Previous: , Up: Packet  


Encrypted packet

Encrypted packets are the only files found in spools, in exchangeable storages and that are synchronized between TCP daemons.

Each encrypted packet has the following header:

                    HEADER
+--------------------------------------------+-------...--------+
| MAGIC | NICE | SENDER | EPUB | SIGN | SIZE | CIPHERTEXT | MAC |
+------------------------------/------\------+-------...--------+
                              /        \
             +--------------------------------------------+
             | MAGIC | NICE | RCPT | SENDER | EPUB | SIZE |
             +--------------------------------------------+
XDR typeValue
Magic number8-byte, fixed length opaque dataNNCPE0x10x00x00
Nicenessunsigned integer1-255, packet niceness level
Sender32-byte, fixed length opaque dataSender node’s id
Exchange public key32-byte, fixed length opaque dataEphemeral curve25519 public key
Signature64-byte, fixed length opaque dataed25519 signature for that packet’s header
Sizeunsigned hyper integerEncrypted payload size

Signature is calculated over the following structure:

Actual encrypted payload comes after that header. Payload is encrypted using Twofish algorithm with 256-bit key in CTR mode of operation with zero initialization vector (because each encrypted packet has ephemeral exchange key). Ciphertext’s length is equal to plaintext. BLAKE2b-256 MAC is appended to the ciphertext.

Each node has static exchange and signature keypairs. When node A want to send encrypted packet to node B, it:

  1. generates ephemeral curve25519 keypair
  2. prepares structure for signing (underlying payload size must be already known)
  3. signs that structure using private ed25519 signature key
  4. takes remote node’s exchange public key and performs Diffie-Hellman computation on this remote static public key and private ephemeral one
  5. derived ephemeral key used as an input to HKDF-BLAKE2b-256 key derivation function
  6. two 256-bit keys are derived from it for using with Twofish and BLAKE2b-MAC functions
  7. Twofish encryption is performed over the plaintext and BLAKE2b-MACing is performed over the ciphertext. Ciphertext and MAC tag go after header.

Previous: , Up: Packet