[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lsd0007] branch master updated: More reverse engineering. Propose heade
|
From: |
gnunet |
|
Subject: |
[lsd0007] branch master updated: More reverse engineering. Propose header for udp box |
|
Date: |
Fri, 28 Jul 2023 11:17:51 +0200 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository lsd0007.
The following commit(s) were added to refs/heads/master by this push:
new 7cd9bf2 More reverse engineering. Propose header for udp box
7cd9bf2 is described below
commit 7cd9bf223acec1b0011e275910279f90af714f49
Author: Martin Schanzenbach <schanzen@gnunet.org>
AuthorDate: Fri Jul 28 11:17:35 2023 +0200
More reverse engineering. Propose header for udp box
---
draft-gnunet-communicators.xml | 146 ++++++++++++++++++++++++++++++++---------
1 file changed, 115 insertions(+), 31 deletions(-)
diff --git a/draft-gnunet-communicators.xml b/draft-gnunet-communicators.xml
index 0d98d6c..80d80e9 100644
--- a/draft-gnunet-communicators.xml
+++ b/draft-gnunet-communicators.xml
@@ -238,29 +238,57 @@
each peer ID to reject possible replay attacks.
</t>
<t>
- FIXME: Handshake wire format, KX, Flow.
+ Until a shared secret has been established, messages sent from the
sender peer to the receiver peer
+ are always encrypted and a key exchange metadata header is prepended.
+ The wire format can be found in <xref target="figure_udp_initialkx"/>.
+ This method of sending messages to a peer can be used indefinitely, but
is ineffienct since for every
+ message, a new symmetric key must be established.
</t>
<figure anchor="figure_udp_initialkx" title="The binary representation of the
initial key exchange packet.">
<artwork name="" type="" align="left" alt=""><![CDATA[
-0 8 16 24 32 40 48 56
+0 8 16 24
++-----+-----+-----+-----+-----+-----+-----+-----+
+| SIZE | TYPE (0x0X) |
+-----+-----+-----+-----+-----+-----+-----+-----+
| EPHEMERAL PUBLIC KEY |
| |
| |
| |
+| |
+| |
+| |
+| |
+-----+-----+-----+-----+-----+-----+-----+-----+
| GCM TAG |
| |
+| |
+| |
+-----+-----+-----+-----+-----+-----+-----+-----+
| REKEY |
| |
+| |
+| |
++-----+-----+-----+-----+-----+-----+-----+-----+
+/ ENCRYPTED DATA /
+-----+-----+-----+-----+-----+-----+-----+-----+
]]></artwork>
</figure>
<dl>
+ <dt>SIZE</dt>
+ <dd>
+ A 16-bit value containing the length of the message in bytes
+ in network byte order.
+ </dd>
+ <dt>TYPE</dt>
+ <dd>
+ A 16-bit type flag in network byte order. The value of this
+ field <bcp14>MUST</bcp14> be XXXX.
+ </dd>
<dt>EPHEMERAL PUBLIC KEY</dt>
<dd>
- A 256-bit EdDSA public key.
+ A 256-bit EdDSA public key. This key is used as input to a
Diffie-Hellman KEM to decapsulate
+ the symmetric secret used to establish a shared secret which can be
used to
+ decrypt ENCRYPTED DATA.
</dd>
<dt>GCM TAG</dt>
<dd>
@@ -270,6 +298,69 @@
<dd>
A 128-bit rekey flag. If any bit is set, this indicates a rekey.
</dd>
+ <dt>ENCRYPTED DATA</dt>
+ <dd>
+ The remaining data (as indicated by SIZE) is AES-GCM encrypted
using the current session key and authenticated
+ through the GCM TAG.
+ This data contains a confirmation message (<xref
target="figure_udp_confirmation"/>).
+ </dd>
+ </dl>
+ <t>
+ FIXME: Explain key schedule/KEM.
+ </t>
+ <t>
+ In order to prevent replay attacks for KX messages, the plaintext
resulting from decryption of the ENCRYPTED DATA
+ in the KX message starts with a session-specific confirmation header:
+ </t>
+<figure anchor="figure_udp_confirmation" title="The binary representation of
the KX confirmation packet">
+ <artwork name="" type="" align="left" alt=""><![CDATA[
+0 8 16 24 32 40 48 56
++-----+-----+-----+-----+-----+-----+-----+-----+
+| |
+| SENDER PEER ID |
+| |
+| |
++-----+-----+-----+-----+-----+-----+-----+-----+
+| |
+| SIGNATURE |
+| |
+| |
+| |
+| |
+| |
+| |
++-----+-----+-----+-----+-----+-----+-----+-----+
+| MONOTONIC TIMESTAMP |
+| |
+| |
+| |
+| |
+| |
+| |
+| |
++-----+-----+-----+-----+-----+-----+-----+-----+
+/ PAYLOAD /
++-----+-----+-----+-----+-----+-----+-----+-----+
+ ]]></artwork>
+ </figure>
+ <dl>
+ <dt>SENDER PEER ID</dt>
+ <dd>
+ A 256-bit EdDSA public key.
+ </dd>
+ <dt>SIGNATURE</dt>
+ <dd>
+ The EdDSA signature is computed with the peer private key
+ over the session metadata as detailed in <xref
target="figure_udp_handshake_sig"/>.
+ </dd>
+ <dt>MONOTONIC TIMESTAMP</dt>
+ <dd>
+ FIXME.
+ </dd>
+ <dt>PAYLOAD</dt>
+ <dd>
+ The message payload data.
+ </dd>
</dl>
<figure anchor="figure_udp_handshake_sig" title="The wire format used
for creating the signature of the identification packet.">
<artwork name="" type="" align="left" alt=""><![CDATA[
@@ -344,56 +435,49 @@
A 256-bit random value.
</dd>
</dl>
-<figure anchor="figure_udp_confirmation" title="The binary representation of
the KX confirmation packet">
+<figure anchor="figure_udp_box" title="The binary representation of the UDP
Box.">
<artwork name="" type="" align="left" alt=""><![CDATA[
-0 8 16 24 32 40 48 56
+0 8 16 24
+-----+-----+-----+-----+-----+-----+-----+-----+
-| |
-| SENDER PEER ID |
-| |
-| |
+| SIZE | TYPE (0x0X) |
+-----+-----+-----+-----+-----+-----+-----+-----+
-| |
-| SIGNATURE |
-| |
-| |
-| |
+| GCM TAG |
| |
| |
| |
+-----+-----+-----+-----+-----+-----+-----+-----+
-| MONOTONIC TIMESTAMP |
-| |
-| |
-| |
-| |
+| REKEY |
| |
| |
| |
+-----+-----+-----+-----+-----+-----+-----+-----+
-/ PAYLOAD /
+/ ENCRYPTED DATA /
+-----+-----+-----+-----+-----+-----+-----+-----+
]]></artwork>
</figure>
<dl>
- <dt>SENDER PEER ID</dt>
+ <dt>SIZE</dt>
<dd>
- A 256-bit EdDSA public key.
+ A 16-bit value containing the length of the message in bytes
+ in network byte order.
</dd>
- <dt>SIGNATURE</dt>
+ <dt>PURPOSE</dt>
<dd>
- The EdDSA signature is computed with the peer private key
- over the DER-encoded TLS
- certificate of the peer along with a pseudo-header
- as detailed in <xref target="figure_udp_handshake_sig"/>.
+ A 16-bit type flag in network byte order. The value of this
+ field <bcp14>MUST</bcp14> be XXXX.
</dd>
- <dt>MONOTONIC TIMESTAMP</dt>
+ <dt>GCM TAG</dt>
<dd>
- FIXME.
+ A 128-bit GCM tag used to authenticate the ciphertext immediately
following this KX.
</dd>
- <dt>PAYLOAD</dt>
+ <dt>REKEY</dt>
+ <dd>
+ A 128-bit rekey flag. If any bit is set, this indicates a rekey.
+ </dd>
+ <dt>ENCRYPTED DATA</dt>
<dd>
- Optional payload data. FIXME: Not part of this?
+ The remaining data (as indicated by SIZE) is AES-GCM encrypted
using the current session key and authenticated
+ through the GCM TAG.
</dd>
</dl>
<t>
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [lsd0007] branch master updated: More reverse engineering. Propose header for udp box,
gnunet <=