View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0005897GNUnetGNSpublic2019-09-17 09:522020-06-01 22:00
Reporterschanzen Assigned Toschanzen  
PrioritylowSeveritytweakReproducibilityhave not tried
Status closedResolutionfixed 
Target Version0.12.0Fixed in Version0.12.0 
Summary0005897: Harmonize HKDF arguments for GNS block key derivations
DescriptionSo currently it looks like this in the code:

PRK_h := HKDF-Extract ("key-derivation", x*P)
h := HKDF-Expand (PRK_h, l | "gns", 512 / 8)
d := h*x mod p
PRK_kiv := HKDF-Extract (d*P, l)
K := HKDF-Expand (PRK_kiv, "gns-aes-ctx-key", 512 / 8)
IV := HKDF-Expand (PRK_kiv, "gns-aes-ctx-iv", 256 / 8)

In the case of PRK_kiv we use d*P as the "salt" value. For PRK_h we use a static public string.
I propose we modify the derivation of K and IV to:

PRK_h := HKDF-Extract ("key-derivation", x*P)
h := HKDF-Expand (PRK_h, l, 512 / 8) <== CHANGED: Removed "gns"
d := h*x mod p
PRK_k := HKDF-Extract ("gns-aes-ctx-key", d*P) <== CHANGED: Split into two PRKs and use string as salt and d*P as IKM
PRK_iv := HKDF-Extract ("gns-aes-ctx-iv", d*P) <== CHANGED: Split into two PRKs and use string as salt and d*P as IKM
K := HKDF-Expand (PRK_k, l, 512 / 8) <== CHANGED: Use only l as info
IV := HKDF-Expand (PRK_iv, l, 256 / 8) <== CHANGED: Use only l as info

we _may_ also change the "key-derivation" string to something else, suggestions welcome.

This change will break backwards compatibility for GNS.
TagsNo tags attached.

Relationships

child of 0005920 closedschanzen LSD0001 meta issue 
child of 0006324 closedschanzen LSD0001 meta issue 

Activities

schanzen

2019-12-01 12:59

administrator   ~0015109

Fixed in 8988b34f6d guarded by ifdefs for LSD001.

schanzen

2019-12-01 13:02

administrator   ~0015110

Reopen until we remove ifdefs

Christian Grothoff

2019-12-07 14:49

manager   ~0015134

Flipped in 3a13f497b..b365e4d52

schanzen

2019-12-15 15:18

administrator   ~0015178

0.12.0 released

Issue History

Date Modified Username Field Change
2019-09-17 09:52 schanzen New Issue
2019-11-30 21:09 schanzen Relationship added child of 0005920
2019-12-01 12:59 schanzen Assigned To => schanzen
2019-12-01 12:59 schanzen Status new => resolved
2019-12-01 12:59 schanzen Resolution open => fixed
2019-12-01 12:59 schanzen Fixed in Version => 0.12.0
2019-12-01 12:59 schanzen Note Added: 0015109
2019-12-01 13:02 schanzen Status resolved => assigned
2019-12-01 13:02 schanzen Note Added: 0015110
2019-12-07 14:49 Christian Grothoff Status assigned => resolved
2019-12-07 14:49 Christian Grothoff Note Added: 0015134
2019-12-15 15:18 schanzen Note Added: 0015178
2019-12-15 15:18 schanzen Status resolved => closed
2020-06-01 00:52 Adminknox Relationship added child of 0006324