-
-
Notifications
You must be signed in to change notification settings - Fork 34
/
openssl-book.tex
286 lines (277 loc) · 8.19 KB
/
openssl-book.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
\documentclass[oneside]{book}
\author{The OpenSSL Project}
\title{The OpenSSL Guide}
\usepackage{color}
\usepackage{colortbl}
\usepackage{graphicx}
\usepackage[hidelinks]{hyperref}
\usepackage{listings}
\usepackage{xcolor}
\usepackage{outline}
\newcommand\todo[1]{\textcolor{red}{[TODO:#1]}}
\definecolor{LightGray}{gray}{0.9}
\lstdefinestyle{osslc}{
breaklines=true,
frame=single,
xleftmargin=\parindent,
language=C,
showstringspaces=false,
basicstyle=\footnotesize\ttfamily,
numbers=left,
numberstyle=\tiny,
captionpos=b
}
\begin{document}
\lstset{style=osslc}
\maketitle
\tableofcontents
\part{Foundations}
\chapter{Outline - to be deleted}
\begin{outline}
\item{Part: Foundations}
\begin{outline}
\item{Chapter: Introduction}
\begin{outline}
\item{Purpose of this book}
\item{Layout and how to navigate this book}
\item{This is an open source book}
\item{About the authors}
\end{outline}
\item{Chapter: About OpenSSL}
\begin{outline}
\item{What is OpenSSL}
\begin{outline}
\item{Describe OpenSSL as a command line tool}
\item{Describe OpenSSL as a SSL/TLS/DTLS library}
\item{Describe OpenSSL as a crypto library}
\end{outline}
\item{OpenSSL History}
\begin{outline}
\item{SSLeay}
\item{OpenSSL formation}
\item{The lean years and FIPS}
\item{Changes in the team membership and processes}
\item{OpenSSL today}
\end{outline}
\end{outline}
\item{Chapter: Getting OpenSSL}
\begin{outline}
\item{OpenSSL Version Numbering}
\item{Using pre-built binaries}
\item{Pre-requisites for building OpenSSL from source}
\item{Compiling and installing from source}
\item{Troubleshooting some common build issues}
\end{outline}
\item{Chapter: Programming Fundamentals}
\begin{outline}
\item{Memory management}
\begin{outline}
\item{new and free functions}
\item{OPENSSL\_malloc, OPENSSL\_zalloc and OPENSSL\_free}
\item{get0, get1, set0, set1 etc}
\item{Debugging memory issues}
\end{outline}
\item{BIOs}
\item{Serialisation and De-serialisation}
\begin{outline}
\item{i2d and d2i functions}
\end{outline}
\item{Stacks}
\item{LHashes}
\item{NIDs}
\item{Identifying the OpenSSL version}
\item{Automatic Library Initialisation and De-initialisation}
\item{Threads}
\end{outline}
\item{Chapter: Certificates and Certificate Authorities}
\item{Chapter: Working with Certificate and Key files}
\begin{outline}
\item{PEM files}
\item{PKCS8 files}
\item{PCKS12 files}
\end{outline}
\item{Chapter: Certificate Revocation}
\begin{outline}
\item{CRLs}
\item{OCSP}
\end{outline}
\item{Chapter: Configuration via CONF}
\item{Chapter: Engines (Advanced Topic)}
\item{Chapter: Stores (Advanced Topic)}
\item{Chapter: Advanced Certificates (Advanced Topic)}
\item{Chapter: Certificate Transparency (Advanced Topic)}
\item{Chapter: Asynchronous operation (Advanced Topic)}
\item{Chapter: ASN.1 (Advanced Topic)}
\item{Chapter: UIs (Advanced Topic)}
\end{outline}
\item{Part: SSL/TLS/DTLS}
\begin{outline}
\item{Chapter: Understanding SSL/TLS}
\begin{outline}
\item{Security properties of an SSL/TLS connection}
\item{Overview of SSL/TLS versions}
\item{Overview of establishing identity}
\item{Overview of ciphersuites}
\item{Records}
\item{Overview of the Handshake}
\item{Sessions and resumption}
\end{outline}
\item{Chapter: Getting Started}
\begin{outline}
\item{Creating an SSL\_CTX}
\item{Creating a self-signed certificate}
\item{Starting the test server}
\item{A simple client}
\begin{outline}
\item{Connecting}
\item{Exchanging data}
\item{Shutting down}
\end{outline}
\item{Compilation}
\item{Running the client}
\item{Adding the trusted CAs}
\item{A simple server}
\begin{outline}
\item{Setting up the SSL\_CTX}
\item{Accepting incoming connections}
\end{outline}
\end{outline}
\item{Chapter: Ciphersuites}
\begin{outline}
\item{Parts of the Ciphersuite}
\item{Ciphersuite Naming}
\item{TLSv1.3 Ciphersuites}
\item{Configuring the available Ciphersuites}
\item{Ciphersuite selection (client vs server preference)}
\item{Key Exchange Mechanisms}
\begin{outline}
\item{RSA}
\item{DHE}
\item{ECDHE (covering some basics of curve types: P-256, X25519 etc)}
\item{SRP}
\item{PSK}
\end{outline}
\item{Authentication}
\begin{outline}
\item{RSA}
\item{ECDSA}
\item{EdDSA? (future)}
\end{outline}
\item{Encryption}
\begin{outline}
\item{AES}
\item{Camellia}
\item{ChaCha}
\item{etc}
\end{outline}
\item{MAC/AEAD}
\end{outline}
\item{Chapter: Basic Operation}
\begin{outline}
\item{The read and write BIOs}
\item{Alerts}
\item{Version Negotiation}
\item{SSL\_read, SSL\_write and SSL\_get\_error}
\begin{outline}
\item{Non-blocking IO}
\item{Pending data}
\end{outline}
\item{Shutting down}
\item{Client Authentication}
\item{Renegotiation}
\item{Compression}
\item{SSL BIO}
\item{Exporting secrets}
\end{outline}
\item{Chapter: Sessions}
\begin{outline}
\item{Resumption handshakes}
\item{Simple sessions and session files}
\item{Session tickets}
\item{Session caches}
\end{outline}
\item{Chapter: Configuration}
\begin{outline}
\item{Setting options and modes}
\begin{outline}
\item{Some common options/modes}
\begin{outline}
\item{SSL\_MODE\_AUTO\_RETRY}
\item{SSL\_MODE\_RELEASE\_BUFFERS}
\end{outline}
\end{outline}
\item{Signature Algorithms}
\item{Supported Groups}
\item{Configuration using SSL\_CONF}
\item{Security levels and the security callbacks}
\end{outline}
\item{Chapter: DTLS}
\begin{outline}
\item{Key differences with TLS}
\item{Transports}
\begin{outline}
\item{UDP}
\item{SCTP}
\item{MTU issues}
\end{outline}
\item{Retransmissions and the DTLS timer}
\item{Listening for connections and cookies}
\end{outline}
\item{Chapter: TLSv1.3}
\item{Chapter: Debugging Connection Failures}
\item{Chapter: Advanced Extensions (Advanced Topic)}
\begin{outline}
\item{SNI}
\item{ALPN and NPN}
\item{SRTP}
\item{EC point formats}
\item{Extended Master Secret}
\item{Encrypt-Then-MAC}
\item{OCSP in SSL/TLS}
\item{Certificate Transparency in SSL/TLS}
\item{Custom extensions}
\end{outline}
\item{Chapter: DANE (Advanced Topic)}
\item{Chapter: Optimisation (Advanced Topic)}
\begin{outline}
\item{Multiblock}
\item{Async}
\item{Pipelining}
\item{Fragment sizes}
\item{Read ahead}
\end{outline}
\end{outline}
\item{Part: Cryptography}
\begin{outline}
\item{Chapter: Working with BIGNUMs}
\item{Chapter: Random Numbers}
\item{Chapter: Encryption and Decryption (Symmetric)}
\begin{outline}
\item{What is symmetric encryption}
\item{Block and stream ciphers}
\item{Modes}
\item{IVs and Nonces}
\item{A simple encryption/decryption example}
\item{AEAD}
\begin{outline}
\item{Tags}
\item{GCM}
\item{OCB}
\item{CCM}
\item{ChaCha20-Poly1305}
\end{outline}
\item{XTS}
\end{outline}
\item{Chapter: Asymmetric encryption and decryption}
\item{Chapter: Digital signatures}
\item{Chapter: Hashes}
\item{Chapter: Message Authentication Codes}
\item{Chapter: Key Generation and Derivation}
\item{Chapter: CMS (PKCS.7) and S/MIME (Advanced Topic)}
\item{Chapter: Elliptic Curves (Advanced Topic)}
\end{outline}
\end{outline}
\include{foundations/about/about}
\part{SSL/TLS/DTLS}
\part{Cryptography}
\end{document}