libraop
libraop copied to clipboard
philippe44
update html protocol doc
hi @philippe44 here is a PR with proposed changes to your doc.
I would like to get the two issues I raise in #34 sorted out before finalising this.
- the public key <atv_pub> should in principle NOT have anything to do with the SRP6 ephemeral secret
- I think <atv_data> should be decrypted not encrypted, as a matter of principle. (this is even if things work the way you do them)
For the record, this is how the uxplay server handles your 10.2 step 1 where it creates <atv_data> (I think aes_encrypt and decrypt are essentially the same as it is a symmetric algorithm)
int
pairing_session_finish(pairing_session_t *session, const unsigned char signature[PAIRING_SIG_SIZE])
{
unsigned char sig_buffer[PAIRING_SIG_SIZE];
unsigned char sig_msg[PAIRING_SIG_SIZE];
unsigned char key[AES_128_BLOCK_SIZE];
unsigned char iv[AES_128_BLOCK_SIZE];
aes_ctx_t *aes_ctx;
assert(session);
if (session->status != STATUS_HANDSHAKE) {
return -1;
}
/* First decrypt the signature with keys derived from the shared secret */
derive_key_internal(session, (const unsigned char *) SALT_KEY, strlen(SALT_KEY), key, sizeof(key));
derive_key_internal(session, (const unsigned char *) SALT_IV, strlen(SALT_IV), iv, sizeof(iv));
aes_ctx = aes_ctr_init(key, iv);
/* One fake round for the initial handshake encryption */
aes_ctr_encrypt(aes_ctx, sig_buffer, sig_buffer, PAIRING_SIG_SIZE);
aes_ctr_encrypt(aes_ctx, signature, sig_buffer, PAIRING_SIG_SIZE);
aes_ctr_destroy(aes_ctx);
/* Then verify the signature with public ECDH keys of both parties */
x25519_key_get_raw(sig_msg, session->ecdh_theirs);
x25519_key_get_raw(sig_msg + X25519_KEY_SIZE, session->ecdh_ours);
if (!ed25519_verify(sig_buffer, PAIRING_SIG_SIZE, sig_msg, PAIRING_SIG_SIZE, session->ed_theirs)) {
return -2;
}
session->status = STATUS_FINISHED;
return 0;
}