From f388fef2f621c648f0e06aa5bdf06db3efd27b04 Mon Sep 17 00:00:00 2001 From: Christopher Jeffrey Date: Tue, 26 Jul 2016 23:26:46 -0700 Subject: [PATCH 1/2] BIP151: Clarifications on AAD and sequence numbers. --- bip-0151.mediawiki | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/bip-0151.mediawiki b/bip-0151.mediawiki index cc797121..f565a4e2 100644 --- a/bip-0151.mediawiki +++ b/bip-0151.mediawiki @@ -123,12 +123,14 @@ After a successful encinit/encack interaction from bot Encrypted messages do not have the 4byte network magic. +The ciphertext payload length must be included in the AEAD MAC as AAD. + The maximum message length needs to be chosen carefully. The 4 byte length field can lead to a required message buffer of 4 GiB. Processing the message before the authentication succeeds must not be done. The 4byte sha256 checksum is no longer required because the AEAD. -Both peers need to track the message number (int64) of sent messages to the remote peer for building a symmetric cipher IV. Padding might be required (96bit IVs). +Both peers need to track the message sequence number (uint32) of sent messages to the remote peer for building a 64 bit symmetric cipher IV. Sequence numbers are allowed to overflow to zero after 4294967295 (2^32-1). The encrypted payload will result decrypted in one or many unencrypted messages: @@ -156,7 +158,7 @@ The Re-Keying must be done after every 1GB of data sent or received (recommended === Risks === -The encryption does not include an identity authentication scheme. This BIP does not cover a proposal to avoid MITM attacks during the encryption initialization. +The encryption does not include an identity authentication scheme. This BIP does not cover a proposal to avoid MITM attacks during the encryption initialization. Identity authentication will be covered in another BIP and will presume communication encryption after this BIP. From 0607a34fcfd139f02a9232449f88cdd3501d9a18 Mon Sep 17 00:00:00 2001 From: Christopher Jeffrey Date: Wed, 27 Jul 2016 00:26:34 -0700 Subject: [PATCH 2/2] bip151: remove aad change. --- bip-0151.mediawiki | 2 -- 1 file changed, 2 deletions(-) diff --git a/bip-0151.mediawiki b/bip-0151.mediawiki index f565a4e2..a4c8b8ec 100644 --- a/bip-0151.mediawiki +++ b/bip-0151.mediawiki @@ -123,8 +123,6 @@ After a successful encinit/encack interaction from bot Encrypted messages do not have the 4byte network magic. -The ciphertext payload length must be included in the AEAD MAC as AAD. - The maximum message length needs to be chosen carefully. The 4 byte length field can lead to a required message buffer of 4 GiB. Processing the message before the authentication succeeds must not be done.