Merge https://github.com/krono/Applied-Crypto-Hardening
authorAaron Zauner <azet@azet.org>
Fri, 6 Jun 2014 14:44:43 +0000 (16:44 +0200)
committerAaron Zauner <azet@azet.org>
Fri, 6 Jun 2014 14:44:43 +0000 (16:44 +0200)
src/Makefile
src/applied-crypto-hardening.tex
src/common/cipherStringB.tex
src/suite_names.tex
src/theory/RNGs.tex
src/theory/cipher_suites.tex
src/theory/cipher_suites/recommended.tex

index 07cf623..8635d6e 100644 (file)
@@ -14,6 +14,8 @@ pdf:
        bibtex applied-crypto-hardening
        makeglossaries applied-crypto-hardening
        ${LATEX} applied-crypto-hardening
+       # re-do for refs
+       ${LATEX} applied-crypto-hardening
        while grep -s "Rerun to get cross-references right" \
         applied-crypto-hardening.log ; do \
            ${LATEX} applied-crypto-hardening ; \
index 96d0940..0ea9f9f 100644 (file)
@@ -50,7 +50,7 @@
 \input{theory}
 \appendix
 \label{appendix}
-\printglossary[style=listgroup,nogroupskip,nonumberlist]
+%\printglossary[style=listgroup,nogroupskip,nonumberlist]
 \lstlistoflistings
 \input{tools}
 \input{links}
index ec9eb7c..b1c122d 100644 (file)
@@ -1 +1 @@
-\seqsplit{EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA}
+\seqsplit{EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA}
index 38f0c42..81cda53 100644 (file)
@@ -9,7 +9,7 @@
 
 The list of IANA cipher suite names was retrieved from
 \url{https://www.iana.org/assignments/tls-parameters/tls-parameters-4.csv}
-on Tue Mar 25 03:22:10 2014.
+on Tue Jun  3 22:36:58 2014.
 
 The list of OpenSSL Ciphers was generated with OpenSSL 1.0.1e 11 Feb 2013.
 
@@ -648,4 +648,12 @@ The list of OpenSSL Ciphers was generated with OpenSSL 1.0.1e 11 Feb 2013.
   
   \texttt{0xC0,0xAB} & \verb|TLS_PSK_DHE_WITH_AES_256_CCM_8| & \texttt{} \\
   
+  \texttt{0xC0,0xAC} & \verb|TLS_ECDHE_ECDSA_WITH_AES_128_CCM| & \texttt{} \\
+  
+  \texttt{0xC0,0xAD} & \verb|TLS_ECDHE_ECDSA_WITH_AES_256_CCM| & \texttt{} \\
+  
+  \texttt{0xC0,0xAE} & \verb|TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8| & \texttt{} \\
+  
+  \texttt{0xC0,0xAF} & \verb|TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8| & \texttt{} \\
+  
 \end{longtable}}
index 1102480..a8e194f 100644 (file)
@@ -61,7 +61,7 @@ leading to predictable session keys~\cite{HDWH12}.
 \subsection{Linux}
 \label{subsec:RNG-linux}
 
-\todo{Other architectures, BSD, Windows?}
+%\todo{Other architectures, BSD, Windows?}
 
 On Linux there are two devices that return random bytes when read; the
 \verb+/dev/random+ can block until sufficient entropy has been collected
index 22494be..64bc5d9 100644 (file)
@@ -1,7 +1,7 @@
 
 \section{Cipher suites}
 \label{section:CipherSuites}
-\todo{team: section \ref{section:CipherSuites} is currently a bit messy. Re-do it}
+%\todo{team: section \ref{section:CipherSuites} is currently a bit messy. Re-do it}
 
 
 \subsection{Architectural overview }
@@ -28,7 +28,8 @@
 \input{"./theory/cipher_suites/compatibility.tex"}
 
 
-\subsection{Choosing your own cipher suites}
-\label{section:ChoosingYourOwnCipherSuites}
-\input{"./theory/cipher_suites/choosing.tex"}
+% XXX author: (Adi) can we either have this completed or removed? XXX
+%\subsection{Choosing your own cipher suites}
+%\label{section:ChoosingYourOwnCipherSuites}
+%\input{"./theory/cipher_suites/choosing.tex"}
 
index 881589d..f6227c7 100644 (file)
@@ -58,9 +58,10 @@ At the time of this writing only Win 7 and Win 8.1 crypto stack,
 OpenSSL $\ge$ 1.0.1e, Safari 6 / iOS 6.0.1 and Safar 7 / OS X 10.9
 are covered by that cipher string.
 
-In case you need to support other/different clients, see information
-about choosing your own cipher string in section
-\ref{section:ChoosingYourOwnCipherSuites}.
+% XXX author: (Adi) this depends on the chosing your own cipher chapter XXX
+%In case you need to support other/different clients, see information
+%about choosing your own cipher string in section
+%\ref{section:ChoosingYourOwnCipherSuites}.
 
 \subsubsection{Configuration B: Weaker ciphers but better compatibility}
 
@@ -71,7 +72,7 @@ better compatibility with a broad range of clients, but also less computational
 workload on the provisioning hardware.
 
 
-\textbf{All further examples in this publication use Configuration B}.\\
+\textbf{All examples in this publication use Configuration B}.\\
 
 We arrived at this set of cipher suites by selecting:
 
@@ -86,7 +87,7 @@ This results in the OpenSSL string:
 \ttbox{\cipherStringB}
 
 \todo{make a column for cipher chaining mode}
-\ctable[caption={Configuration B ciphers},label=tab:conf-b]{lllllll}{}{%
+\ctable[pos=ht,caption={Configuration B ciphers},label=tab:conf-b]{lllllll}{}{%
 \FL \textbf{ID}   & \textbf{OpenSSL Name}       & \textbf{Version} & \textbf{KeyEx} & \textbf{Auth} & \textbf{Cipher} & \textbf{MAC}
 \ML \texttt{0x009F} & DHE-RSA-AES256-GCM-SHA384   & TLSv1.2          & DH             & RSA           & AESGCM(256)     & AEAD
 \NN \texttt{0x006B} & DHE-RSA-AES256-SHA256       & TLSv1.2          & DH             & RSA           & AES(256)        & SHA256