Skip to content

Crypto

Jump to bottom Edit New page
Stephan Zeisberg edited this page Apr 7, 2016 · 44 revisions

[WIP]

splonebox uses a hybrid protocol for key exchange which combines the advantages of symmetric and public key encryption. The public key encryption is used to establish a shared secret that can be used as a symmetric key. The protocol is inspired by the curvecp protocol.

Connection overview

A connection begins with a client tunnel packet from the client. In response the server sends a server tunnel packet. The server is free to send any number of server message packets after it sees the client tunnel packet. The client is free to send any number of client message packets after it sees the server tunnel packet.

Packet Format

Client hello packet

A Hello packet is a 192-byte packet with the following contents:

  • 8 bytes: the ASCII bytes "oqQN2kaH".
  • 32 bytes: the client's short-term public key C'.
  • 64 bytes: all zero.
  • 8 bytes: a client-selected compressed nonce in little-endian form. This compressed nonce is implicitly prefixed by "splonebox-client" to form a 24-byte nonce.
  • 80 bytes: a cryptographic box encrypted and authenticated to the server's long-term public key S from the client's short-term public key C' using this 24-byte nonce. The 64-byte plaintext inside the box has the following contents:
    • 64 bytes: all zero.

Server cookie packet details

A Cookie packet is a 168-byte packet with the following format:

  • 8 bytes: the ASCII bytes "rZQTd2nC".
  • 16 bytes: a server-selected compressed nonce in little-endian form. This compressed nonce is implicitly prefixed by "splonePK" to form a 24-byte nonce.
  • 144 bytes: a cryptographic box encrypted and authenticated to the client's short-term public key C' from the server's long-term public key S using this 24-byte nonce. The 128-byte plaintext inside the box has the following contents:
    • 32 bytes: the server's short-term public key S'.
    • 96 bytes: the server's cookie.

Client initiate packet details

An Initiate packet is a (256)-byte packet with the following contents:

  • 8 bytes: the ASCII bytes "oqQN2kaI".
  • 96 bytes: the server's cookie.
  • 8 bytes: a client-selected compressed nonce in little-endian form. This compressed nonce is implicitly prefixed by "splonebox-client" to form a 24-byte nonce.
  • 144 bytes: a cryptographic box encrypted and authenticated to the server's short-term public key S' from the client's short-term public key C' using this 24-byte nonce. The (96+M)-byte plaintext inside the box has the following contents:
    • 32 bytes: the client's long-term public key C.
    • 16 bytes: a client-selected compressed nonce in little-endian form. This compressed nonce is implicitly prefixed by "splonePV" to form a 24-byte nonce.
    • 80 bytes: a cryptographic box encrypted and authenticated to the server's long-term public key S from the client's long-term public key C using this 24-byte nonce. The 32-byte plaintext inside the box has the following contents:
      • 32 bytes: the client's short-term public key C'.
      • 32 bytes: server's short term public key S'

Server message packet details

A Message packet from the server is a (56+M)-byte packet with the following contents:

  • 8 bytes: the ASCII bytes "rZQTd2nM".
  • 8 bytes: a server-selected compressed nonce in little-endian form. This compressed nonce is implicitly prefixed by "splonebox-server" to form a 24-byte nonce.
  • 24 bytes: a cryptographic box encrypted and authenticated to the client's short-term public key C' from the server's short-term public key S' using this 24-byte nonce. The M-byte plaintext inside the box has the following contents:
    • 8 bytes: length
  • 16+M bytes: a cryptographic box encrypted and authenticated to the client's short-term public key C' from the server's short-term public key S' using this 24-byte nonce + 2. The M-byte plaintext inside the box has the following contents:
    • M bytes: a message.

Client Message packet details

A Message packet from the client is a (56+M)-byte packet with the following contents:

  • 8 bytes: the ASCII bytes "oqQN2kaM".
  • 8 bytes: a client-selected compressed nonce in little-endian form. This compressed nonce is implicitly prefixed by "splonebox-client" to form a 24-byte nonce.
  • 24 bytes: a cryptographic box encrypted and authenticated to the server's short-term public key S' from the client's short-term public key C' using this 24-byte nonce. The M-byte plaintext inside the box has the following contents:
    • 8 bytes: length
  • 16+M bytes: a cryptographic box encrypted and authenticated to the server's short-term public key S' from the client's short-term public key C' using this 24-byte nonce + 2. The M-byte plaintext inside the box has the following contents:
    • M bytes: a message.
Add a custom footer
Add a custom sidebar

Clone this wiki locally