Ouroboros Flow Allocation Protocol
Jump to navigation
Jump to search
This page is under construction
Header
OAP Header Structure ==================== 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + id (128 bits) + | Unique flow allocation ID | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + timestamp (64 bits) + | UTC nanoseconds since epoch | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ---+ | crt_len (16 bits) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | | | + + | | certificate (variable) | | + X.509 certificate, DER encoded + | | | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | eph_len (16 bits) | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | + + | | ephemeral_key (variable) | | Signed + ECDHE P-384 public key, DER encoded + | Region | | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | data_len (16 bits) | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | + data (variable) + | | Piggybacked application data | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | sig_len (16 bits) | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ---+ | | + + | signature (variable) | + ECDSA signature over signed region + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Field Summary: +---------------+----------+----------------------------------------+ | Field | Size | Description | +---------------+----------+----------------------------------------+ | id | 16 bytes | Random 128-bit flow allocation ID | | timestamp | 8 bytes | UTC time in nanoseconds (replay prot.) | | crt_len | 2 bytes | Certificate length (0 = no auth) | | certificate | variable | X.509 cert signed by CA (DER encoded) | | eph_len | 2 bytes | Ephemeral key length (0 = no encrypt) | | ephemeral_key | variable | ECDHE P-384 public key (91 bytes typ.) | | data_len | 2 bytes | Application data length | | data | variable | Piggybacked app data (future use) | | sig_len | 2 bytes | Signature length (0 = unsigned) | | signature | variable | ECDSA-SHA384 sig (~103 bytes typ.) | +---------------+----------+----------------------------------------+ Minimum header size: 16 + 8 + 2 + 2 + 2 + 2 = 32 bytes (no optional fields) Typical sizes: - No auth, no encrypt: 32 bytes - Encrypt only: 32 + 91 = 123 bytes - Auth only: 32 + ~560 + ~103 = ~695 bytes - Auth + encrypt: 32 + ~560 + 91 + ~103 = ~786 bytes
Operation
Client (IRMd) Server (IRMd)
| |
| 1. Load client cert/key |
| 2. Generate ephemeral keypair |
| 3. Build OAP_HDR (id, ts, crt, eph) |
| 4. Sign header with client key |
| |
|-------- FLOW_REQ (OAP_HDR) ------------->|
| |
| | 5. Load server cert/key
| | 6. Verify client cert against CA
| | 7. Verify client signature
| | 8. Generate ephemeral keypair
| | 9. Derive symmetric key (ECDHE)
| | 10. Build response OAP_HDR
| | 11. Sign with server key
| |
|<------- FLOW_REPLY (OAP_HDR) ------------|
| |
| 12. Verify server cert against CA |
| 13. Verify server signature |
| 14. Derive symmetric key (ECDHE) |
| |
|===========================================|
| Encrypted data channel |
|===========================================|