X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=doc%2Fpkt.texi;h=567d3f77226d7e2d192de79b3ea5fd14ddf8d744;hb=0fad171c0d79ad583c0faf5427e22d1d62a0a52d;hp=93841e107234eb6e82e8e1abf71be7c18b50a4df;hpb=116c4cf07862ff127054fca98b1fdac9451fb3a0;p=nncp.git diff --git a/doc/pkt.texi b/doc/pkt.texi index 93841e1..567d3f7 100644 --- a/doc/pkt.texi +++ b/doc/pkt.texi @@ -95,7 +95,7 @@ Each encrypted packet has the following header: @headitem @tab XDR type @tab Value @item Magic number @tab 8-byte, fixed length opaque data @tab - @verb{|N N C P E 0x00 0x00 0x04|} + @verb{|N N C P E 0x00 0x00 0x05|} @item Niceness @tab unsigned integer @tab 1-255, packet @ref{Niceness, niceness} level @@ -117,7 +117,7 @@ Signature is calculated over all previous fields. All following encryption is done in AEAD mode using @url{https://cr.yp.to/chacha.html, ChaCha20}-@url{https://en.wikipedia.org/wiki/Poly1305, Poly1305} -algorithms. Data is splitted on 128 KiB blocks. Each block is encrypted with +algorithms. Data is divided on 128 KiB blocks. Each block is encrypted with increasing nonce counter. Authenticated and encrypted size come after the header: @@ -142,18 +142,13 @@ When node A want to send encrypted packet to node B, it: @item takes remote node's exchange public key and performs Diffie-Hellman computation on this remote static public key and private ephemeral one -@item derive the keys: - @enumerate - @item initialize @url{https://blake2.net/, BLAKE2Xb} XOF with - derived ephemeral key and 96-byte output length - @item feed @verb{|N N C P E 0x00 0x00 0x04|} magic number to XOF - @item read 32-bytes of "size" AEAD encryption key - @item read 32-bytes of payload AEAD encryption key - @item optionally read 32-bytes pad generation key - @end enumerate +@item derives 32-bytes AEAD encryption key with BLAKE3 derivation + function. Source key is the derived ephemeral key. Context is + @verb{|N N C P E 0x00 0x00 0x05|} magic number @item encrypts size, appends its authenticated ciphertext to the header -@item encrypts payload, appends its authenticated ciphertext +@item encrypts each payload block, appending its authenticated ciphertext @item possibly appends any kind of "junk" noise data to hide real - payload's size from the adversary (generated using XOF with - unlimited output length) + payload's size from the adversary (generated using BLAKE3 XOF, with + the key derived from the ephemeral one and context string of + @verb{|N N C P E 0x00 0x00 0x05 P A D|}) @end enumerate