[noise] NoiseSocket and payload padding in handshake messages
Trevor Perrin
trevp at trevp.net
Wed Apr 18 00:49:58 PDT 2018
On Tue, Apr 17, 2018 at 4:31 PM, Trevor Perrin <trevp at trevp.net> wrote:
>
> Let's take a moment to think about this and make sure we know what
> decision we're making, and why we're making it.
I think I'm still in favor of having NoiseSocket padding (i.e. the
2-byte "body_len" field) present in encrypted handshake payloads, as
well as transport payloads.
Padding is useful here for the usual reason: you might be encrypting
variable-length handshake payloads and want to hide the length.
If we omitted NoiseSocket padding in handshake payloads then padding
could still be added at a higher level. For example, we could add a
padding field into the NLS protobuf. However it's easier to add
padding _after_ you've encoded the protobuf into bytes, rather than
guessing the length beforehand and dealing with things like varints.
Also, since we decided padding made sense as a NoiseSocket
responsibility, it seems reasonable to apply padding consistently to
all the places where NoiseSocket encrypts variable-length payloads.
Trevor
More information about the Noise
mailing list