aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorpukkamustard <pukkamustard@posteo.net>2020-10-23 10:32:05 +0200
committerpukkamustard <pukkamustard@posteo.net>2020-10-23 10:32:05 +0200
commit25986f98d606f3b0980bfc5f7da54cd3877ce373 (patch)
tree6f3e54152adc0fdd2c1fce269dd275fcaeee4712 /doc
parent9d13a9678c45a530972da3182683ce74e5c90656 (diff)
eris.adoc: ellaborate on cryptographic primitives
Diffstat (limited to 'doc')
-rw-r--r--doc/eris.adoc26
1 files changed, 22 insertions, 4 deletions
diff --git a/doc/eris.adoc b/doc/eris.adoc
index b4d1607..b208423 100644
--- a/doc/eris.adoc
+++ b/doc/eris.adoc
@@ -72,11 +72,29 @@ TODO a glossary of terms used.
=== Cryptographic Primitives
-The cryptographic primitives used by ERIS are:
+The cryptographic primitives used by ERIS are a cryptographic hash funciton, a symmetric key cipher and a padding algorithm. The hash function and cipher are readily available in open-source libraries such as https://github.com/jedisct1/libsodium[libsodium] or https://monocypher.org/[Monocypher]. The padding algorithm can be implemented with reasonable effort.
-Cryptographic hash function :: Blake2b <<RFC7693>> with output size of 256 bit (32 byte).
-Symmetric Key Cipher :: ChaCha20 (IETF variant) <<RFC8439>>.
-Padding algorithm :: According to ISO/IEC 7816-4.
+==== Cryptographic Hash Function
+
+Blake2b <<RFC7693>> with output size of 256 bit (32 byte). We use the keying feature and refer to the key used for keying Blake2b as the _hashing key_.
+
+Provides the functions `Blake2b-256(INPUT,HASHING-KEY)` for keyed hashing and `Blake2b-256(INPUT)` for unkeyed hashing.
+
+==== Symmetric Key Cipher
+ChaCha20 (IETF variant) <<RFC8439>>. Provides `ChaCha20(INPUT, KEY)`, where `INPUT` is an arbirtarty length byte sequence and `KEY` is the 256 bit encryption key. The output is the encrypted byte sequence.
+
+The 32 bit initial counter as well as the 96 bit nonce are set to 0. We can safely use the zero nonce as we never reuse a key.
+
+Decryption is done with the same function where `INPUT` is the encrypted byte sequence.
+
+==== Padding Algorithm
+
+We use a byte padding scheme to ensure that input content size is a multiple of a block size. Provides following functions:
+
+`PAD(INPUT,BLOCK-SIZE)` :: For `INPUT` of size `n` adds a mandatory byte valued `0x80` (hexadecimal) to `INPUT` followed by `m < BLOCK-SIZE - 1` bytes valued `0x00` such that `n + m + 1` is a multiple of `BLOCK-SIZE`.
+`UNPAD(INPUT,BLOCK-SIZE)` :: Starts reading bytes from the end of `INPUT` until a `0x80` is read and then returns bytes of `INPUT` before the `0x80`. Throws an error if a value other than `0x00` is read before reading `0x80` or if no `0x80` is read after reading `BLOCK-SIZE - 1` bytes from the end.
+
+This is the padding algorithm implemented in https://libsodium.gitbook.io/doc/padding[libsodium]footnote:[Also as apparently specified in ISO/IEC 7816-4, which however is not openly available. Fuck you ISO.].
=== Block Size