summaryrefslogtreecommitdiff
path: root/anastasis.rst
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2020-12-05 19:47:03 +0100
committerChristian Grothoff <christian@grothoff.org>2020-12-05 19:47:03 +0100
commit6da702cb839b682d80d87fdcd88eb9ff16c189ae (patch)
tree24ef34da4c1c8f6da4ac782961479ad9bf422f0a /anastasis.rst
parentdf9eb5452325255dfa77030eb539d0b8c88a6c9e (diff)
parent085d99420a7aa23b04bd4ce1e256eec9e182c166 (diff)
downloaddocs-6da702cb839b682d80d87fdcd88eb9ff16c189ae.tar.gz
docs-6da702cb839b682d80d87fdcd88eb9ff16c189ae.tar.bz2
docs-6da702cb839b682d80d87fdcd88eb9ff16c189ae.zip
Merge branch 'master' of git+ssh://git.taler.net/docs
Diffstat (limited to 'anastasis.rst')
-rw-r--r--anastasis.rst89
1 files changed, 57 insertions, 32 deletions
diff --git a/anastasis.rst b/anastasis.rst
index 78a7b166..9773e959 100644
--- a/anastasis.rst
+++ b/anastasis.rst
@@ -145,7 +145,7 @@ determined by an adversary performing a targeted attack, as a user's
likely also be available to other actors.
-::
+.. code-block:: none
kdf_id := Argon2( identifier, server_salt, keysize )
@@ -173,7 +173,7 @@ generate the corresponding public key. Here, "ver" is used as a salt for the
HKDF to ensure that the result differs from other cases where we hash
**kdf_id**.
-::
+.. code-block:: none
ver_secret := HKDF(kdf_id, "ver", keysize)
eddsa_priv := eddsa_d_to_a(ver_secret)
@@ -190,7 +190,7 @@ HKDF to ensure that the result differs from other cases where we hash
**eddsa_d_to_a()**: Function which converts the ver_key to a valid EdDSA private key. Specifically, assuming the value eddsa_priv is in a 32-byte array "digest", the function clears and sets certain bits as follows:
-::
+.. code-block:: none
digest[0] = (digest[0] & 0x7f) | 0x40;
digest[31] &= 0xf8;
@@ -208,7 +208,7 @@ symmetric key and an initialization vector (IV). To ensure that the
symmetric key changes for each encryption operation, we compute the
key material using an HKDF over a nonce and the kdf_id.
-::
+.. code-block:: none
(iv,key) := HKDF(kdf_id, nonce, keysize + ivsize)
@@ -248,7 +248,7 @@ the **key_share**. To ensure that the key derivation for the encryption
of the **recovery document** differs fundamentally from that of an
individual **key share**, we use different salts ("erd" and "eks" respectively).
-::
+.. code-block:: none
(iv0, key0) = HKDF(key_id, nonce0, "erd", keysize + ivsize)
(encrypted_recovery_document, aes_gcm_tag) = AES256_GCM(recovery_document, key0, iv0)
@@ -277,7 +277,7 @@ The EdDSA keys are used to sign the data sent from the client to the
server. Everything the client sends to server is signed. The following
algorithm is equivalent for **Anastasis-Policy-Signature**.
-::
+.. code-block:: none
(anastasis-account-signature) = eddsa_sign(h_body, eddsa_priv)
ver_res = eddsa_verifiy(h_body, anastasis-account-signature, eddsa_pub)
@@ -291,7 +291,7 @@ algorithm is equivalent for **Anastasis-Policy-Signature**.
When requesting policy downloads, the client must also provide a signature:
-::
+.. code-block:: none
(anastasis-account-signature) = eddsa_sign(version, eddsa_priv)
ver_res = eddsa_verifiy(version, anastasis-account-signature, eddsa_pub)
@@ -818,7 +818,8 @@ to store or load the different states the client application can have.
The reducer takes a state_ in JSON syntax and returns the new state in JSON syntax.
For example a **state** may take the following structure:
-::
+
+.. code-block:: json
{
"backup_state": "CONTINENT_SELECTING",
@@ -830,7 +831,8 @@ For example a **state** may take the following structure:
The new state depends on the previous one and on the transition action_ with its
arguments given to the reducer. A **transition argument** also is a statement in JSON syntax:
-::
+
+.. code-block:: json
{
"continent": "Europe"
@@ -838,7 +840,8 @@ arguments given to the reducer. A **transition argument** also is a statement in
The new state returned by the reducer with the state and transition argument defined
above would look like following for the transition action_ "select_continent":
-::
+
+.. code-block:: json
{
"backup_state": "COUNTRY_SELECTING",
@@ -927,7 +930,8 @@ Initial state
The initial states for backup and recovery processes are looking like following:
**Initial backup state:**
-::
+
+.. code-block:: json
{
"backup_state": "CONTINENT_SELECTING",
@@ -939,7 +943,8 @@ The initial states for backup and recovery processes are looking like following:
**Initial backup state:**
-::
+
+.. code-block:: json
{
"recovery_state": "CONTINENT_SELECTING",
@@ -956,14 +961,16 @@ Common transitions
**select_continent:**
Arguments (example):
-::
+
+.. code-block:: json
{
"continent": "Europe"
}
Expected new state:
-::
+
+.. code-block:: json
{
"backup_state": "COUNTRY_SELECTING",
@@ -1006,7 +1013,8 @@ Expected new state:
**select_country:**
Arguments (example):
-::
+
+.. code-block:: json
{
"country": "Germany",
@@ -1015,7 +1023,8 @@ Arguments (example):
}
Expected new state:
-::
+
+.. code-block:: json
{
"backup_state": "USER_ATTRIBUTES_COLLECTING",
@@ -1143,7 +1152,8 @@ Expected new state:
**enter_user_attributes:**
Arguments (example):
-::
+
+.. code-block:: json
{
"identity_attributes": {
@@ -1156,7 +1166,8 @@ Arguments (example):
}
Expected new state (backup process):
-::
+
+.. code-block:: json
{
"backup_state": "AUTHENTICATIONS_EDITING",
@@ -1294,7 +1305,8 @@ No Arguments needed, but the **pay** transition may have optional arguments:
**pay:**
Optional arguments to try uploading just specific truths (example):
-::
+
+.. code-block:: json
{
"truth_index": [
@@ -1304,7 +1316,8 @@ Optional arguments to try uploading just specific truths (example):
}
Optional arguments to try uploading recovery document to specific providers (example):
-::
+
+.. code-block:: json
{
"provider_id": [
@@ -1320,7 +1333,8 @@ Backup transitions
**add_authentication:**
Arguments (example):
-::
+
+.. code-block:: json
{
"authentication_method":
@@ -1334,7 +1348,8 @@ Arguments (example):
}
Expected new state:
-::
+
+.. code-block:: json
{
"backup_state": "AUTHENTICATIONS_EDITING",
@@ -1541,14 +1556,16 @@ Expected new state:
**del_authentication:**
Arguments (example):
-::
+
+.. code-block:: json
{
"auth_method_index": 1
}
Expected new state:
-::
+
+.. code-block:: json
{
"backup_state": "AUTHENTICATIONS_EDITING",
@@ -1749,7 +1766,8 @@ Expected new state:
**add_policy:**
Arguments (example):
-::
+
+.. code-block:: json
{
"policy": [
@@ -1765,7 +1783,8 @@ Arguments (example):
}
Expected new state:
-::
+
+.. code-block:: json
{
"backup_state": "POLICIES_REVIEWING",
@@ -2021,14 +2040,16 @@ Expected new state:
**del_policy:**
Arguments (example):
-::
+
+.. code-block:: json
{
"policy_index": 3
}
Expected new state:
-::
+
+.. code-block:: json
{
"backup_state": "POLICIES_REVIEWING",
@@ -2270,7 +2291,8 @@ Expected new state:
**enter_secret:**
Arguments (example):
-::
+
+.. code-block:: json
{
"secret": "someverysecretsecret",
@@ -2281,7 +2303,8 @@ Arguments (example):
- type: *data* (secret must be a Crockford-Base32 encoded string of some data, e.g. a private key)
Expected new state:
-::
+
+.. code-block:: json
{
"backup_state": "POLICIES_REVIEWING",
@@ -2584,7 +2607,8 @@ Recovery transitions
**select_challenge:**
Arguments (example):
-::
+
+.. code-block:: json
{
"challenge_index": 1
@@ -2594,7 +2618,8 @@ Arguments (example):
**solve_challenge:**
Arguments (example):
-::
+
+.. code-block:: json
{
"challenge_index": 1,