Ugh, xsalsa20poly1305 as an AEAD isn't a thing
This commit is contained in:
parent
0f5e033174
commit
40b4681a6e
|
@ -1,28 +1,28 @@
|
||||||
version 1 .
|
version 1 .
|
||||||
|
|
||||||
; Noise_IK_25519_XSalsa20Poly1305_SHA512
|
; Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s, just like Wireguard
|
||||||
; Noise_NK_25519_XSalsa20Poly1305_SHA512
|
; Noise_NKpsk2_25519_ChaChaPoly_BLAKE2s
|
||||||
;
|
|
||||||
; Most noise instantiations use ChaChaPoly (or AESGCM) but because e.g. tweetnacl offers
|
|
||||||
; XSalsa20 instead of ChaCha, I think I'll go with that.
|
|
||||||
|
|
||||||
; IK:
|
; - ephemeral public keys are 32 bytes
|
||||||
|
; - pre-shared-keys (PSKs) are 32 bytes
|
||||||
|
; - authentication tags (on each AEAD encrypted payload) are 16 bytes each
|
||||||
|
|
||||||
|
; IKpsk2:
|
||||||
; <- s (for us, the object's static key is in the cap ref)
|
; <- s (for us, the object's static key is in the cap ref)
|
||||||
; ...
|
; ...
|
||||||
; -> e, es, s, ss
|
; -> e, es, s, ss
|
||||||
; <- e, ee, se
|
; <- e, ee, se, psk
|
||||||
;
|
;
|
||||||
; NK:
|
; NKpsk2:
|
||||||
; <- s (for us, the object's static key is in the cap ref)
|
; <- s (for us, the object's static key is in the cap ref)
|
||||||
; ...
|
; ...
|
||||||
; -> e, es
|
; -> e, es
|
||||||
; <- e, ee
|
; <- e, ee, psk
|
||||||
;
|
|
||||||
; NKpsk2, IKpsk2
|
|
||||||
|
|
||||||
; Assertion. Handshake is an ephemeral public key followed by either an encrypted public-key
|
; Assertion. Handshake is an ephemeral public key followed by either an encrypted public-key
|
||||||
; (IK) or an encrypted empty payload (NK).
|
; (IK) or an encrypted empty payload (NK).
|
||||||
Connect = <connect @handshake bytes @initiatorSession #!any> .
|
Connect = <connect @handshake bytes @initiatorSession #!any> .
|
||||||
|
|
||||||
; Assertion (to initiatorSession). Handshake is an encrypted ephemeral public key.
|
; Assertion (to initiatorSession). Handshake is an encrypted ephemeral public key followed by a
|
||||||
|
; (differently-)encrypted PSK (which may be all zeros when no PSK is relevant).
|
||||||
Accept = <accept @handshake bytes @responderSession #!any> .
|
Accept = <accept @handshake bytes @responderSession #!any> .
|
||||||
|
|
Loading…
Reference in New Issue