Kaladaran/briar
0
0
Fork 0
mirror of https://code.briarproject.org/briar/briar.git synced 2026-03-06 21:48:17 +01:00
Code Issues Projects Releases Wiki Activity

akwizgran created page: BSP

akwizgran
2015-03-22 16:29:59 +00:00
parent ca9481e9e3
commit 784c6709a5
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
BTP.markdown

@@ -28,7 +28,7 @@ Before two devices can communicate using BTP they must establish the following s
* The maximum expected difference between the devices' clocks in seconds, D * The maximum expected difference between the devices' clocks in seconds, D
* The maximum expected latency of the transport in seconds, L * The maximum expected latency of the transport in seconds, L
How this state is established is outside the scope of BTP. The devices must establish a separate S for each transport over which they wish to communicate. T must be at least D + L seconds in the past according to both devices' clocks. How this state is established is outside the scope of BTP. The devices must establish a separate S for each transport over which they wish to communicate. T must be in the past according to both devices' clocks.
The devices must also agree which of them will play the role of Alice and which will play the role of Bob. The roles are identical except for some key derivation constants. The devices must also agree which of them will play the role of Alice and which will play the role of Bob. The roles are identical except for some key derivation constants.
@@ -55,12 +55,12 @@ BTP achieves forward secrecy by rotating keys periodically. The key rotation fun
The length of each rotation period is R = D + L seconds. Rotation periods are aligned with the Unix epoch. The timestamp T falls in rotation period P = floor(T / R). The length of each rotation period is R = D + L seconds. Rotation periods are aligned with the Unix epoch. The timestamp T falls in rotation period P = floor(T / R).
The initial keys derived from S are the keys for period P. The keys for each subsequent period i are derived from the previous period's keys as follows: The initial keys derived from S are the keys for period P - 1. The keys for the i^th rotation period are derived from the previous period's keys as follows:
* next_otk = KDF(otk, "ROTATE_TAG_KEY", int(i)) * otk = KDF(otk, "ROTATE_TAG_KEY", int(i))
* next_ock = KDF(ock, "ROTATE_HEADER_KEY", int(i)) * ock = KDF(ock, "ROTATE_HEADER_KEY", int(i))
* next_itk = KDF(itk, "ROTATE_TAG_KEY", int(i)) * itk = KDF(itk, "ROTATE_TAG_KEY", int(i))
* next_ick = KDF(ick, "ROTATE_HEADER_KEY", int(i)) * ick = KDF(ick, "ROTATE_HEADER_KEY", int(i))
If the sender starts sending a stream at time t according to the sender's clock, the recipient may start receiving the stream at any time between t - D and t + D + L according to the recipient's clock. Therefore each device must retain the incoming keys for the previous, current and next rotation periods, along with the outgoing keys for the current rotation period. Keys are erased when they are no longer needed. If the sender starts sending a stream at time t according to the sender's clock, the recipient may start receiving the stream at any time between t - D and t + D + L according to the recipient's clock. Therefore each device must retain the incoming keys for the previous, current and next rotation periods, along with the outgoing keys for the current rotation period. Keys are erased when they are no longer needed.