Glossary
- AEAD
Authenticated Encryption with Associated Data, a mode of operation for symmetric ciphers that processes messages and optional additional data as atomic objects: the decryption provides data only if integrity of data is verified, encryption provides ciphertext only when all the data was provided to the encryption function.
- AES
Advanced Encryption Standard is a symmetric block cipher.
- AES-CCM
AEAD mode of Advanced Encryption Standard (AES) that combines counter mode with the CBC-MAC algorithm. In TLS those ciphers require version 1.2 or 1.3.
- AES-CCM8
AES-CCM with 8 byte long authentication tag.
- AES-GCM
Advanced Encryption Standard in Galois Counter Mode is an AEAD cipher, it encrypts and authenticates data with one operation. In TLS those ciphers require version 1.2 or 1.3.
- ALPN
Application Layer Protocol Negotiation is a TLS extension allowing for co-existence of multiple applications protocols on the same TCP or UDP port. Commonly used to negotiate HTTP/2 over HTTP/1.1.
- CBC
Cipher Block Chaining, an encryption mode for block ciphers, used since SSLv2 until TLS 1.2.
- CI
Continuous Integration is a development practice in which changes are merged to
master
branch, commonly after the test coverage for the project is executed.- CMAC
Cipher-based MAC
- ECDHE
Implementation of Diffie-Hellman key exchange algorithm over elliptic curves.
- ECDSA
Elliptic Curve Digital Signature Algorithm uses the Digital Signature Algorithm with elliptic curves instead of finite field groups. It’s an asymmetric cryptosystem, similar to RSA.
- GMAC
- HMAC
Hash-based MAC, commonly used with CBC mode ciphers in TLS before version 1.3
- HSM
Hardware Security Module is usually an extension card that is tasked with secure storage of private keys. Some HSMs also provide hardware acceleration for cryptographic operations.
- IETF
Internet Engineering Task Force is an organisation responsible for providing specifications of protocols used over the Internet.
- IV
Initialisation Vector, a value used to influence the generated ciphertext, unlike the key, it doesn’t have to remain secret
- MAC
Message Authentication Code is the generic name for data used to verify integrity of the received data. This data is called an authentication tag. There are many MACs defined: HMAC, CMAC, or GMAC.
- NPN
Next Protocol Negotiation is a TLS extension allowing for use of multiple application layer protocols on the same port. Not standardised. Obsoleted by ALPN.
- PKIX
Public Key Infrastructure for the Internet, described use of X.509 certificates in Internet protocols.
- PRF
Pseudo-Random Function is used to sanitise random values to prepare them for use as keys in encryption. TLS 1.0 and 1.1 uses combination of MD5 and SHA1. TLS 1.2 and 1.3 use SHA-256 or SHA-384 based algorithms depending on cipher suite negotiated.
- RFC
Request For Comments are standards published by Internet Engineering Task Force, an open standards organisation.
- RSA
Rivest Shamir Adleman is an asymmetric cryptosystem commonly used for signing messages or encrypting keys.
- SNI
Server Name Indication, also known as
server_name
, is a TLS extension for negotiatiating connections to “Virtual Hosts”. It allows a server to distinguish requests for different hostnames sharing a single IP address.- SSL
Secure Sockets Layer is an old cryptographic network protocol. It has orginated in Netscape in the early 1990’s. Currently replaced by TLS.
- SUT
System Under Test is the device or implementation that the tests are verifying. Excludes tlsfuzzer itself or systems necessary to execute it or tlsfuzzer.
- TCP
Transport Control Protocol is a stream protocol that provides reliable delivery over the Internet Protocol.
- TLS
Transport Layer Security is a cryptographic network protocol defined in a series of RFC documents, newest of which is RFC8446.