[lsd0007] branch master updated: -fix

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lsd0007] branch master updated: -fix

From:	gnunet
Subject:	[lsd0007] branch master updated: -fix
Date:	Sun, 10 Mar 2024 12:59:34 +0100

This is an automated email from the git hooks/post-receive script.

martin-schanzenbach pushed a commit to branch master
in repository lsd0007.

The following commit(s) were added to refs/heads/master by this push:
     new 83c5e18  -fix
83c5e18 is described below

commit 83c5e18af661aaa2e7f4fbfb9572b0403960f590
Author: Martin Schanzenbach <schanzen@gnunet.org>
AuthorDate: Sun Mar 10 12:59:31 2024 +0100

    -fix
---
 draft-gnunet-communicators.xml | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/draft-gnunet-communicators.xml b/draft-gnunet-communicators.xml
index 04c1310..45edef2 100644
--- a/draft-gnunet-communicators.xml
+++ b/draft-gnunet-communicators.xml
@@ -572,6 +572,21 @@ DeriveKID(MSK,SEQ):
   </section>
    <section anchor="tcp_comm" numbered="true" toc="default">
      <name>TCP communicators</name>
+     <t>
+       TCP communicators communicate over and encrypted, bi-directional 
communication channel.
+       Each direction of the communication is encryption using a dedicated 
shared secret
+       which is exchanged in initial key exchange handshakes.
+       Once shared secrets are established, regular re-keying occurs after a 
certain amount of bytes
+       transmitted (FIXME: Currently, hard-coded to 4 GB!).
+     </t>
+     <t>
+       Messages are encrypted using the encrypt-then-mac paradigm. Yes, we 
<bcp14>MUST</bcp14>
+       use mac-then-encrypt as we want to hide the message size on the wire to 
achieve a
+       zero-plaintext design.
+       As encryption is done using AES-CTR, padding oracle attacks do not 
apply (WHY?).
+       Also, due to the use of ephemeral keys in combination with monotonic 
time stamps any
+       attacker is limited in using the oracle as replay attacks are prevented.
+     </t>
      <t>
        The first data from a communicator that is trying to establish a 
connection
        is always an ephemeral public key.
@@ -586,9 +601,9 @@ SetupCipher(MSK):
   K := HKDF-Expand (PRK_k, PEERID, 256 / 8)
   PRK_i := HKDF-Extract ("TCP-ctr", MSK)
   IV := HKDF-Expand (PRK_i, PEERID, 128 / 8)
-  PRK_h := HKDF-Extract ("TCP-hmac", MSK)
-  H := HKDF-Expand (PRK_i, PEERID, 512 / 8)
-  return K,IV,H
+  PRK_mac := HKDF-Extract ("TCP-hmac", MSK)
+  K_mac := HKDF-Expand (PRK_i, PEERID, 512 / 8)
+  return K,IV,K_mac
   ]]></artwork>
        <t>
          The above K and IV are used to decrypt the following 136 bytes of data
@@ -786,7 +801,7 @@ SetupCipher(MSK):
          </dd>
        </dl>
      <t>
-       One outgoing and incoming shared secrets are established, actual 
payload can be exchanged
+       Once outgoing and incoming shared secrets are established, actual 
payload can be exchanged
        bi-directionally using TCP Box messages. FIXME hmac, MtE discussion, 
padding-oracle, etc
      </t>
      </section>

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[lsd0007] branch master updated: -fix, gnunet <=

Prev by Date: [taler-docs] branch master updated: fix bash JSON (#8602)
Next by Date: [taler-exchange] branch master updated: include timer for taler-exchange-offline
Previous by thread: [taler-docs] branch master updated: fix bash JSON (#8602)
Next by thread: [taler-exchange] branch master updated: include timer for taler-exchange-offline
Index(es):
- Date
- Thread