diff options
| author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2019-09-09 22:25:12 +0200 |
|---|---|---|
| committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2019-09-09 22:25:12 +0200 |
| commit | 84874958e6f66485f4912ad4274daf5d7ce85a6e (patch) | |
| tree | 519ba59ae0ab53643136250a19d45ab70373d8dc | |
| parent | debb299627e5aefcacf0d8129e51cf1abe5299be (diff) | |
| download | lsd0001-84874958e6f66485f4912ad4274daf5d7ce85a6e.tar.gz lsd0001-84874958e6f66485f4912ad4274daf5d7ce85a6e.zip | |
more crypto
| -rw-r--r-- | draft-schanzen-gns.xml | 44 |
1 files changed, 34 insertions, 10 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 0f7edb7..07ed475 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
| @@ -108,30 +108,35 @@ | |||
| 108 | <t> | 108 | <t> |
| 109 | Given a GNS record block a symmetric encryption scheme is used to | 109 | Given a GNS record block a symmetric encryption scheme is used to |
| 110 | en-/decrypt "BDATA". The keys are derived from the record label "l" | 110 | en-/decrypt "BDATA". The keys are derived from the record label "l" |
| 111 | and the public key "P". Both "l" and "P" are implicity known by the | 111 | and a public key "dG", where "d" is an ECDSA private key and "G" |
| 112 | GNS resolver. The key material "K" is derived as follows: | 112 | is a EC generator. "d" and "dG" are derived from the public/private |
| 113 | key pair "x,P" of a GNS zone. | ||
| 114 | Both "l" and "P" are implicity known by the GNS resolver. | ||
| 115 | The key material "K" and initialization vector "IV" | ||
| 116 | are derived as follows: | ||
| 113 | </t> | 117 | </t> |
| 114 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 118 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
| 115 | h := SHA512 (l,P) | 119 | h := SHA512 (l,P) |
| 116 | d := h*x mod n | 120 | d := h*x mod n |
| 117 | K := HKDF (P,l) | 121 | K := HKDF (dG,l,"gns-aes-ctx-key") |
| 122 | IV := HKDF (dG,l,"gns-aes-ctx-iv") | ||
| 118 | ]]></artwork> | 123 | ]]></artwork> |
| 119 | <t> | 124 | <t> |
| 120 | "HKDF" is a hash-based key derivation function as defined in | 125 | "HKDF" is a hash-based key derivation function as defined in |
| 121 | <xref target="RFC5869" />. For the XTR, we use HMAC-SHA512 and | 126 | <xref target="RFC5869" />. For the XTR, we use HMAC-SHA512 and |
| 122 | HMAC-SHA256 in PRF as proposed in (paper). Using this HKDF, we | 127 | HMAC-SHA256 in PRF as proposed in (paper). We divide "K" into a |
| 123 | derive two symmetric 256-bit keys "Ka,Kt" from "K": | 128 | 256-bit AES key "Kaes" and a 256-bit TWOFISH key "Ktwo". |
| 124 | </t> | 129 | </t> |
| 125 | <figure anchor="figure_hddf_keys"> | 130 | <figure anchor="figure_hddf_keys"> |
| 126 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 131 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
| 127 | 0 8 16 24 32 40 48 56 | 132 | 0 8 16 24 32 40 48 56 |
| 128 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 133 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
| 129 | | AES KEY | | 134 | | AES KEY (Kaes) | |
| 130 | | | | 135 | | | |
| 131 | | | | 136 | | | |
| 132 | | | | 137 | | | |
| 133 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 138 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
| 134 | | TWOFISH KEY | | 139 | | TWOFISH KEY (Ktwo) | |
| 135 | | | | 140 | | | |
| 136 | | | | 141 | | | |
| 137 | | | | 142 | | | |
| @@ -139,12 +144,31 @@ | |||
| 139 | ]]></artwork> | 144 | ]]></artwork> |
| 140 | <!-- <postamble>which is a very simple example.</postamble>--> | 145 | <!-- <postamble>which is a very simple example.</postamble>--> |
| 141 | </figure> | 146 | </figure> |
| 147 | <t> | ||
| 148 | Similarly, we divide "IV" into a 128-bit initialization vector IVaes | ||
| 149 | and a 128-bit initialization vector IVtwo: | ||
| 150 | </t> | ||
| 151 | <figure anchor="figure_hddf_keys"> | ||
| 152 | <artwork name="" type="" align="left" alt=""><![CDATA[ | ||
| 153 | 0 8 16 24 32 40 48 56 | ||
| 154 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
| 155 | | AES IV (IVaes) | | ||
| 156 | | | | ||
| 157 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
| 158 | | TWOFISH IV (IVtwo) | | ||
| 159 | | | | ||
| 160 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
| 161 | ]]></artwork> | ||
| 162 | <!-- <postamble>which is a very simple example.</postamble>--> | ||
| 163 | </figure> | ||
| 142 | 164 | ||
| 143 | <t> | 165 | <t> |
| 144 | The two symmetric keys are used for a AES+TWOFISH combined cipher: | 166 | The symmetric keys and IVs are used for a AES+TWOFISH combined |
| 167 | cipher. Both ciphers are used in CFB (ref) mode. | ||
| 145 | </t> | 168 | </t> |
| 146 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 169 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
| 147 | RDATA := TWOFISH256(Kt, AES256(Ka, BDATA)) | 170 | RDATA := AES256(Kaes, IVaes, TWOFISH256(Ktwo, IVtwo, BDATA)) |
| 171 | BDATA := TWOFISH256(Ktwo, IVtwo, AES256(Kaes, IVaes, RDATA)) | ||
| 148 | ]]></artwork> | 172 | ]]></artwork> |
| 149 | 173 | ||
| 150 | </section> | 174 | </section> |
| @@ -163,7 +187,7 @@ | |||
| 163 | | | | 187 | | | |
| 164 | | | | 188 | | | |
| 165 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 189 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
| 166 | | RDATA SIZE | TYPE | | 190 | | DATA SIZE | TYPE | |
| 167 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 191 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
| 168 | | FLAGS | DATA | | 192 | | FLAGS | DATA | |
| 169 | +-----+-----+-----+-----+ | | 193 | +-----+-----+-----+-----+ | |