diff options
author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2019-09-09 22:25:12 +0200 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2019-09-09 22:25:12 +0200 |
commit | 84874958e6f66485f4912ad4274daf5d7ce85a6e (patch) | |
tree | 519ba59ae0ab53643136250a19d45ab70373d8dc | |
parent | debb299627e5aefcacf0d8129e51cf1abe5299be (diff) | |
download | lsd0001-84874958e6f66485f4912ad4274daf5d7ce85a6e.tar.gz lsd0001-84874958e6f66485f4912ad4274daf5d7ce85a6e.zip |
more crypto
-rw-r--r-- | draft-schanzen-gns.xml | 44 |
1 files changed, 34 insertions, 10 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 0f7edb7..07ed475 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -108,30 +108,35 @@ | |||
108 | <t> | 108 | <t> |
109 | Given a GNS record block a symmetric encryption scheme is used to | 109 | Given a GNS record block a symmetric encryption scheme is used to |
110 | en-/decrypt "BDATA". The keys are derived from the record label "l" | 110 | en-/decrypt "BDATA". The keys are derived from the record label "l" |
111 | and the public key "P". Both "l" and "P" are implicity known by the | 111 | and a public key "dG", where "d" is an ECDSA private key and "G" |
112 | GNS resolver. The key material "K" is derived as follows: | 112 | is a EC generator. "d" and "dG" are derived from the public/private |
113 | key pair "x,P" of a GNS zone. | ||
114 | Both "l" and "P" are implicity known by the GNS resolver. | ||
115 | The key material "K" and initialization vector "IV" | ||
116 | are derived as follows: | ||
113 | </t> | 117 | </t> |
114 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 118 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
115 | h := SHA512 (l,P) | 119 | h := SHA512 (l,P) |
116 | d := h*x mod n | 120 | d := h*x mod n |
117 | K := HKDF (P,l) | 121 | K := HKDF (dG,l,"gns-aes-ctx-key") |
122 | IV := HKDF (dG,l,"gns-aes-ctx-iv") | ||
118 | ]]></artwork> | 123 | ]]></artwork> |
119 | <t> | 124 | <t> |
120 | "HKDF" is a hash-based key derivation function as defined in | 125 | "HKDF" is a hash-based key derivation function as defined in |
121 | <xref target="RFC5869" />. For the XTR, we use HMAC-SHA512 and | 126 | <xref target="RFC5869" />. For the XTR, we use HMAC-SHA512 and |
122 | HMAC-SHA256 in PRF as proposed in (paper). Using this HKDF, we | 127 | HMAC-SHA256 in PRF as proposed in (paper). We divide "K" into a |
123 | derive two symmetric 256-bit keys "Ka,Kt" from "K": | 128 | 256-bit AES key "Kaes" and a 256-bit TWOFISH key "Ktwo". |
124 | </t> | 129 | </t> |
125 | <figure anchor="figure_hddf_keys"> | 130 | <figure anchor="figure_hddf_keys"> |
126 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 131 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
127 | 0 8 16 24 32 40 48 56 | 132 | 0 8 16 24 32 40 48 56 |
128 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 133 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
129 | | AES KEY | | 134 | | AES KEY (Kaes) | |
130 | | | | 135 | | | |
131 | | | | 136 | | | |
132 | | | | 137 | | | |
133 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 138 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
134 | | TWOFISH KEY | | 139 | | TWOFISH KEY (Ktwo) | |
135 | | | | 140 | | | |
136 | | | | 141 | | | |
137 | | | | 142 | | | |
@@ -139,12 +144,31 @@ | |||
139 | ]]></artwork> | 144 | ]]></artwork> |
140 | <!-- <postamble>which is a very simple example.</postamble>--> | 145 | <!-- <postamble>which is a very simple example.</postamble>--> |
141 | </figure> | 146 | </figure> |
147 | <t> | ||
148 | Similarly, we divide "IV" into a 128-bit initialization vector IVaes | ||
149 | and a 128-bit initialization vector IVtwo: | ||
150 | </t> | ||
151 | <figure anchor="figure_hddf_keys"> | ||
152 | <artwork name="" type="" align="left" alt=""><![CDATA[ | ||
153 | 0 8 16 24 32 40 48 56 | ||
154 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
155 | | AES IV (IVaes) | | ||
156 | | | | ||
157 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
158 | | TWOFISH IV (IVtwo) | | ||
159 | | | | ||
160 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
161 | ]]></artwork> | ||
162 | <!-- <postamble>which is a very simple example.</postamble>--> | ||
163 | </figure> | ||
142 | 164 | ||
143 | <t> | 165 | <t> |
144 | The two symmetric keys are used for a AES+TWOFISH combined cipher: | 166 | The symmetric keys and IVs are used for a AES+TWOFISH combined |
167 | cipher. Both ciphers are used in CFB (ref) mode. | ||
145 | </t> | 168 | </t> |
146 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 169 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
147 | RDATA := TWOFISH256(Kt, AES256(Ka, BDATA)) | 170 | RDATA := AES256(Kaes, IVaes, TWOFISH256(Ktwo, IVtwo, BDATA)) |
171 | BDATA := TWOFISH256(Ktwo, IVtwo, AES256(Kaes, IVaes, RDATA)) | ||
148 | ]]></artwork> | 172 | ]]></artwork> |
149 | 173 | ||
150 | </section> | 174 | </section> |
@@ -163,7 +187,7 @@ | |||
163 | | | | 187 | | | |
164 | | | | 188 | | | |
165 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 189 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
166 | | RDATA SIZE | TYPE | | 190 | | DATA SIZE | TYPE | |
167 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 191 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
168 | | FLAGS | DATA | | 192 | | FLAGS | DATA | |
169 | +-----+-----+-----+-----+ | | 193 | +-----+-----+-----+-----+ | |