gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [taler-anastasis] 02/02: Worked on FIXMEs

From: gnunet
Subject: [GNUnet-SVN] [taler-anastasis] 02/02: Worked on FIXMEs
Date: Mon, 07 Oct 2019 10:59:57 +0200 
This is an automated email from the git hooks/post-receive script.

dennis-neufeld pushed a commit to branch master
in repository anastasis.

commit be03236465436724711106fb0805c535cd3df3a0
Author: Dennis Neufeld <address@hidden>
AuthorDate: Mon Oct 7 10:59:48 2019 +0200

    Worked on FIXMEs
---
 src/api/api-anastasis.rst    | 17 ++++++++++-------
 src/api/crypto-anastasis.rst | 29 ++++++++++++++++++++++-------
 2 files changed, 32 insertions(+), 14 deletions(-)

diff --git a/src/api/api-anastasis.rst b/src/api/api-anastasis.rst
index b67e7fd..8163097 100644
--- a/src/api/api-anastasis.rst
+++ b/src/api/api-anastasis.rst
@@ -176,6 +176,8 @@ public key using the Crockford base32-encoding.
 
   :status 200 OK:
     The escrow provider responds with an `EncryptedRecoveryDocument`_ object.
+  :status 304 Not modified:
+    The client requested the same ressource he already owns.
   :status 400 Bad request:
     The $ACCOUNT_PUB is not an EdDSA public key.
   :status 402 Payment Required:
@@ -189,9 +191,11 @@ public key using the Crockford base32-encoding.
   *Anastasis-Version*: $NUMBER --- The server must return actual version 
number in header;
   the client specifies version number in the header of the request (if not 
specified in request, the server returns latest version of 
EncryptedRecoveryDocument_ ).
 
-  *Etag*: Etag, hash over the body for caching.
+  *Etag*: Etag, hash over the body for caching and to prevent redundancies. If 
status is 200 OK, the server must send the Etag.
+
+  *If-None-Match*: Contains the Etag-Value which the client has reveived 
before from the server. The client must send this header with every request.
 
-  *Anastasis-Account-Signature*: Signature by the account's private key 
affirming the desire to download the policy.
+  *Anastasis-Account-Signature*: The client must provide Base-32 encoded EdDSA 
signature over hash of body with $ACCOUNT_PRIV, affirming desire to download 
the requested encrypted recovery document.
 
 .. http:post:: /policy/$ACCOUNT_PUB
 
@@ -219,16 +223,15 @@ public key using the Crockford base32-encoding.
   :status 413 Request Entity Too Large:
     The upload is too large *or* too small. The response body may elaborate on 
the error.
 
-  FIXME: clarify which headers are from client and which from server (or 
both!).
     
   *Anastasis-Version*: $NUMBER --- The server must return the actual version 
number it determined.
     Only generated if the status is 204 or 304.
 
-  *If-modified-since*: Must contain an Etag with the hash over the body (to 
avoid unnecessary re-uploads).
+  *If-modified-since*: The client must provide an Etag with the hash over the 
body (to avoid unnecessary re-uploads).
 
-  *Anastasis-Policy-Signature*: Base-32 encoded EdDSA signature over hash of 
body with $ACCOUNT_PRIV, affirming desire to upload an encrypted recovery 
document.
+  *Anastasis-Policy-Signature*: The client must provide Base-32 encoded EdDSA 
signature over hash of body with $ACCOUNT_PRIV, affirming desire to upload an 
encrypted recovery document.
 
-  *Payment-Identifier*: Base-32 encoded 32-byte payment identifier that was 
included in a previous payment (see 402 status code). Used to allow the server 
to check that the client paid for the upload (to protect the server against DoS 
attacks) and that the client knows a real secret of financial value (as the 
kdf_id might be known to an attacker). If this header is missing (or the 
associated payment has exceeded the upload limit), the server must return a 402 
response.  When making payme [...]
+  *Payment-Identifier*: Base-32 encoded 32-byte payment identifier that was 
included in a previous payment (see 402 status code). Used to allow the server 
to check that the client paid for the upload (to protect the server against DoS 
attacks) and that the client knows a real secret of financial value (as the 
kdf_id might be known to an attacker). If this header is missing in the 
client's request (or the associated payment has exceeded the upload limit), the 
server must return a 402 resp [...]
 
   **Details:**
 
@@ -353,7 +356,7 @@ argument and signature may be optional.
   :status 412 Precondition Failed:
     The selected authentication method is not supported on this provider.
 
-  *Anastasis-Account-Signature*: Client header with the signature by the 
account's private key affirming the desire to upload the truth; only present if 
"account" is specified in the URL.
+  *Anastasis-Account-Signature*: The client must provide Base-32 encoded EdDSA 
signature over hash of body with $ACCOUNT_PRIV, affirming the desire to upload 
the truth; only present if "account" is specified in the URL.
 
   **Details:**
 
diff --git a/src/api/crypto-anastasis.rst b/src/api/crypto-anastasis.rst
index b5df6ec..a73d31e 100644
--- a/src/api/crypto-anastasis.rst
+++ b/src/api/crypto-anastasis.rst
@@ -50,7 +50,7 @@ determined by an adversary performing a targeted attack, as a 
user's
 likely also be available to other actors.
 
 
-.. code-block::
+.. code-block:: tsref
 
     kdf_id := SCrypt( user_identifier, server_salt, keysize )
 
@@ -78,7 +78,7 @@ generate the corresponding public key.  Here, "ver" is used 
as a salt for the
 HKDF to ensure that the result differs from other cases where we hash
 kdf_id.
 
-.. code-block::
+.. code-block:: tsref
 
     ver_secret:= HKDF(kdf_id, "ver", keysize)
     eddsa_priv := eddsa_d_to_a(ver_secret)
@@ -95,7 +95,7 @@ kdf_id.
 
 **eddsa_d_to_a()**: Function which converts the ver_key to a valid EdDSA 
private key. Specifically, assuming the value eddsa_priv is in a 32-byte array 
"digest", the function clears and sets certain bits as follows:
 
-.. code-block::
+.. code-block:: tsref
 
    digest[0] = (digest[0] & 0x7f) | 0x40;
    digest[31] &= 0xf8;
@@ -113,7 +113,7 @@ symmetric key and an initialization vector (IV).  To ensure 
that the
 symmetric key changes for each encryption operation, we compute the
 key material using an HKDF over a nonce and the kdf_id.
 
-.. code-block::
+.. code-block:: tsref
 
     (iv,key) := HKDF(kdf_id, nonce, keysize + ivsize)
 
@@ -148,13 +148,28 @@ From this the symmetric key is computed as described 
above.
 We use AES256-GCM for the encryption of the recovery_document and
 key_share. 
 
-FIXME: This is underspecified. ( To be adjusted after Monday(Nonce))
+.. code-block:: tsref
 
+    (encrypted_recovery_document, aes_gcm_tag) = AES256_GCM(recovery_document, 
key, iv)
+    (encrypted_key_share, aes_gcm_tag) = AES256_GCM(key_share, key, iv)
+
+**encrypted_recovery_document**: The encrypted RecoveryDocument 
(recovery_document) which contains the policies. 
+
+**encrypted_key_share**: The encrypted KeyShare (key_share).
 
 2.2 Signatures
 ^^^^^^^^^^^^^^
 
 The EdDSA keys are used to sign the data sent from the client to the
-server. Everything the client sends to server is signed.
+server. Everything the client sends to server is signed. The following 
algorithm is equivalent for **Anastasis-Policy-Signature**.
+
+.. code-block:: tsref
+
+    (anastasis-account-signature) = eddsa_sign(h_body, eddsa_priv)
+    ver_res = eddsa_verifiy(h_body, anastasis-account-signature, eddsa_pub)
+
+**anastasis-account-signature**: Signature over the hash of body. 
+
+**h_body**: The hashed body.
 
-FIXME: This is underspecified.
+**ver_res**: A boolean value. True: Verification passed, False: Verification 
failed.

-- 
To stop receiving notification emails like this one, please contact
address@hidden.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]