[noise] Making sender pubkey encryption more consistent
Trevor Perrin
trevp at trevp.net
Wed Jul 30 21:22:56 PDT 2014
It's sort of inconsistent how a Noise box contains:
(a) the sender's public-key encrypted WITHOUT padding with a MAC
(b) the actual contents encrypted WITH padding and a MAC
The sender's public-key doesn't really need padding, but it might be
simpler if we just used the same padded-encryption for both.
Here's what that might look like, what do people think? -
struct {
bytes encrypted_contents[contents_len];
bytes encrypted_padding[padding_len];
bytes encrypted_padding_len[4];
bytes mac[MAC_LEN];
} NoiseEncryption;
struct {
NoiseEncryption header; # sender public key
NoiseEncryption body; # application data
} NoiseBox;
noise_encrypt(cc, pad_len, contents, authtext=""):
plaintext = contents || random(pad_len) || (uint32_little_endian)pad_len
encryption = ENCRYPT(cc, plaintext, authtext)
return encryption
noise_box(eph_key, sender_key, target_pubkey, pad_len1, pad_len2, app_data,
kdf_num, cv):
dh1 = DH(eph_key.priv, target_pubkey)
dh2 = DH(sender_key.priv, target_pubkey)
cv1 || cc1 = KDF(dh1, cv, SUITE_NAME || (byte)kdf_num, CV_LEN + CC_LEN)
cv2 || cc2 = KDF(dh2, cv1, SUITE_NAME || (byte)(kdf_num + 1), CV_LEN + CC_LEN)
header = noise_encrypt(cc1, pad_len1, sender_key.pub, target_pubkey
|| eph_key.pub)
body = noise_encrypt(cc2, pad_len2, app_data, target_pubkey || header)
return (header || body), cv2
?
Trevor
More information about the Noise
mailing list