Confirmed users
632
edits
Loop/Architecture/Context: Difference between revisions
Jump to navigation
Jump to search
→Encryption Details
| Line 16: | Line 16: | ||
Standalone clients receive the unwrapped '''kR''' in the fragment portion of the URL that was provided to them as the means of joining the room. Upon retrieving the encrypted room context information from the server, they use this '''kR''' to decode the room context information and display it to the user. | Standalone clients receive the unwrapped '''kR''' in the fragment portion of the URL that was provided to them as the means of joining the room. Upon retrieving the encrypted room context information from the server, they use this '''kR''' to decode the room context information and display it to the user. | ||
=== | === Algorithm Details === | ||
To allow for evolving the underlying crypto algorithm, any encrypted context will be paired with an explicit indication of the algorithm in use. For the moment, we define only one algorithm, "AES-GCM". Key length is not explicitly included in the algorithm name, and is instead implied by the length of the accompanying key. For our initial implementation, we will be generating 128-bit keys; however, code should be forwards-compatible with longer key lengths. | |||
For AES-GCM, the "context" field is formatted as follows: | |||
Base64(IV || ciphertext || tag) | |||
Where IV is 12 bytes in length, and tag is 8 bytes (64 bits) in length. | |||
Encryption consists of selecting a random 12-byte IV value. This IV, the plaintext JSON representation of the room context fields, and the unwrapped '''kR''' are used as input to the AES-GCM encryption algorithm, which is configured to generate a 64-bit validation tag. The IV is then concatenated with the ciphertext and the validation tag. The resulting bytestring is Base64 encoded, and included as the "context" field in the appropriate Loop Server API call, alongside the wrapped room key '''kR''' and the algorithm name ("AES-GCM"). | |||
Decryption consists of Base64 decoding the "context" field, splitting off the first 12 bytes for use as an IV, and splitting off the final 8 bytes as the validation tag. These are then used as input to the AES-GCM decryption algorithm (along with the unwrapped '''kR'''), the output of which is a JSON object containing fields that correspond to the various room context information fields. | |||
== Loop Server API Changes == | == Loop Server API Changes == | ||