[noise] NoiseSocket and payload padding in handshake messages
Trevor Perrin
trevp at trevp.net
Wed Apr 18 00:54:10 PDT 2018
On Tue, Apr 17, 2018 at 4:43 PM, Nemanja Mijailovic
<metalnem at mijailovic.net> wrote:
> It is a little tricky to support padding it for handshake message. You would
> have to calculate the whole Noise message length before deciding whether to
> apply padding, but the message sometimes includes static and ephemeral keys,
> where static keys can be encrypted or not, which depends on whether the
> cipher key was calculated in current or previous message patterns, but it
> also depends on whether the handshake pattern is PSK or not.
I guess it depends on the protocol whether you're trying to pad the
entire message out to a fixed size (e.g. to obscure which protocol is
executing), or just trying to pad the handshake payload ciphertext to
a fixed size, to obscure the length of the encrypted plaintext. In
the latter (maybe more common?) case, you don't have to calculate
padding based on the entire Noise message, so it's easier to do.
Trevor
More information about the Noise
mailing list