[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lsd0012] branch master updated: change to chacha20 ietf
|
From: |
gnunet |
|
Subject: |
[lsd0012] branch master updated: change to chacha20 ietf |
|
Date: |
Tue, 12 Nov 2024 07:45:41 +0100 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository lsd0012.
The following commit(s) were added to refs/heads/master by this push:
new db761da change to chacha20 ietf
db761da is described below
commit db761dab3d7f38bf1d9e09cdfd5033f4c33529b7
Author: Martin Schanzenbach <schanzen@gnunet.org>
AuthorDate: Tue Nov 12 07:45:37 2024 +0100
change to chacha20 ietf
---
draft-schanzen-cake.xml | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/draft-schanzen-cake.xml b/draft-schanzen-cake.xml
index 4322fc0..eb416d2 100644
--- a/draft-schanzen-cake.xml
+++ b/draft-schanzen-cake.xml
@@ -26,6 +26,7 @@
<!ENTITY RFC8174 PUBLIC ''
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.8174.xml";>
<!ENTITY RFC8244 PUBLIC ''
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.8244.xml";>
<!ENTITY RFC8324 PUBLIC ''
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.8324.xml";>
+<!ENTITY RFC8439 PUBLIC ''
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.8439.xml";>
<!ENTITY RFC8446 PUBLIC ''
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.8446.xml";>
<!ENTITY RFC8499 PUBLIC ''
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.8499.xml";>
<!ENTITY RFC9106 PUBLIC ''
"http://xml.resource.org/public/rfc/bibxml/reference.RFC.9106.xml";>
@@ -122,6 +123,7 @@
<dt>IHTS</dt> <dd>Initiator Handshake Secret Key</dd>
<dt>RHTS</dt> <dd>Receiver Handshake Secret Key</dd>
<dt>Foo...Bar</dt> <dd>means the transcript of received/send messages
from Foo until Bar</dd>
+ <dt>Enc/Dec</dt> <dd>This refers to <xref target="RFC8439"/>, the
ChaCha20-Poly1305 Authenticated Encryption with Associated Data (AEAD)
construction.</dd>
</dl>
</section>
<section anchor="notation" numbered="true" toc="default">
@@ -221,7 +223,7 @@ MS | |
</ol>
<t>
pk<sub>I</sub> and <tt>ServicesInfo</tt> are encrypted using the
early secret ETS
- using XChaCha20-Poly1305 (citation to IETF RFC).
+ using ChaCha20-Poly1305 <xref target="RFC8439"/>.
<!-- FIXME: Discuss IV. We may be able to use data from HKDF-Expand
for that -->
</t>
<t>
@@ -311,6 +313,13 @@ ss_I -> HKDF-Extract = Master Secret (MS)
= RATS
]]></artwork>
</figure>
+ <t>
+ SHA-512 is used as the underlying hash function for HKDF.
+ Since we only require 32 byte encryption keys, the remaining
+ 32 byte output of the HKDF-Expand is used as nonce.
+ For each re-use of the key this nonce <bcp14>MUST</bcp14> be
+ incremented.
+ </t>
</section>
<section anchor="wire_formats" numbered="true" toc="default">
<name>Wire Formats</name>
@@ -360,7 +369,7 @@ ss_I -> HKDF-Extract = Master Secret (MS)
<li>(ss<sub>R</sub>,c<sub>R</sub>) <- Encaps(pk<sub>R</sub>)</li>
</ol>
<t>
- The pk<sub>I</sub> and <tt>ServiceInfo</tt> are encrypted using
XChaCha20-Poly1305 (citation to IETF RFC).
+ The pk<sub>I</sub> and <tt>ServiceInfo</tt> are encrypted using
ChaCha20-Poly1305 <xref target="RFC8439"/>.
<!-- FIXME: Discuss IV. We may be able to use data from HKDF-Expand
for that -->
</t>
</section>
@@ -419,6 +428,9 @@ ss_I -> HKDF-Extract = Master Secret (MS)
<t>
Rekey
</t>
+ <t>
+ We must discuss EdDSA vs X25519 KEM usage. Maybe see Communicator
draft for this.
+ </t>
<t>
We must discuss ChaCha20 vs XChaCha20.
For XChaCha20 (currently implemented) we can use fresh nonces when the
key is re-used.
@@ -465,6 +477,7 @@ ss_I -> HKDF-Extract = Master Secret (MS)
<name>Normative References</name>
&RFC2119;
&RFC8174;
+ &RFC8439;
&RFC8446;
&RFC9180;
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [lsd0012] branch master updated: change to chacha20 ietf,
gnunet <=