simple-pfs-stream

JSON-based perfect forward secrecy stream

E2EE (Endpoint to Endpoint Encryption)

Handshake Process

Functions

$3

= HKDF(algo=connectionHashAlgo, secret=masterKey, message=label + clientNonce + serverNonce + seed)

$3

* Encoding = Base64Encode(JSON_Stringify(input))
* Decoding = JSON_Parse(Base64Decode(input))

Step 1. ClientHello

* Direction : Client -> Server

$3

- ephemeralAlgorithm
- ephemeralClientPublicKey
- availableEncryptionAlgorithms $Array order is priority$
- availablePrfAlgorithms $Array order is priority$
- available
- clientNonce

Step 2. ServerHello

* Direction : Server -> Client

$3

- masterSecret = ECDH(ephemeralServerPrivateKey, ephemeralClientPublicKey)
- serverHandshakeKey = DeriveSecret(masterSecret, "server-handshake")
- (initial) wrappedTrafficSecretKey = DeriveSecret(masterSecret, "wrapped-traffic-key", firstWrappedTrafficSecretSalt)
- (initial) wrappedTrafficSecretIV = DeriveSecret(masterSecret, "wrapped-traffic-iv", firstWrappedTrafficSecretSalt)

$3

- signatureAlgorithm
- serverPublicKey
- protected : JSON-Base64 Encoded String
- ephemeralServerPublicKey
- negotiatedEncryptionAlgorithm
- negotiatedPrfAlgorithm
- serverNonce
- encrypted : (= Encrypt(serverHandshakeKey, ...))
- serverCertificate (User defined metadata)
- firstWrappedTrafficSecretSalt
- extensions
- payloadSignature (= SIGN(serverPublicKey, \[protectedHeader, protectedData\]))

Step 3. Finish

* Direction : Client -> Server

$3

- masterSecret = ECDH(ephemeralClientPrivateKey, ephemeralServerPublicKey)
- serverHandshakeKey = DeriveSecret(masterSecret, "server-handshake")
- (initial) wrappedTrafficSecretKey = DeriveSecret(masterSecret, "wrapped-traffic-key", firstWrappedTrafficSecretSalt)
- (initial) wrappedTrafficSecretIV = DeriveSecret(masterSecret, "wrapped-traffic-iv", firstWrappedTrafficSecretSalt)

$3

...

TODO: TrafficKeyUpdate

* Direction : Anyone -> Other
* Wrapping Key = wrappedTrafficSecret

$3

- seed = random 32byte

$3

wrappedTrafficSecret = DeriveSecret(wrappedTrafficSecret, "application-traffic", seed)

Wrapped Data

$3

* Direction : Server -> Client
* Key = application_traffic_secret

$3

* Direction : Client -> Server
* Key = client_application_traffic_secret

simple-pfs-stream

JSON-based perfect forward secrecy stream

E2EE (Endpoint to Endpoint Encryption)

Handshake Process

Functions

$3

= HKDF(algo=connectionHashAlgo, secret=masterKey, message=label + clientNonce + serverNonce + seed)

$3

* Encoding = Base64Encode(JSON_Stringify(input))
* Decoding = JSON_Parse(Base64Decode(input))

Step 1. ClientHello

* Direction : Client -> Server

$3

- ephemeralAlgorithm
- ephemeralClientPublicKey
- availableEncryptionAlgorithms $Array order is priority$
- availablePrfAlgorithms $Array order is priority$
- available
- clientNonce

Step 2. ServerHello

* Direction : Server -> Client

$3

Step 3. Finish

* Direction : Client -> Server

$3

...

TODO: TrafficKeyUpdate

* Direction : Anyone -> Other
* Wrapping Key = wrappedTrafficSecret

$3

- seed = random 32byte

$3

wrappedTrafficSecret = DeriveSecret(wrappedTrafficSecret, "application-traffic", seed)

Wrapped Data

$3

* Direction : Server -> Client
* Key = application_traffic_secret

$3

* Direction : Client -> Server
* Key = client_application_traffic_secret