From be504f326dc3dc0f7cc8950775e646462a1cb81b Mon Sep 17 00:00:00 2001 From: Sergey Matveev Date: Sat, 30 Dec 2017 12:16:22 +0300 Subject: [PATCH] Actualize how encryption is performed --- doc/eblob.texi | 19 +++++++++++++------ doc/pkt.texi | 21 +++++++++++---------- 2 files changed, 24 insertions(+), 16 deletions(-) diff --git a/doc/eblob.texi b/doc/eblob.texi index ff637e4..74e6661 100644 --- a/doc/eblob.texi +++ b/doc/eblob.texi @@ -56,9 +56,16 @@ Eblob is an @url{https://tools.ietf.org/html/rfc4506, XDR}-encoded structure: BLAKE2b-256 MAC of encrypted blob @end multitable -Blob's encryption is done using @url{https://cr.yp.to/chacha.html, -ChaCha20} algorithm. Data is splitted on 128 KiB blocks. Each block is -encrypted with increasing nonce counter. @code{balloon(BLAKE2b-256, S, -T, P, salt, password)} gives the main key, that is fed to -@url{https://blake2.net/, BLAKE2Xb} XOF Actual encryption key for -ChaCha20 and authentication key for MAC are derived from that XOF. +@enumerate +@item generate the main key using @code{balloon(BLAKE2b-256, S, T, P, +salt, password)} +@item initialize @url{https://blake2.net/, BLAKE2Xb} XOF with generated +main key and 96-byte output length +@item feed @verb{|N N C P B 0x00 0x00 0x02|} magic number to XOF +@item read 32-bytes of blob encryption key +@item read 64-bytes of blob authentication key +@item encrypt the blob using @url{https://cr.yp.to/chacha.html, +ChaCha20}. Blob is splitted on 128 KiB blocks. Each block is encrypted +with increasing nonce counter +@item authenticate ciphertext with MAC +@end enumerate diff --git a/doc/pkt.texi b/doc/pkt.texi index f577506..0f5d693 100644 --- a/doc/pkt.texi +++ b/doc/pkt.texi @@ -68,8 +68,8 @@ storages and that are synchronized between TCP daemons. Each encrypted packet has the following header: @verbatim - +------------ HEADER -------------+ +-------- ENCRYPTED --------+ - / \ / \ + +------------ HEADER --------------------+ +-------- ENCRYPTED --------+ + / \ / \ +--------------------------------------------+------------+----...-----------+------+ | MAGIC | NICE | SENDER | RCPT | EPUB | SIGN | SIZE | MAC | CIPHERTEXT | MAC | JUNK | +-------------------------------------/------\------------+----...-----------+------+ @@ -130,15 +130,16 @@ When node A want to send encrypted packet to node B, it: @item takes remote node's exchange public key and performs Diffie-Hellman computation on this remote static public key and private ephemeral one -@item derived ephemeral key is used as a key input to - @url{https://blake2.net/, BLAKE2Xb} XOF -@item derives five session keys using output from the XOF above: +@item derive the keys: @enumerate - @item "Size" encryption (for ChaCha20) key - @item "Size" authentication (for BLAKE2b-MAC) key - @item Payload encryption key - @item Payload authentication key - @item Optional pad generation key (for ChaCha20) + @item initialize @url{https://blake2.net/, BLAKE2Xb} XOF with + derived ephemeral key and 224-byte output length + @item feed @verb{|N N C P E 0x00 0x00 0x03|} magic number to XOF + @item read 32-bytes of "size" encryption key (for ChaCha20) + @item read 64-bytes of "size" authentication key (for BLAKE2b-MAC) + @item read 32-bytes of payload encryption key + @item read 64-bytes of payload authentication key + @item optionally read 32-bytes pad generation key (for ChaCha20) @end enumerate @item encrypts size, appends its ciphertext to the header @item appends MAC tag over that ciphertext -- 2.44.0