[noise] NoiseSocket and payload padding in handshake messages
Nemanja Mijailovic
metalnem at mijailovic.net
Tue Apr 17 09:43:37 PDT 2018
It is a little tricky to support padding it for handshake message. You would have to calculate the whole Noise message length before deciding whether to apply padding, but the message sometimes includes static and ephemeral keys, where static keys can be encrypted or not, which depends on whether the cipher key was calculated in current or previous message patterns, but it also depends on whether the handshake pattern is PSK or not.
Nemanja
> On Apr 17, 2018, at 6:40 PM, Justin Cormack <justin at specialbusservice.com> wrote:
>
> I would assume that many protocols will not use the unencrypted messages for anything, so using them for padding seems natural (have been planning to do that for one use case). Encrypted ones can have framing information so they look much like normal messages so padding should be easy.
>
> On Tue, 17 Apr 2018, 17:31 Trevor Perrin, <trevp at trevp.net <mailto:trevp at trevp.net>> wrote:
> On Tue, Apr 17, 2018 at 4:14 PM, Alexey Ermishkin <scratch.net at gmail.com <mailto:scratch.net at gmail.com>> wrote:
> > Hello everyone,
> > This is when padding was dropped from the handshake
> > https://moderncrypto.org/mail-archive/noise/2017/000931.html <https://moderncrypto.org/mail-archive/noise/2017/000931.html>
>
> Ah, I missed that, sorry.
>
> Let's take a moment to think about this and make sure we know what
> decision we're making, and why we're making it.
>
> On the one hand, I'm not sure why padding would be less-useful for
> handshake ciphertext than transport ciphertexts. On the other hand,
> maybe the structure of Noise libraries and the fact that handshake
> payloads are sometimes encrypted and sometimes not, makes this an
> awkward thing to support?
>
> Trevor
> _______________________________________________
> Noise mailing list
> Noise at moderncrypto.org <mailto:Noise at moderncrypto.org>
> https://moderncrypto.org/mailman/listinfo/noise <https://moderncrypto.org/mailman/listinfo/noise>
> _______________________________________________
> Noise mailing list
> Noise at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/noise
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20180417/9448cedc/attachment.html>
More information about the Noise
mailing list