From f388fef2f621c648f0e06aa5bdf06db3efd27b04 Mon Sep 17 00:00:00 2001 From: Christopher Jeffrey Date: Tue, 26 Jul 2016 23:26:46 -0700 Subject: BIP151: Clarifications on AAD and sequence numbers. --- bip-0151.mediawiki | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/bip-0151.mediawiki b/bip-0151.mediawiki index cc79712..f565a4e 100644 --- a/bip-0151.mediawiki +++ b/bip-0151.mediawiki @@ -123,12 +123,14 @@ After a successful encinit/encack interaction from bot Encrypted messages do not have the 4byte network magic. +The ciphertext payload length must be included in the AEAD MAC as AAD. + The maximum message length needs to be chosen carefully. The 4 byte length field can lead to a required message buffer of 4 GiB. Processing the message before the authentication succeeds must not be done. The 4byte sha256 checksum is no longer required because the AEAD. -Both peers need to track the message number (int64) of sent messages to the remote peer for building a symmetric cipher IV. Padding might be required (96bit IVs). +Both peers need to track the message sequence number (uint32) of sent messages to the remote peer for building a 64 bit symmetric cipher IV. Sequence numbers are allowed to overflow to zero after 4294967295 (2^32-1). The encrypted payload will result decrypted in one or many unencrypted messages: @@ -156,7 +158,7 @@ The Re-Keying must be done after every 1GB of data sent or received (recommended === Risks === -The encryption does not include an identity authentication scheme. This BIP does not cover a proposal to avoid MITM attacks during the encryption initialization. +The encryption does not include an identity authentication scheme. This BIP does not cover a proposal to avoid MITM attacks during the encryption initialization. Identity authentication will be covered in another BIP and will presume communication encryption after this BIP. -- cgit v1.2.3 From 0607a34fcfd139f02a9232449f88cdd3501d9a18 Mon Sep 17 00:00:00 2001 From: Christopher Jeffrey Date: Wed, 27 Jul 2016 00:26:34 -0700 Subject: bip151: remove aad change. --- bip-0151.mediawiki | 2 -- 1 file changed, 2 deletions(-) diff --git a/bip-0151.mediawiki b/bip-0151.mediawiki index f565a4e..a4c8b8e 100644 --- a/bip-0151.mediawiki +++ b/bip-0151.mediawiki @@ -123,8 +123,6 @@ After a successful encinit/encack interaction from bot Encrypted messages do not have the 4byte network magic. -The ciphertext payload length must be included in the AEAD MAC as AAD. - The maximum message length needs to be chosen carefully. The 4 byte length field can lead to a required message buffer of 4 GiB. Processing the message before the authentication succeeds must not be done. -- cgit v1.2.3