Andrew Boyson / crypto

A simple library to support serving https.

Dependents:   oldheating gps motorhome heating

explanation.txt

Committer:
andrewboyson
Date:
2020-04-01
Revision:
24:cb43290fc439
Parent:
19:f22327e8be7b

File content as of revision 24:cb43290fc439:

Ciper and MAC keys lengths
==========================

                        Key      IV   Block
Cipher        Type    Material  Size  Size
------------  ------  --------  ----  -----
NULL          Stream      0       0    N/A
RC4_128       Stream     16       0    N/A
3DES_EDE_CBC  Block      24       8      8
AES_128_CBC   Block      16      16     16
AES_256_CBC   Block      32      16     16


MAC       Algorithm    mac_length  mac_key_length
--------  -----------  ----------  --------------
NULL      N/A              0             0
MD5       HMAC-MD5        16            16
SHA       HMAC-SHA1       20            20
SHA256    HMAC-SHA256     32            32


Names
=====
SHA
secure hash algorithm
   - it is deterministic, meaning that the same message always results in the same hash
   - it is quick to compute the hash value for any given message
   - it is infeasible to generate a message that yields a given hash value
   - it is infeasible to find two different messages with the same hash value
   - a small change to a message should change the hash value so extensively that
     the new hash value appears uncorrelated with the old hash value (avalanche effect)
   
HMAC
keyed-hash message authentication code or hash-based message authentication code
   - it is a message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key.
   - it may be used to simultaneously verify both the data integrity and the authentication of a message
   - used to sign a message with a symmetrical key


Links
=====
https://tls.ulfheim.net/

Full  RSA handshake
===================
ClientHello       -=> use session id to jump to short handshake
                  <=- ServerHello
                  <=- Certificate
                  <=- ServerHelloDone
                  
ClientKeyExchange -=> start asynchronous sha256 decryption
ChangeCipherSpec  --> switch to encrypedIn
Finished          -=> store the encrypted verify message

sha256 decrypted  --> prepare the keys and decrypt the verify message
                  <-- ChangeCipherSpec
                  <=- Finished


Short RSA handshake
===================
ClientHello       -=>
                  <=- ServerHello
                  <-- ChangeCipherSpec
                  <=- Finished
ChangeCipherSpec  --> switch to encrypedIn
Finished          -=>