commit a98966f9f0f278f9df3eeec34a09ed8c81366e90
parent a0d6dab96d9527c54167f488d16a0e914d7a1457
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Wed, 13 Nov 2024 23:26:23 +0100
reorder and rename message
Diffstat:
1 file changed, 37 insertions(+), 30 deletions(-)
diff --git a/draft-schanzen-cake.xml b/draft-schanzen-cake.xml
@@ -142,15 +142,6 @@
transport underlay layer of GNUnet.
</t>
</section>
- <section anchor="svcinfo" numbered="true" toc="default">
- <name>ServicesInfo String</name>
- <t>
- The ServicesInfo is a string consisting of key-value pairs separated by
- a separator indicating supported services and their versions.
- E.g. "dht:1.1;cadet:0.4".
- The ServicesInfo is zero terminated.
- </t>
- </section>
<section anchor="protocol_flow" numbered="true" toc="default">
<name>Protocol Flow</name>
<t>
@@ -224,8 +215,8 @@ dES | |
MS | |
[I,R]HTS | |
[I,R]ATS | |
- | |
- | {InitiatorFinished} |
+ | InitiatorDone: |
+ | {InitiatorFinished} |
| *[Application Payload] |
+---------------------------------------------->|
| | IATS
@@ -346,7 +337,7 @@ ss_e -> HKDF-Extract = Handshake Secret (HS)
ss_I -> HKDF-Extract = Master Secret (MS)
|
+-----> HKDF-Expand(., "i ap traffic",
- | InitiatorHello...InitiatorFinished)
+ | InitiatorHello...InitiatorDone)
| = IATS_0
|
+-----> HKDF-Expand(., "r ap traffic",
@@ -401,6 +392,30 @@ nonce = HKDF-Expand ([I,R][A,H]TS, "iv", 12)
This ensures key separation between CAKE, DTLS 1.3 and TLS 1.3.
</t>
</section>
+ <section anchor="svcinfo" numbered="true" toc="default">
+ <name>ServicesInfo Field</name>
+ <t>
+ The ServicesInfo is a string consisting of key-value pairs separated by
+ a separator indicating supported services and their versions.
+ E.g. "dht:1.1;cadet:0.4".
+ The ServicesInfo is zero terminated.
+ </t>
+ </section>
+ <section anchor="finished_field" numbered="true" toc="default">
+ <name>Finished Field</name>
+ <t>
+ The HandshakeFinished field contains either InitiatorFinished
+ or ReceiverFinished value:
+ </t>
+ <ol>
+ <li>fk<sub>I</sub> <- HKDF-Expand(MS, "i finished", NULL)</li>
+ <li>InitiatorFinished <- HMAC(fk<sub>I</sub>, InitiatorHello...Hello)</li>
+ </ol>
+ <ol>
+ <li>fk<sub>R</sub> <- HKDF-Expand(MS, "r finished", NULL)</li>
+ <li>ReceiverFinished <- HMAC(fk<sub>R</sub>, InitiatorHello...InitiatorDone)</li>
+ </ol>
+ </section>
<section anchor="cake_hs_msg_fmt" numbered="true" toc="default">
<name>CAKE Message Format</name>
<t>
@@ -501,25 +516,11 @@ nonce = HKDF-Expand ([I,R][A,H]TS, "iv", 12)
</t>
</section>
<section anchor="handshake_finished" numbered="true" toc="default">
- <name>Finished Field</name>
- <t>
- The HandshakeFinished field contains either InitiatorFinished
- or ReceiverFinished value:
- </t>
- <ol>
- <li>fk<sub>I</sub> <- HKDF-Expand(MS, "i finished", NULL)</li>
- <li>InitiatorFinished <- HMAC(fk<sub>I</sub>, InitiatorHello...ReceiverFinished)</li>
- <li>The InitiatorFinished message is encrypted using a key derived from IHTS.</li>
- </ol>
- <ol>
- <li>fk<sub>R</sub> <- HKDF-Expand(MS, "r finished", NULL)</li>
- <li>ReceiverFinished <- HMAC(fk<sub>R</sub>, InitiatorHello...ReceiverKemCiphertext)</li>
- </ol>
- </section>
- <section anchor="ack_msg" numbered="true" toc="default">
- <name>ACK</name>
+ <name>InitiatorDone Message</name>
<t>
- The ACK message: See <xref target="RFC9147" section="7"/>.
+ The InitiatorDone message contains the InitiatorFinished field
+ encrypted with a key derived from the IHTS.
+ The message type <bcp14>MUST</bcp14> be CORE_INITIATOR_DONE.
</t>
</section>
<section anchor="encrypted_message" numbered="true" toc="default">
@@ -589,6 +590,12 @@ nonce = HKDF-Expand ([I,R][A,H]TS, "iv", 12)
]]></artwork>
</figure>
</section>
+ <section anchor="ack_msg" numbered="true" toc="default">
+ <name>ACK</name>
+ <t>
+ The ACK message: See <xref target="RFC9147" section="7"/>.
+ </t>
+ </section>
</section>
<section anchor="open" numbered="true" toc="default">
<name>Open Issues</name>
