Comments (9)
Outgoing and incoming Combined Sequence Numbers (CSNs) reside in the peer scope.
I've started creating a table for this but it seems really complicated when writing it down which part of the nonce resides in which scope for incoming and outgoing messages. I have the feeling that this is starting to be a weakness of the protocol or its just a matter of proper representation of the scopes. So far, I don't know.
This was my work so far (completely unfinished and I have the feeling its not representing the scopes in a satisfactory manner). Any ideas?
Header/Nonce Scopes
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Cookie | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source | Destination | Overflow Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Overflow Number and Sequence Number will be called Combined Sequence Number.
Globally
Nothing
Session
- Cookie [out]
- Source [out]
- Destination [in]
Peer (each client or the server)
- Cookie (in)
- Source (with the exception that the server will use
0x00
for non-authenticated new clients)- Overflow Number and Sequence Number (also called Combined Sequence Number)
from saltyrtc-meta.
Can't we just word it similar to this?
Per Session
- Each peer generates a Cookie
- The server or initiator self-assign the Address according to the spec
- Each responder get assigned the Address from the server
Per communication channel between two peers
- Each peer initially generates a Combined Sequence Number for every communication channel (SaltyRTC p2p connection or WebRTC data channel)
Not sure if that's clearer. But it avoids the terminology of scopes.
from saltyrtc-meta.
What's missing here: Data channels. Two parallel data channels use the same peerconnection between the same two peers. Should they share the CSN? (I can't really see why not.)
from saltyrtc-meta.
No, they have separate CSNs. In essence, a different CSN is being used for each channel (of each peer of each session). That way we can rule out replay attacks and channel instances do not need to share a number which may lead to race conditions for threaded clients.
(We really have to put our heads together and sort this out. Maybe an image would help.)
from saltyrtc-meta.
Is there something missing in the listing above? Is it correct?
from saltyrtc-meta.
I started implementing nonce validation, but stumbled over a problem. If we have to keep separate CSNs for server, initiator and all responders for both channels (websocket or datachannel) during signaling, the code gets really complex.
My suggestion:
- During signaling, each peer initially generates a Combined Sequence Number for every other peer
- Each wrapped data channel gets its own CSN
This way, wrapped data channels don't have synchronization problems over a shared CSN, but signaling can be simplified by having a single CSN per peer connection, no matter which communication channel they use.
from saltyrtc-meta.
IIRC you are saying that CSNs of the signalling channel should be reused after handover? I guess we could do that but the fields source address and destination address still need to be changed to the (negotiated) data channel id. I mean, we haven't really defined the header for data channels, yet. Here is my plan for both handover and wrapped data channels:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Cookie 2 |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data Channel ID | Overflow Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
So, if this is the nonce/header before the handover...
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Cookie 1 |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 0x01 | 0x02 | 0x01 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 0x7f |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Then this would be the nonce/header after the handover (assuming that id 0 has been negotiated for the signalling channel):
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| Cookie 2 |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 0x00 | 0x01 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 0x7f |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
In addition, the cookie MUST be changed for wrapped data channels (that includes handed over signalling channels). Otherwise, nonce reuse is possible.
An alternative would be to change the key once again for data channels. Let's figure out what makes more sense or what is less error prone to implement.
from saltyrtc-meta.
Cookie scope has been quite a headache but I think I've figured it out:
- For clients, the cookie is randomly generated once and then valid for the entire session (connection to the signalling server) of that specific path.
- For servers, the cookie has to be randomly generated for each connected client and is then valid until the client disconnects.
from saltyrtc-meta.
@dbrgn Really sorry, but we have to change that again: The cookie MUST be random per peer, exactly as the CSN. After 'new-initiator' and 'new-responder', the client has to remove all previous information of the announced id, such as a cached cookie and CSN for outgoing and incoming data. Otherwise, it's hello nonce reuse.
from saltyrtc-meta.
Related Issues (20)
- Specify recommended exchange message HOT 4
- Post-Release-List HOT 7
- Handover Data Race HOT 1
- End of Candidates HOT 16
- Handover Disable Request HOT 3
- Inconsistency regarding handling of inactive responders HOT 3
- Candidates message example needs update
- Maximum message size can be dropped
- Maximum message size is u64 and may be 0 HOT 1
- ufrag renamed to usernameFragment HOT 1
- onIceCandidatesRemoved HOT 5
- Explain Identity HOT 2
- Accepting message sources other than 0x00 HOT 2
- Msgpack type for binary data HOT 2
- Non-binary websocket messages HOT 1
- Remove send-error message HOT 4
- What is close code 3003 "Handover of the Signalling Channel" being used for? HOT 2
- SaltyRTC and Verifpal HOT 2
- Questions about the protocol HOT 11
- Inconsistency (or unclear text) wrt. closing with an authenticated client. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from saltyrtc-meta.