Andrew Boyson
A simple library to support serving https.
Dependents: oldheating gps motorhome heating
explanation.txt@24:cb43290fc439, 2020-04-01 (annotated)
- Committer:
- andrewboyson
- Date:
- Wed Apr 01 12:48:52 2020 +0000
- Revision:
- 24:cb43290fc439
- Parent:
- 19:f22327e8be7b
Added check so that if the client closes the TCP connection before the TLS connection is established then respond that we have finished and the TCP connection is to be closed.
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| andrewboyson | 19:f22327e8be7b | 1 | Ciper and MAC keys lengths |
| andrewboyson | 19:f22327e8be7b | 2 | ========================== |
| andrewboyson | 19:f22327e8be7b | 3 | |
| andrewboyson | 19:f22327e8be7b | 4 | Key IV Block |
| andrewboyson | 19:f22327e8be7b | 5 | Cipher Type Material Size Size |
| andrewboyson | 19:f22327e8be7b | 6 | ------------ ------ -------- ---- ----- |
| andrewboyson | 19:f22327e8be7b | 7 | NULL Stream 0 0 N/A |
| andrewboyson | 19:f22327e8be7b | 8 | RC4_128 Stream 16 0 N/A |
| andrewboyson | 19:f22327e8be7b | 9 | 3DES_EDE_CBC Block 24 8 8 |
| andrewboyson | 19:f22327e8be7b | 10 | AES_128_CBC Block 16 16 16 |
| andrewboyson | 19:f22327e8be7b | 11 | AES_256_CBC Block 32 16 16 |
| andrewboyson | 19:f22327e8be7b | 12 | |
| andrewboyson | 19:f22327e8be7b | 13 | |
| andrewboyson | 19:f22327e8be7b | 14 | MAC Algorithm mac_length mac_key_length |
| andrewboyson | 19:f22327e8be7b | 15 | -------- ----------- ---------- -------------- |
| andrewboyson | 19:f22327e8be7b | 16 | NULL N/A 0 0 |
| andrewboyson | 19:f22327e8be7b | 17 | MD5 HMAC-MD5 16 16 |
| andrewboyson | 19:f22327e8be7b | 18 | SHA HMAC-SHA1 20 20 |
| andrewboyson | 19:f22327e8be7b | 19 | SHA256 HMAC-SHA256 32 32 |
| andrewboyson | 19:f22327e8be7b | 20 | |
| andrewboyson | 19:f22327e8be7b | 21 | |
| andrewboyson | 6:819c17738dc2 | 22 | Names |
| andrewboyson | 6:819c17738dc2 | 23 | ===== |
| andrewboyson | 0:be515c9019e3 | 24 | SHA |
| andrewboyson | 0:be515c9019e3 | 25 | secure hash algorithm |
| andrewboyson | 0:be515c9019e3 | 26 | - it is deterministic, meaning that the same message always results in the same hash |
| andrewboyson | 0:be515c9019e3 | 27 | - it is quick to compute the hash value for any given message |
| andrewboyson | 0:be515c9019e3 | 28 | - it is infeasible to generate a message that yields a given hash value |
| andrewboyson | 0:be515c9019e3 | 29 | - it is infeasible to find two different messages with the same hash value |
| andrewboyson | 0:be515c9019e3 | 30 | - a small change to a message should change the hash value so extensively that |
| andrewboyson | 0:be515c9019e3 | 31 | the new hash value appears uncorrelated with the old hash value (avalanche effect) |
| andrewboyson | 0:be515c9019e3 | 32 | |
| andrewboyson | 0:be515c9019e3 | 33 | HMAC |
| andrewboyson | 0:be515c9019e3 | 34 | keyed-hash message authentication code or hash-based message authentication code |
| andrewboyson | 0:be515c9019e3 | 35 | - it is a message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key. |
| andrewboyson | 0:be515c9019e3 | 36 | - it may be used to simultaneously verify both the data integrity and the authentication of a message |
| andrewboyson | 2:82268409e83f | 37 | - used to sign a message with a symmetrical key |
| andrewboyson | 6:819c17738dc2 | 38 | |
| andrewboyson | 6:819c17738dc2 | 39 | |
| andrewboyson | 6:819c17738dc2 | 40 | Links |
| andrewboyson | 6:819c17738dc2 | 41 | ===== |
| andrewboyson | 6:819c17738dc2 | 42 | https://tls.ulfheim.net/ |
| andrewboyson | 6:819c17738dc2 | 43 | |
| andrewboyson | 2:82268409e83f | 44 | Full RSA handshake |
| andrewboyson | 2:82268409e83f | 45 | =================== |
| andrewboyson | 8:5e66a6b4b38c | 46 | ClientHello -=> use session id to jump to short handshake |
| andrewboyson | 8:5e66a6b4b38c | 47 | <=- ServerHello |
| andrewboyson | 8:5e66a6b4b38c | 48 | <=- Certificate |
| andrewboyson | 8:5e66a6b4b38c | 49 | <=- ServerHelloDone |
| andrewboyson | 6:819c17738dc2 | 50 | |
| andrewboyson | 8:5e66a6b4b38c | 51 | ClientKeyExchange -=> start asynchronous sha256 decryption |
| andrewboyson | 6:819c17738dc2 | 52 | ChangeCipherSpec --> switch to encrypedIn |
| andrewboyson | 8:5e66a6b4b38c | 53 | Finished -=> store the encrypted verify message |
| andrewboyson | 6:819c17738dc2 | 54 | |
| andrewboyson | 6:819c17738dc2 | 55 | sha256 decrypted --> prepare the keys and decrypt the verify message |
| andrewboyson | 2:82268409e83f | 56 | <-- ChangeCipherSpec |
| andrewboyson | 8:5e66a6b4b38c | 57 | <=- Finished |
| andrewboyson | 2:82268409e83f | 58 | |
| andrewboyson | 2:82268409e83f | 59 | |
| andrewboyson | 2:82268409e83f | 60 | Short RSA handshake |
| andrewboyson | 2:82268409e83f | 61 | =================== |
| andrewboyson | 8:5e66a6b4b38c | 62 | ClientHello -=> |
| andrewboyson | 8:5e66a6b4b38c | 63 | <=- ServerHello |
| andrewboyson | 2:82268409e83f | 64 | <-- ChangeCipherSpec |
| andrewboyson | 8:5e66a6b4b38c | 65 | <=- Finished |
| andrewboyson | 14:03a0b8fd6ddc | 66 | ChangeCipherSpec --> switch to encrypedIn |
| andrewboyson | 8:5e66a6b4b38c | 67 | Finished -=> |
| andrewboyson | 2:82268409e83f | 68 |