commit 4d38f86a2030aecb4d4955c0a076c5c45c1fda52
parent a12631552ba92bbdb01f83e363094027aecb8138
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Tue, 29 Jul 2025 13:34:01 +0200
open tasks and notes
Diffstat:
1 file changed, 19 insertions(+), 10 deletions(-)
diff --git a/draft-schanzen-cake.xml b/draft-schanzen-cake.xml
@@ -143,8 +143,8 @@
<dt>RHTS:</dt> <dd>Responder Handshake Secret Key</dd>
<dt>H(D):</dt> <dd>A 512-bit hash over D. The hash function is TBD (Blake2b or SHA-512).</dd>
<dt>T(M):</dt> <dd>means the transcript as a concatenation of received/sent messages starting from and including the InitiatorHello pk_e until and including M. Note that the transcript refers to everything that is seen on the wire, including potentially encrypted messages or fields and metadata.</dd>
- <dt>'{}K'</dt> <dd>indicates encryption with a handshake traffic key K and <xref target="RFC8439"/>, the ChaCha20-Poly1305 Authenticated Encryption with Associated Data (AEAD) construction.</dd>
- <dt>'[]K'</dt> <dd>indicates encryption with an application traffic key K and <xref target="RFC8439"/>, the ChaCha20-Poly1305 Authenticated Encryption with Associated Data (AEAD) construction.</dd>
+ <dt>'{}K'</dt> <dd>indicates encryption with a handshake traffic key K and a modified <xref target="RFC8439"/>, the XChaCha20-Poly1305 Authenticated Encryption with Associated Data (AEAD) construction.</dd>
+ <dt>'[]K'</dt> <dd>indicates encryption with an application traffic key K and a modified <xref target="RFC8439"/>, the XChaCha20-Poly1305 Authenticated Encryption with Associated Data (AEAD) construction.</dd>
</dl>
</section>
<section anchor="rationale" numbered="true" toc="default">
@@ -520,7 +520,7 @@ nonce = HKDF-Expand ([I,R][A,H]TS, "iv", 24)
<li>(ss<sub>R</sub>,c<sub>R</sub>) <- Encaps(pk<sub>R</sub>)</li>
</ol>
<t>
- The pk<sub>I</sub> and <tt>ServiceInfo</tt> are encrypted using ChaCha20-Poly1305 <xref target="RFC8439"/>
+ The pk<sub>I</sub> and <tt>ServiceInfo</tt> are encrypted using XChaCha20-Poly1305 <xref target="RFC8439"/>
with key and IV derived from the ETS.
<!-- FIXME: Discuss IV. We may be able to use data from HKDF-Expand for that -->
</t>
@@ -684,13 +684,22 @@ nonce = HKDF-Expand ([I,R][A,H]TS, "iv", 24)
-
</t>
</section>
- <!-- <section>
- <name>Implementation and Deployment Status</name>
- <t>
- FIXME
- </t>
- </section>
- <section>
+ <section>
+ <name>Implementation and Deployment Status</name>
+ <t>
+ The CAKE handshake is currently implemented in a branch.
+ Open tasks include:
+ </t>
+ <ol>
+ <li>Explain how XChaCha20 works (see libsodium)</li>
+ <li>Rekeying</li>
+ <li>ACK handling including retransmissions</li>
+ <li>Services info transmission (currently empty/unused)</li>
+ <li>Secrets cleanup using memset_explicit et al.</li>
+ <li>Integrate and test PILS PID changes (potentially requires in-band signalling of new PIDs in CORE, not really that much related to CAKE)</li>
+ </ol>
+ </section>
+ <!-- <section>
<name>Acknowledgements</name>
<t>
FIXME
