gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lsd0012] branch master updated: add nonce derivation, seq encryption

From: gnunet
Subject: [lsd0012] branch master updated: add nonce derivation, seq encryption
Date: Wed, 13 Nov 2024 16:41:03 +0100 
This is an automated email from the git hooks/post-receive script.

martin-schanzenbach pushed a commit to branch master
in repository lsd0012.

The following commit(s) were added to refs/heads/master by this push:
     new 9da42b7  add nonce derivation, seq encryption
9da42b7 is described below

commit 9da42b7fb15fe31b031c14efe7f3e0ff0fa7fd9b
Author: Martin Schanzenbach <schanzen@gnunet.org>
AuthorDate: Wed Nov 13 16:41:00 2024 +0100

    add nonce derivation, seq encryption
---
 draft-schanzen-cake.xml | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/draft-schanzen-cake.xml b/draft-schanzen-cake.xml
index 2f6882c..46cdcd4 100644
--- a/draft-schanzen-cake.xml
+++ b/draft-schanzen-cake.xml
@@ -467,14 +467,9 @@ nonce = HKDF-Expand ([I,R][A,H]TS, "iv", 12)
 +-----+-----+-----+-----+-----+-----+-----+-----+
 |                   Timestamp                   |
 +-----+-----+-----+-----+-----+-----+-----+-----+
-|                     Nonce                     |
-|                       +-----+-----+-----+-----+
-|                       |                       |
-+-----+-----+-----+-----+                       | 
-|                      Tag                      |
-|                       +-----+-----+-----+-----+
-|                       |
-+-----+-----+-----+-----+
+|                     Tag                       |
+|                                               |
++-----+-----+-----+-----+-----+-----+-----+-----+
          ]]></artwork>
         </figure>
         <t>
@@ -483,8 +478,19 @@ nonce = HKDF-Expand ([I,R][A,H]TS, "iv", 12)
           preceeding the EncryptedMessage header.
         </t>
         <t>
-          The per-message nonce is generated as defined in <xref 
target="RFC8446" section="5.3"/>.
-          <!-- FIXME sequence number encryption?-->
+          The sequence number is encrypted with the output as defined in <xref 
target="RFC9147" section="4.2.3"/>
+          for ChaCha20-based AEAD schemes.
+          For clarity, the XOR-based encryption using the 64 byte output of 
ChaCha20 is as follows:
+          The sequence number is padded to the left such that it is exactly 8 
bytes (as if the Epoch field
+          was still present).
+          Then, the first 8 bytes of the output of ChaCha20 are XORed with the 
resulting byte string.
+          The first 16 bits can be ignored (zeroed).
+          Note that an implementation may simply XOR the first 8 byte of the 
EncryptedMessage.
+          However, this will include the Epoch field and whatever value it was 
set to so after
+          the XOR this value will have to be reconstructed or otherwise masked 
beforehand.
+        </t>
+        <t>
+          The per-message nonce is not transmitted and instead generated as 
defined in <xref target="RFC8446" section="5.3"/>.
           <!-- FIXME the records/encryptions apply to all messages(?)-->
         </t>
         </section>

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]