diff options
author | Christian Grothoff <christian@grothoff.org> | 2020-12-05 19:47:03 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2020-12-05 19:47:03 +0100 |
commit | 6da702cb839b682d80d87fdcd88eb9ff16c189ae (patch) | |
tree | 24ef34da4c1c8f6da4ac782961479ad9bf422f0a /anastasis.rst | |
parent | df9eb5452325255dfa77030eb539d0b8c88a6c9e (diff) | |
parent | 085d99420a7aa23b04bd4ce1e256eec9e182c166 (diff) | |
download | docs-6da702cb839b682d80d87fdcd88eb9ff16c189ae.tar.gz docs-6da702cb839b682d80d87fdcd88eb9ff16c189ae.tar.bz2 docs-6da702cb839b682d80d87fdcd88eb9ff16c189ae.zip |
Merge branch 'master' of git+ssh://git.taler.net/docs
Diffstat (limited to 'anastasis.rst')
-rw-r--r-- | anastasis.rst | 89 |
1 files changed, 57 insertions, 32 deletions
diff --git a/anastasis.rst b/anastasis.rst index 78a7b166..9773e959 100644 --- a/anastasis.rst +++ b/anastasis.rst @@ -145,7 +145,7 @@ determined by an adversary performing a targeted attack, as a user's likely also be available to other actors. -:: +.. code-block:: none kdf_id := Argon2( identifier, server_salt, keysize ) @@ -173,7 +173,7 @@ generate the corresponding public key. Here, "ver" is used as a salt for the HKDF to ensure that the result differs from other cases where we hash **kdf_id**. -:: +.. code-block:: none ver_secret := HKDF(kdf_id, "ver", keysize) eddsa_priv := eddsa_d_to_a(ver_secret) @@ -190,7 +190,7 @@ HKDF to ensure that the result differs from other cases where we hash **eddsa_d_to_a()**: Function which converts the ver_key to a valid EdDSA private key. Specifically, assuming the value eddsa_priv is in a 32-byte array "digest", the function clears and sets certain bits as follows: -:: +.. code-block:: none digest[0] = (digest[0] & 0x7f) | 0x40; digest[31] &= 0xf8; @@ -208,7 +208,7 @@ symmetric key and an initialization vector (IV). To ensure that the symmetric key changes for each encryption operation, we compute the key material using an HKDF over a nonce and the kdf_id. -:: +.. code-block:: none (iv,key) := HKDF(kdf_id, nonce, keysize + ivsize) @@ -248,7 +248,7 @@ the **key_share**. To ensure that the key derivation for the encryption of the **recovery document** differs fundamentally from that of an individual **key share**, we use different salts ("erd" and "eks" respectively). -:: +.. code-block:: none (iv0, key0) = HKDF(key_id, nonce0, "erd", keysize + ivsize) (encrypted_recovery_document, aes_gcm_tag) = AES256_GCM(recovery_document, key0, iv0) @@ -277,7 +277,7 @@ The EdDSA keys are used to sign the data sent from the client to the server. Everything the client sends to server is signed. The following algorithm is equivalent for **Anastasis-Policy-Signature**. -:: +.. code-block:: none (anastasis-account-signature) = eddsa_sign(h_body, eddsa_priv) ver_res = eddsa_verifiy(h_body, anastasis-account-signature, eddsa_pub) @@ -291,7 +291,7 @@ algorithm is equivalent for **Anastasis-Policy-Signature**. When requesting policy downloads, the client must also provide a signature: -:: +.. code-block:: none (anastasis-account-signature) = eddsa_sign(version, eddsa_priv) ver_res = eddsa_verifiy(version, anastasis-account-signature, eddsa_pub) @@ -818,7 +818,8 @@ to store or load the different states the client application can have. The reducer takes a state_ in JSON syntax and returns the new state in JSON syntax. For example a **state** may take the following structure: -:: + +.. code-block:: json { "backup_state": "CONTINENT_SELECTING", @@ -830,7 +831,8 @@ For example a **state** may take the following structure: The new state depends on the previous one and on the transition action_ with its arguments given to the reducer. A **transition argument** also is a statement in JSON syntax: -:: + +.. code-block:: json { "continent": "Europe" @@ -838,7 +840,8 @@ arguments given to the reducer. A **transition argument** also is a statement in The new state returned by the reducer with the state and transition argument defined above would look like following for the transition action_ "select_continent": -:: + +.. code-block:: json { "backup_state": "COUNTRY_SELECTING", @@ -927,7 +930,8 @@ Initial state The initial states for backup and recovery processes are looking like following: **Initial backup state:** -:: + +.. code-block:: json { "backup_state": "CONTINENT_SELECTING", @@ -939,7 +943,8 @@ The initial states for backup and recovery processes are looking like following: **Initial backup state:** -:: + +.. code-block:: json { "recovery_state": "CONTINENT_SELECTING", @@ -956,14 +961,16 @@ Common transitions **select_continent:** Arguments (example): -:: + +.. code-block:: json { "continent": "Europe" } Expected new state: -:: + +.. code-block:: json { "backup_state": "COUNTRY_SELECTING", @@ -1006,7 +1013,8 @@ Expected new state: **select_country:** Arguments (example): -:: + +.. code-block:: json { "country": "Germany", @@ -1015,7 +1023,8 @@ Arguments (example): } Expected new state: -:: + +.. code-block:: json { "backup_state": "USER_ATTRIBUTES_COLLECTING", @@ -1143,7 +1152,8 @@ Expected new state: **enter_user_attributes:** Arguments (example): -:: + +.. code-block:: json { "identity_attributes": { @@ -1156,7 +1166,8 @@ Arguments (example): } Expected new state (backup process): -:: + +.. code-block:: json { "backup_state": "AUTHENTICATIONS_EDITING", @@ -1294,7 +1305,8 @@ No Arguments needed, but the **pay** transition may have optional arguments: **pay:** Optional arguments to try uploading just specific truths (example): -:: + +.. code-block:: json { "truth_index": [ @@ -1304,7 +1316,8 @@ Optional arguments to try uploading just specific truths (example): } Optional arguments to try uploading recovery document to specific providers (example): -:: + +.. code-block:: json { "provider_id": [ @@ -1320,7 +1333,8 @@ Backup transitions **add_authentication:** Arguments (example): -:: + +.. code-block:: json { "authentication_method": @@ -1334,7 +1348,8 @@ Arguments (example): } Expected new state: -:: + +.. code-block:: json { "backup_state": "AUTHENTICATIONS_EDITING", @@ -1541,14 +1556,16 @@ Expected new state: **del_authentication:** Arguments (example): -:: + +.. code-block:: json { "auth_method_index": 1 } Expected new state: -:: + +.. code-block:: json { "backup_state": "AUTHENTICATIONS_EDITING", @@ -1749,7 +1766,8 @@ Expected new state: **add_policy:** Arguments (example): -:: + +.. code-block:: json { "policy": [ @@ -1765,7 +1783,8 @@ Arguments (example): } Expected new state: -:: + +.. code-block:: json { "backup_state": "POLICIES_REVIEWING", @@ -2021,14 +2040,16 @@ Expected new state: **del_policy:** Arguments (example): -:: + +.. code-block:: json { "policy_index": 3 } Expected new state: -:: + +.. code-block:: json { "backup_state": "POLICIES_REVIEWING", @@ -2270,7 +2291,8 @@ Expected new state: **enter_secret:** Arguments (example): -:: + +.. code-block:: json { "secret": "someverysecretsecret", @@ -2281,7 +2303,8 @@ Arguments (example): - type: *data* (secret must be a Crockford-Base32 encoded string of some data, e.g. a private key) Expected new state: -:: + +.. code-block:: json { "backup_state": "POLICIES_REVIEWING", @@ -2584,7 +2607,8 @@ Recovery transitions **select_challenge:** Arguments (example): -:: + +.. code-block:: json { "challenge_index": 1 @@ -2594,7 +2618,8 @@ Arguments (example): **solve_challenge:** Arguments (example): -:: + +.. code-block:: json { "challenge_index": 1, |