[noise] Ordering of Tokens Within Messages

Loup Vaillant David loup at loup-vaillant.fr
Mon Apr 15 07:34:00 PDT 2019


On Mon, 2019-04-15 at 13:28 +0100, Dennis Jackson wrote:
> Noise Protocol Specification Rev31, Section 7.3:
> > Handshake patterns must be valid in the following senses:
> >    1. Parties can only perform DH between private keys and public 
> >       keys they possess.
> 
> My reading of this rule is that `ss, s` is forbidden as the receiver
> processes ss, before it posses s. Maybe I'm missing something?

That was my reading as well, but strictly speaking, we could say that
if the whole message is transmitted in one go, the receiver does posses
s already. So we could conceivably imagine that it would *process* s
before it processes ss, even though it appears later in the pattern.

This would require the state machine to reorder the tokens of a message
before it processes them, though, and as Justin Cormack just showed,
the relevant portion of the specs says the state machine just
"sequentially processes each token from the message pattern".

The specs don't say "in order", but they don't speak of any reordering
either. I think it's pretty safe to assume you didn't miss anything.
That said, the specs could perhaps be a bit more explicit than they
already are. For instance, instead of just:

> Fetches and deletes the next message pattern from `message_patterns`,
> then sequentially processes each token from the message pattern:

We could have something like:

> Fetches and deletes the next message pattern from `message_patterns`,
> then sequentially processes each token from the message pattern, in
> the order in which they appear on the message pattern:

That may sound nitpicky, but if someone as competent as the *Noise
Explorer creator* missed it, anybody can.

Loup.




More information about the Noise mailing list