129 lines
4.5 KiB
ReStructuredText
129 lines
4.5 KiB
ReStructuredText
.. _glossary:
|
|
|
|
Glossary
|
|
========
|
|
|
|
.. glossary::
|
|
:sorted:
|
|
|
|
TLS
|
|
Transport Layer Security is a cryptographic network protocol defined
|
|
in a series of :term:`RFC` documents, newest of which is RFC8446.
|
|
|
|
RFC
|
|
Request For Comments are standards published by Internet Engineering Task
|
|
Force, an open standards organisation.
|
|
|
|
IETF
|
|
Internet Engineering Task Force is an organisation responsible for
|
|
providing specifications of protocols used over the Internet.
|
|
|
|
SSL
|
|
Secure Sockets Layer is an old cryptographic network protocol. It has
|
|
orginated in Netscape in the early 1990's. Currently replaced by
|
|
:term:`TLS`.
|
|
|
|
SUT
|
|
System Under Test is the device or implementation that
|
|
the tests are verifying. Excludes tlsfuzzer itself or systems necessary
|
|
to execute it or tlsfuzzer.
|
|
|
|
RSA
|
|
Rivest Shamir Adleman is an asymmetric cryptosystem commonly used for
|
|
signing messages or encrypting keys.
|
|
|
|
ECDSA
|
|
Elliptic Curve Digital Signature Algorithm uses the Digital Signature
|
|
Algorithm with elliptic curves instead of finite field groups.
|
|
It's an asymmetric cryptosystem, similar to RSA.
|
|
|
|
ECDHE
|
|
Implementation of Diffie-Hellman key exchange algorithm over elliptic
|
|
curves.
|
|
|
|
AES
|
|
Advanced Encryption Standard is a symmetric block cipher.
|
|
|
|
AES-GCM
|
|
Advanced Encryption Standard in Galois Counter Mode is an :term:`AEAD`
|
|
cipher, it encrypts and authenticates data with one operation.
|
|
In :term:`TLS` those ciphers require version 1.2 or 1.3.
|
|
|
|
AES-CCM
|
|
:term:`AEAD` mode of Advanced Encryption Standard (:term:`AES`) that
|
|
combines counter mode with the CBC-MAC algorithm.
|
|
In :term:`TLS` those ciphers require version 1.2 or 1.3.
|
|
|
|
AES-CCM8
|
|
:term:`AES-CCM` with 8 byte long authentication tag.
|
|
|
|
AEAD
|
|
Authenticated Encryption with Associated Data, a mode of operation
|
|
for symmetric ciphers that processes messages and optional additional
|
|
data as atomic objects: the decryption provides data only if
|
|
integrity of data is verified, encryption provides ciphertext only
|
|
when all the data was provided to the encryption function.
|
|
|
|
PKIX
|
|
Public Key Infrastructure for the Internet, described use of X.509
|
|
certificates in Internet protocols.
|
|
|
|
TCP
|
|
Transport Control Protocol is a stream protocol that provides reliable
|
|
delivery over the Internet Protocol.
|
|
|
|
MAC
|
|
Message Authentication Code is the generic name for data used to verify
|
|
integrity of the received data. This data is called an authentication tag.
|
|
There are many MACs defined: :term:`HMAC`, :term:`CMAC`, or :term:`GMAC`.
|
|
|
|
HMAC
|
|
Hash-based :term:`MAC`, commonly used with CBC mode ciphers in :term:`TLS`
|
|
before version 1.3
|
|
|
|
CMAC
|
|
Cipher-based :term:`MAC`
|
|
|
|
GMAC
|
|
Galois :term:`MAC`, commonly used as part of the :term:`AES-GCM` cipher.
|
|
|
|
IV
|
|
Initialisation Vector, a value used to influence the generated ciphertext,
|
|
unlike the key, it doesn't have to remain secret
|
|
|
|
CBC
|
|
Cipher Block Chaining, an encryption mode for block ciphers, used
|
|
since SSLv2 until TLS 1.2.
|
|
|
|
CI
|
|
Continuous Integration is a development practice in which changes are
|
|
merged to ``master`` branch, commonly after the test coverage for the
|
|
project is executed.
|
|
|
|
SNI
|
|
Server Name Indication, also known as ``server_name``, is a :term:`TLS`
|
|
extension for negotiatiating connections to "Virtual Hosts". It allows
|
|
a server to distinguish requests for different hostnames sharing a
|
|
single IP address.
|
|
|
|
ALPN
|
|
Application Layer Protocol Negotiation is a :term:`TLS` extension
|
|
allowing for co-existence of multiple applications protocols on the same
|
|
:term:`TCP` or :term:`UDP` port. Commonly used to negotiate HTTP/2 over
|
|
HTTP/1.1.
|
|
|
|
NPN
|
|
Next Protocol Negotiation is a :term:`TLS` extension allowing for use
|
|
of multiple application layer protocols on the same port. Not
|
|
standardised. Obsoleted by :term:`ALPN`.
|
|
|
|
HSM
|
|
Hardware Security Module is usually an extension card that is tasked with
|
|
secure storage of private keys. Some HSMs also provide hardware
|
|
acceleration for cryptographic operations.
|
|
|
|
PRF
|
|
Pseudo-Random Function is used to sanitise random values to prepare them
|
|
for use as keys in encryption. :term:`TLS` 1.0 and 1.1 uses combination
|
|
of MD5 and SHA1. :term:`TLS` 1.2 and 1.3 use SHA-256 or SHA-384 based
|
|
algorithms depending on cipher suite negotiated.
|