Ouroboros Flow Allocation Protocol: Difference between revisions
Jump to navigation
Jump to search
m (Dimitri moved page Flow Allocation Protocol to Ouroboros Flow Allocation Protocol) |
No edit summary |
||
| Line 1: | Line 1: | ||
{{Under construction}} | {{Under construction}} | ||
= Header = | |||
<pre> | |||
OAP Header Structure | |||
==================== | |||
0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | | |||
+ + | |||
| | | |||
+ id (128 bits) + | |||
| Unique flow allocation ID | | |||
+ + | |||
| | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | | |||
+ timestamp (64 bits) + | |||
| UTC nanoseconds since epoch | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ---+ | |||
| crt_len (16 bits) | | | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | |||
| | | | |||
+ + | | |||
| certificate (variable) | | | |||
+ X.509 certificate, DER encoded + | | |||
| | | | |||
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | |||
| | eph_len (16 bits) | | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | |||
| | | | |||
+ + | | |||
| ephemeral_key (variable) | | Signed | |||
+ ECDHE P-384 public key, DER encoded + | Region | |||
| | | | |||
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | |||
| | data_len (16 bits) | | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | |||
| | | | |||
+ data (variable) + | | |||
| Piggybacked application data | | | |||
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | |||
| | sig_len (16 bits) | | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ---+ | |||
| | | |||
+ + | |||
| signature (variable) | | |||
+ ECDSA signature over signed region + | |||
| | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
Field Summary: | |||
+---------------+----------+----------------------------------------+ | |||
| Field | Size | Description | | |||
+---------------+----------+----------------------------------------+ | |||
| id | 16 bytes | Random 128-bit flow allocation ID | | |||
| timestamp | 8 bytes | UTC time in nanoseconds (replay prot.) | | |||
| crt_len | 2 bytes | Certificate length (0 = no auth) | | |||
| certificate | variable | X.509 cert signed by CA (DER encoded) | | |||
| eph_len | 2 bytes | Ephemeral key length (0 = no encrypt) | | |||
| ephemeral_key | variable | ECDHE P-384 public key (91 bytes typ.) | | |||
| data_len | 2 bytes | Application data length | | |||
| data | variable | Piggybacked app data (future use) | | |||
| sig_len | 2 bytes | Signature length (0 = unsigned) | | |||
| signature | variable | ECDSA-SHA384 sig (~103 bytes typ.) | | |||
+---------------+----------+----------------------------------------+ | |||
Minimum header size: 16 + 8 + 2 + 2 + 2 + 2 = 32 bytes (no optional fields) | |||
Typical sizes: | |||
- No auth, no encrypt: 32 bytes | |||
- Encrypt only: 32 + 91 = 123 bytes | |||
- Auth only: 32 + ~560 + ~103 = ~695 bytes | |||
- Auth + encrypt: 32 + ~560 + 91 + ~103 = ~786 bytes | |||
</pre> | |||
= Operation = | |||
<pre> | |||
Client (IRMd) Server (IRMd) | |||
| | | |||
| 1. Load client cert/key | | |||
| 2. Generate ephemeral keypair | | |||
| 3. Build OAP_HDR (id, ts, crt, eph) | | |||
| 4. Sign header with client key | | |||
| | | |||
|-------- FLOW_REQ (OAP_HDR) ------------->| | |||
| | | |||
| | 5. Load server cert/key | |||
| | 6. Verify client cert against CA | |||
| | 7. Verify client signature | |||
| | 8. Generate ephemeral keypair | |||
| | 9. Derive symmetric key (ECDHE) | |||
| | 10. Build response OAP_HDR | |||
| | 11. Sign with server key | |||
| | | |||
|<------- FLOW_REPLY (OAP_HDR) ------------| | |||
| | | |||
| 12. Verify server cert against CA | | |||
| 13. Verify server signature | | |||
| 14. Derive symmetric key (ECDHE) | | |||
| | | |||
|===========================================| | |||
| Encrypted data channel | | |||
|===========================================| | |||
</pre> | |||
Revision as of 09:15, 3 January 2026
This page is under construction
Header
OAP Header Structure ==================== 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + id (128 bits) + | Unique flow allocation ID | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + timestamp (64 bits) + | UTC nanoseconds since epoch | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ---+ | crt_len (16 bits) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | | | + + | | certificate (variable) | | + X.509 certificate, DER encoded + | | | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | eph_len (16 bits) | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | + + | | ephemeral_key (variable) | | Signed + ECDHE P-384 public key, DER encoded + | Region | | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | data_len (16 bits) | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | + data (variable) + | | Piggybacked application data | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | sig_len (16 bits) | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ---+ | | + + | signature (variable) | + ECDSA signature over signed region + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Field Summary: +---------------+----------+----------------------------------------+ | Field | Size | Description | +---------------+----------+----------------------------------------+ | id | 16 bytes | Random 128-bit flow allocation ID | | timestamp | 8 bytes | UTC time in nanoseconds (replay prot.) | | crt_len | 2 bytes | Certificate length (0 = no auth) | | certificate | variable | X.509 cert signed by CA (DER encoded) | | eph_len | 2 bytes | Ephemeral key length (0 = no encrypt) | | ephemeral_key | variable | ECDHE P-384 public key (91 bytes typ.) | | data_len | 2 bytes | Application data length | | data | variable | Piggybacked app data (future use) | | sig_len | 2 bytes | Signature length (0 = unsigned) | | signature | variable | ECDSA-SHA384 sig (~103 bytes typ.) | +---------------+----------+----------------------------------------+ Minimum header size: 16 + 8 + 2 + 2 + 2 + 2 = 32 bytes (no optional fields) Typical sizes: - No auth, no encrypt: 32 bytes - Encrypt only: 32 + 91 = 123 bytes - Auth only: 32 + ~560 + ~103 = ~695 bytes - Auth + encrypt: 32 + ~560 + 91 + ~103 = ~786 bytes
Operation
Client (IRMd) Server (IRMd)
| |
| 1. Load client cert/key |
| 2. Generate ephemeral keypair |
| 3. Build OAP_HDR (id, ts, crt, eph) |
| 4. Sign header with client key |
| |
|-------- FLOW_REQ (OAP_HDR) ------------->|
| |
| | 5. Load server cert/key
| | 6. Verify client cert against CA
| | 7. Verify client signature
| | 8. Generate ephemeral keypair
| | 9. Derive symmetric key (ECDHE)
| | 10. Build response OAP_HDR
| | 11. Sign with server key
| |
|<------- FLOW_REPLY (OAP_HDR) ------------|
| |
| 12. Verify server cert against CA |
| 13. Verify server signature |
| 14. Derive symmetric key (ECDHE) |
| |
|===========================================|
| Encrypted data channel |
|===========================================|