Skip to content
Snippets Groups Projects
  1. May 17, 2012
  2. Mar 29, 2012
  3. Feb 23, 2012
  4. Dec 10, 2011
  5. Nov 19, 2011
  6. Nov 16, 2011
    • akwizgran's avatar
      Forward secrecy. · f6ae4734
      akwizgran authored
      Each connection's keys are derived from a secret that is erased after
      deriving the keys and the secret for the next connection.
      f6ae4734
  7. Oct 04, 2011
  8. Oct 03, 2011
  9. Aug 18, 2011
    • akwizgran's avatar
      Frame the encrypted data independently of inter-packet boundaries and · 2411e200
      akwizgran authored
      authenticate each frame before parsing its contents. Each connection
      starts with a tag, followed by any number of frames, each starting
      with the frame number (32 bits) and payload length (16 bits), and
      ending with a MAC (256 bits).
      
      Tags have the following format: 32 bits reserved, 16 bits for the
      transport ID, 32 bits for the connection number, 32 bits (set to zero
      in the tag) for the frame number, and 16 bits (set to zero in the tag)
      for the block number. The tag is encrypted with the tag key in
      ECB mode.
      
      Frame numbers for each connection must start from zero and must be
      contiguous and strictly increasing. Each frame is encrypted with the
      frame key in CTR mode, using the plaintext tag with the appropriate
      frame number to initialise the counter.
      
      The maximum frame size is 64 KiB, including header and footer. The
      maximum amount of data that can be sent over a connection is 2^32
      frames - roughly 2^48 bytes, or 8 terabytes, with the maximum frame
      size of 64 KiB. If that isn't sufficient we can add another 16 bits to
      the frame counter.
      2411e200
  10. Jul 24, 2011
  11. Jul 22, 2011
  12. Jul 14, 2011
  13. Jul 05, 2011
  14. Jul 01, 2011
  15. Jun 27, 2011
  16. Jun 22, 2011
  17. Jun 21, 2011
Loading