[noise] NoiseSocket and payload padding in handshake messages

Justin Cormack justin at specialbusservice.com
Tue Apr 17 09:50:19 PDT 2018


Yes I have been working on an implementation that includes a model of this
so it should be able to do this (as I want to do code generation rather
than dynamic). Been making progress with it, hoping to have a releasable
version fairly soon.

On Tue, 17 Apr 2018, 17:43 Nemanja Mijailovic, <metalnem at mijailovic.net>
wrote:

> It is a little tricky to support padding it for handshake message. You
> would have to calculate the whole Noise message length before deciding
> whether to apply padding, but the message sometimes includes static and
> ephemeral keys, where static keys can be encrypted or not, which depends on
> whether the cipher key was calculated in current or previous message
> patterns, but it also depends on whether the handshake pattern is PSK or
> not.
>
> Nemanja
>
> On Apr 17, 2018, at 6:40 PM, Justin Cormack <justin at specialbusservice.com>
> wrote:
>
> I would assume that many protocols will not use the unencrypted messages
> for anything, so using them for padding seems natural (have been planning
> to do that for one use case). Encrypted ones can have framing information
> so they look much like normal messages so padding should be easy.
>
> On Tue, 17 Apr 2018, 17:31 Trevor Perrin, <trevp at trevp.net> wrote:
>
>> On Tue, Apr 17, 2018 at 4:14 PM, Alexey Ermishkin <scratch.net at gmail.com>
>> wrote:
>> > Hello everyone,
>> > This is when padding was dropped from the handshake
>> > https://moderncrypto.org/mail-archive/noise/2017/000931.html
>>
>> Ah, I missed that, sorry.
>>
>> Let's take a moment to think about this and make sure we know what
>> decision we're making, and why we're making it.
>>
>> On the one hand, I'm not sure why padding would be less-useful for
>> handshake ciphertext than transport ciphertexts.  On the other hand,
>> maybe the structure of Noise libraries and the fact that handshake
>> payloads are sometimes encrypted and sometimes not, makes this an
>> awkward thing to support?
>>
>> Trevor
>> _______________________________________________
>> Noise mailing list
>> Noise at moderncrypto.org
>> https://moderncrypto.org/mailman/listinfo/noise
>>
> _______________________________________________
> Noise mailing list
> Noise at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/noise
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20180417/d0090b07/attachment.html>


More information about the Noise mailing list