_RC4_128_SHA RSA RC4_128 SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA RSA 3DES_EDE_CBC SHA
TLS_RSA_WITH_AES_128_CBC_SHA RSA AES_128_CBC SHA
TLS_RSA_WITH_AES_256_CBC_SHA RSA AES_256_CBC SHA
TLS_RSA_WITH_AES_128_CBC_SHA256 RSA AES_128_CBC SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256 RSA AES_256_CBC SHA256
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA DH_DSS 3DES_EDE_CBC SHA
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA DH_RSA 3DES_EDE_CBC SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE_DSS 3DES_EDE_CBC SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE_RSA 3DES_EDE_CBC SHA
TLS_DH_anon_WITH_RC4_128_MD5 DH_anon RC4_128 MD5
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA DH_anon 3DES_EDE_CBC SHA
TLS_DH_DSS_WITH_AES_128_CBC_SHA DH_DSS AES_128_CBC SHA
TLS_DH_RSA_WITH_AES_128_CBC_SHA DH_RSA AES_128_CBC SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE_DSS AES_128_CBC SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE_RSA AES_128_CBC SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA DH_anon AES_128_CBC SHA
TLS_DH_DSS_WITH_AES_256_CBC_SHA DH_DSS AES_256_CBC SHA
TLS_DH_RSA_WITH_AES_256_CBC_SHA DH_RSA AES_256_CBC SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE_DSS AES_256_CBC SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE_RSA AES_256_CBC SHA
TLS_DH_anon_WITH_AES_256_CBC_SHA DH_anon AES_256_CBC SHA
TLS_DH_DSS_WITH_AES_128_CBC_SHA256 DH_DSS AES_128_CBC SHA256
TLS_DH_RSA_WITH_AES_128_CBC_SHA256 DH_RSA AES_128_CBC SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 DHE_DSS AES_128_CBC SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE_RSA AES_128_CBC SHA256
TLS_DH_anon_WITH_AES_128_CBC_SHA256 DH_anon AES_128_CBC SHA256
TLS_DH_DSS_WITH_AES_256_CBC_SHA256 DH_DSS AES_256_CBC SHA256
TLS_DH_RSA_WITH_AES_256_CBC_SHA256 DH_RSA AES_256_CBC SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 DHE_DSS AES_256_CBC SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE_RSA AES_256_CBC SHA256
TLS_DH_anon_WITH_AES_256_CBC_SHA256 DH_anon AES_256_CBC SHA256
Key IV Block
Cipher Type Material Size Size
------------ ------ -------- ---- -----
NULL Stream 0 0 N/A
RC4_128 Stream 16 0 N/A
3DES_EDE_CBC Block 24 8 8
AES_128_CBC Block 16 16 16
AES_256_CBC Block 32 16 16
MAC Algorithm mac_length mac_key_length
-------- ----------- ---------- --------------
NULL N/A 0 0
MD5 HMAC-MD5 16 16
SHA HMAC-SHA1 20 20
SHA256 HMAC-SHA256 32 32
Type
Indicates whether this is a stream cipher or a block cipher
running in CBC mode.
Key Material
The number of bytes from the key_block that are used for
generating the write keys.
IV Size
The amount of data needed to be generated for the initialization
vector. Zero for stream ciphers; equal to the block size for
block ciphers (this is equal to
SecurityParameters.record_iv_length).
Block Size
The amount of data a block cipher enciphers in one chunk; a block
cipher running in CBC mode can only encrypt an even multiple of
its block size.
https://en.wikipedia.org/wiki/Cryptographic_hash_function
http://csrc.nist.gov/groups/ST/crypto_apps_infra/documents/pkixtools/
ECC, https://en.wikipedia.org/wiki/Elliptic_curve_cryptography
PKCS, https://en.wikipedia.org/wiki/PKCS
Wireshark (how to capture ssl sessions)
https://wiki.wireshark.org/SSL
Dump x509 certificate content to text(Structure of a certificate or filename extensions: https://en.wikipedia.org/wiki/X.509)
$ openssl x509 -in MYCERT.pem -text
$ openssl x509 -in MYCERT.der -inform der -text