proposal 111 updates

This commit is contained in:
zzz
2018-05-24 13:26:22 +00:00
parent ef28819bb4
commit e1b5b5fe41

View File

@@ -6,7 +6,7 @@ NTCP 2
:editor: manas, str4d
:created: 2014-02-13
:thread: http://zzz.i2p/topics/1577
:lastupdated: 2018-05-21
:lastupdated: 2018-05-24
:status: Open
:supercedes: 106
@@ -407,7 +407,7 @@ The following crypto operations are required by each party to complete
the handshake and start the data phase:
- AES: 2
- SHA256: 8 (Alice), 6 (Bob) (not including 4 Alice, 6 Bob precalculated for
- SHA256: 7 (Alice), 6 (Bob) (not including 1 Alice, 2 Bob precalculated for
all connections) (not including HMAC-SHA256)
- HMAC-SHA256: 15
- ChaCha/Poly: 4
@@ -597,8 +597,8 @@ AEAD Error Handling
- Take the same error action for an invalid length field value.
Key Derivation Function (KDF) (for handshake message 1 and message 3 part 1)
----------------------------------------------------------------------------
Key Derivation Function (KDF) (for handshake message 1)
-------------------------------------------------------
The KDF generates a handshake phase ciper key k from the DH result,
using HMAC-SHA256(key, data) as defined in [RFC-2104]_.
@@ -616,7 +616,7 @@ This is the "e" message pattern:
(US-ASCII encoded, no NULL termination).
Define Hash h = 32 bytes
h = SHA256(protocol_name);
h = protocol_name;
Define ck = 32 byte chaining key.
Set ck = h
@@ -625,12 +625,6 @@ This is the "e" message pattern:
// MixHash(null prologue)
h = SHA256(h);
// No Alice static key
// MixHash(null s)
h = SHA256(h);
// No Alice ephemeral key
// MixHash(null e)
h = SHA256(h);
// up until here, can all be precalculated by Alice for all outgoing connnections
@@ -640,9 +634,6 @@ This is the "e" message pattern:
// MixHash(rs)
// || below means append
h = SHA256(h || rs);
// No Bob ephemeral key
// MixHash(null re)
h = SHA256(h);
// up until here, can all be precalculated by Bob for all incoming connnections
@@ -955,13 +946,18 @@ Issues
Key Derivation Function (KDF) (for handshake message 2)
-------------------------------------------------------
Key Derivation Function (KDF) (for handshake message 2 and message 3 part 1)
----------------------------------------------------------------------------
.. raw:: html
{% highlight lang='text' %}
// MixHash(ciphertext)
h = SHA256(h || 32 byte encrypted payload from message 1)
// MixHash(padding)
// Only if padding length is nonzero
h = SHA256(h || random padding from message 1)
This is the "e" message pattern:
@@ -1196,13 +1192,18 @@ Issues
Encryption for for handshake message 3 part 1, using message 1 KDF)
Encryption for for handshake message 3 part 1, using message 2 KDF)
-------------------------------------------------------------------
.. raw:: html
{% highlight lang='text' %}
// MixHash(ciphertext)
h = SHA256(h || 24 byte encrypted payload from message 2)
// MixHash(padding)
// Only if padding length is nonzero
h = SHA256(h || random padding from message 2)
// h is used as the associated data for the AEAD in message 3 part 1, below
@@ -1338,7 +1339,7 @@ Raw contents:
+ Alice's static key +
| (32 bytes) |
+ +
| k from KDF for msg 1 |
| k from KDF for msg 2 |
+ n = 1 +
| see KDF for associated data |
+ +