[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lsd0007] branch master updated: -fix
From: |
gnunet |
Subject: |
[lsd0007] branch master updated: -fix |
Date: |
Sun, 10 Mar 2024 12:59:34 +0100 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository lsd0007.
The following commit(s) were added to refs/heads/master by this push:
new 83c5e18 -fix
83c5e18 is described below
commit 83c5e18af661aaa2e7f4fbfb9572b0403960f590
Author: Martin Schanzenbach <schanzen@gnunet.org>
AuthorDate: Sun Mar 10 12:59:31 2024 +0100
-fix
---
draft-gnunet-communicators.xml | 23 +++++++++++++++++++----
1 file changed, 19 insertions(+), 4 deletions(-)
diff --git a/draft-gnunet-communicators.xml b/draft-gnunet-communicators.xml
index 04c1310..45edef2 100644
--- a/draft-gnunet-communicators.xml
+++ b/draft-gnunet-communicators.xml
@@ -572,6 +572,21 @@ DeriveKID(MSK,SEQ):
</section>
<section anchor="tcp_comm" numbered="true" toc="default">
<name>TCP communicators</name>
+ <t>
+ TCP communicators communicate over and encrypted, bi-directional
communication channel.
+ Each direction of the communication is encryption using a dedicated
shared secret
+ which is exchanged in initial key exchange handshakes.
+ Once shared secrets are established, regular re-keying occurs after a
certain amount of bytes
+ transmitted (FIXME: Currently, hard-coded to 4 GB!).
+ </t>
+ <t>
+ Messages are encrypted using the encrypt-then-mac paradigm. Yes, we
<bcp14>MUST</bcp14>
+ use mac-then-encrypt as we want to hide the message size on the wire to
achieve a
+ zero-plaintext design.
+ As encryption is done using AES-CTR, padding oracle attacks do not
apply (WHY?).
+ Also, due to the use of ephemeral keys in combination with monotonic
time stamps any
+ attacker is limited in using the oracle as replay attacks are prevented.
+ </t>
<t>
The first data from a communicator that is trying to establish a
connection
is always an ephemeral public key.
@@ -586,9 +601,9 @@ SetupCipher(MSK):
K := HKDF-Expand (PRK_k, PEERID, 256 / 8)
PRK_i := HKDF-Extract ("TCP-ctr", MSK)
IV := HKDF-Expand (PRK_i, PEERID, 128 / 8)
- PRK_h := HKDF-Extract ("TCP-hmac", MSK)
- H := HKDF-Expand (PRK_i, PEERID, 512 / 8)
- return K,IV,H
+ PRK_mac := HKDF-Extract ("TCP-hmac", MSK)
+ K_mac := HKDF-Expand (PRK_i, PEERID, 512 / 8)
+ return K,IV,K_mac
]]></artwork>
<t>
The above K and IV are used to decrypt the following 136 bytes of data
@@ -786,7 +801,7 @@ SetupCipher(MSK):
</dd>
</dl>
<t>
- One outgoing and incoming shared secrets are established, actual
payload can be exchanged
+ Once outgoing and incoming shared secrets are established, actual
payload can be exchanged
bi-directionally using TCP Box messages. FIXME hmac, MtE discussion,
padding-oracle, etc
</t>
</section>
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [lsd0007] branch master updated: -fix,
gnunet <=