[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lsd0001] branch master updated: s/gcm/chacha
|
From: |
gnunet |
|
Subject: |
[lsd0001] branch master updated: s/gcm/chacha |
|
Date: |
Mon, 19 Oct 2020 09:45:13 +0200 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository lsd0001.
The following commit(s) were added to refs/heads/master by this push:
new ce5d787 s/gcm/chacha
ce5d787 is described below
commit ce5d787e524f792b691534e8da3fda119b1957c1
Author: Martin Schanzenbach <mschanzenbach@posteo.de>
AuthorDate: Mon Oct 19 09:38:10 2020 +0200
s/gcm/chacha
---
draft-schanzen-gns.xml | 56 ++++++++++++++++++++++++++++++++++++--------------
1 file changed, 41 insertions(+), 15 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index 9303458..6e0039f 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -15,6 +15,7 @@
<!ENTITY RFC6781 PUBLIC ''
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.6781.xml";>
<!ENTITY RFC6895 PUBLIC ''
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.6895.xml";>
<!ENTITY RFC6979 PUBLIC ''
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.6979.xml";>
+<!ENTITY RFC7539 PUBLIC ''
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.7539.xml";>
<!ENTITY RFC7748 PUBLIC ''
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.7748.xml";>
<!ENTITY RFC8032 PUBLIC ''
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.8032.xml";>
<!ENTITY RFC8126 PUBLIC ''
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.8126.xml";>
@@ -733,20 +734,18 @@ S := r + SHA512(R, zk', M) * a' mod L
SB == R + SHA512(R, zk', M) * A'
]]></artwork>
<t>
- <!-- FIXME: here we SHOULD consider standardizing AES-GCM
- instead. Please review this choice when implementing
- EDKEY support! -->
- The S-Encrypt() and S-Decrypt() functions use AES in galois
- counter mode as defined in <xref target="GCM" /> (GCM-AES-256):
+ The S-Encrypt() and S-Decrypt() functions use ChaCha20
+ as defined in <xref target="RFC7539" />
+ (ChaCha20-Poly1305):
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
-RDATA := GCM-AES-256(K, IV, BDATA)
-BDATA := GCM-AES-256(K, IV, RDATA) = CIPHERTEXT | GCM_TAG
+RDATA := ChaCha20(K, IV, BDATA)
+BDATA := ChaCha20(K, IV, RDATA) = CIPHERTEXT | TAG
]]></artwork>
<t>
- The result of the GCM encryption function is the encrypted
- ciphertext concatenated with the 128-bit GCM authentication
- tag "GCM_TAG".
+ The result of the ChaCha20 encryption function is the encrypted
+ ciphertext concatenated with the 128-bit authentication
+ tag "TAG".
Accordingly, the length of BDATA equals the length of the
RDATA plus the 16 octets of the authentication tag.
</t>
@@ -758,17 +757,43 @@ BDATA := GCM-AES-256(K, IV, RDATA) = CIPHERTEXT | GCM_TAG
PRK_k := HKDF-Extract ("gns-aes-ctx-key", zk)
PRK_n := HKDF-Extract ("gns-aes-ctx-iv", zk)
K := HKDF-Expand (PRK_k, label, 256 / 8);
-IV := HKDF-Expand (PRK_n, label, 96 / 8)
+NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
]]></artwork>
<t>
HKDF is a hash-based key derivation function as defined in
<xref target="RFC5869" />. Specifically, HMAC-SHA512 is used for the
extraction phase and HMAC-SHA256 for the expansion phase.
The output keying material is 32 octets (256 bits) for the symmetric
- key and 12 octets (96 bits) for the IV.
- The symmetric key "K" is a 256-bit AES <xref target="RFC3826" />
key.
+ key and 4 octets (32 bits) for the NONCE.
+ The symmetric key "K" is a 256-bit ChaCha20
+ <xref target="RFC7539" /> key.
No additional authenticated data (AAD) is used.
</t>
+ <t>
+ The nonce is combined with a 64-bit initialization vector and a
+ 32-bit block counter.
+ The block counter begins with the value of 1, and it is incremented
+ to generate subsequent portions of the key stream.
+ The block counter is a 32-bit integer value treated as a 32-bit
+ little-endian integer.
+ The initialization vector is the expiration time of the
+ resource record block in network byte order.
+ The resulting counter ("IV") wire format is as follows:
+ </t>
+ <figure anchor="figure_hkdf_ivs_edkey">
+ <artwork name="" type="" align="left" alt=""><![CDATA[
+0 8 16 24 32
++-----+-----+-----+-----+
+| NONCE |
++-----+-----+-----+-----+
+| EXPIRATION |
+| |
++-----+-----+-----+-----+
+| BLOCK COUNTER |
++-----+-----+-----+-----+
+ ]]></artwork>
+ </figure>
+
</section>
<section anchor="gnsrecords_gns2dns" numbered="true" toc="default">
@@ -2207,6 +2232,7 @@ cae1789d
&RFC6781;
&RFC6895;
&RFC6979;
+ &RFC7539;
&RFC7748;
&RFC8032;
&RFC8126;
@@ -2301,7 +2327,7 @@ cae1789d
</abstract>
</front>
</reference>
- <reference anchor="GCM"
target="https://doi.org/10.6028/NIST.SP.800-38D";>
+ <!-- <reference anchor="GCM"
target="https://doi.org/10.6028/NIST.SP.800-38D";>
<front>
<title>Recommendation for Block Cipher Modes of Operation:
Galois/Counter Mode (GCM) and GMAC</title>
<author initials="M." surname="Dworkin" fullname="Morris Dworkin">
@@ -2315,7 +2341,7 @@ cae1789d
</t>
</abstract>
</front>
- </reference>
+ </reference>-->
<reference anchor="CrockfordB32"
target="https://www.crockford.com/base32.html";>
<front>
<title>Base32</title>
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [lsd0001] branch master updated: s/gcm/chacha,
gnunet <=