diff options
author | Uros Majstorovic <majstor@majstor.org> | 2024-03-26 15:02:11 +0100 |
---|---|---|
committer | Uros Majstorovic <majstor@majstor.org> | 2024-03-26 15:02:11 +0100 |
commit | db16c435440950bae7289a41fb583b7a0749e511 (patch) | |
tree | 9c5caf978c8b5c2814387b3174ace9923861c202 /ecp/doc | |
parent | 9f543437bcd7b612bdd873f71aeeb75d62c888bd (diff) |
updated protocol design to reflect ROS recommendations
Diffstat (limited to 'ecp/doc')
-rw-r--r-- | ecp/doc/protocol.md | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/ecp/doc/protocol.md b/ecp/doc/protocol.md index e395e96..a386c21 100644 --- a/ecp/doc/protocol.md +++ b/ecp/doc/protocol.md @@ -20,7 +20,7 @@ Short-term keys have "parity" property. Initial key (server's first key upon sta | Client -> server | Server -> client | --- | --- -| Init request packet:<br> `(I,C',N,Box[INIT_REQ message](C'->S))` || +| Init request packet:<br> `(I,C',0,N,Box[INIT_REQ message](C'->S))` || | | Init reply packet:<br> `(I,N,Box[INIT_REP message](S->C'))` | Open request packet:<br> `(I,C',K,N,Box[OPEN_REQ message](C'->S'))` || | | Open reply packet:<br> `(I,C',N,Box[OPEN_REP message](S'->C'))` @@ -37,6 +37,7 @@ Where: - S' is server's short-term public key (32 bytes); - S is server's long-term public key (32 bytes); - N is nonce (64-bit integer in big endian form); + - 0 is zero zero-padding (64 bytes: all zero); - K is a cookie (28 bytes) — see cookie in open request message below; - `Box[X](C->S)` is a cryptographic box, encrypting and authenticating X from the public key C to the public key S. @@ -81,7 +82,7 @@ Message format is (MT,MD[,MT,MD,...]) where: ###Init request message - Message type is `INIT_REQ`; - - Message data is null. + - Message data is 64 bytes: all zero. ###Init reply message @@ -98,6 +99,7 @@ Message format is (MT,MD[,MT,MD,...]) where: K — cookie (present in packet header) is constructed by concatenating nonce and authentication tag from previously received init reply packet/message. Server may reject cookies with nonces that are too distant from current init reply nonce counter, thus preventing replay attack using captured open request packets. +Purpose of vouch subpacket is to authenticate client towards the server (optional). - Message type is `OPEN_REQ`; - Message data is (CT,VP[,V]) where: @@ -106,10 +108,11 @@ Server may reject cookies with nonces that are too distant from current init rep - b10000010: VLINK connection (TBD); - b0xxxxxxx: application specific; - VP is vouch present (1 byte): 1 if vouch subpacket is present, 0 otherwise; - - V is vouch subpacket `(C,N,Box[C'](C->S))` where: + - V is vouch subpacket `(C,N,Box[C',S'](C->S))` where: - C is client's long-term public key (32 bytes); - N is nonce (8 bytes) — 96-bit AEAD nonce is constructed by prepending ASCII "VBOX" to N; - C' is client's short-term public key (32 bytes). + - S' is server's short-term public key (32 bytes). ###Open reply message |