vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-09-10 11:49:40 +02:00
Code Issues Projects Releases Packages Wiki Activity

ch10, ch11: Describe MDC and quick check bytes

Browse source
This commit is contained in:
Paul Schaub 2023-12-13 12:39:05 +01:00
parent b474753e90
commit 771b2b8326
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
4 changed files with 113 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

75
book/assets/drawio/mdc.drawio Normal file
View file

@ -0,0 +1,75 @@
<mxfile host="app.diagrams.net" modified="2023-12-13T11:36:11.493Z" agent="Mozilla/5.0 (X11; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0" etag="_SoWvvZTPUnqDgXmTAwh" version="22.1.8" type="device">
<diagram name="Seite-1" id="bnFu_L0lHmKDT0MA8Cyi">
<mxGraphModel dx="819" dy="434" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="827" pageHeight="1169" math="0" shadow="0">
<root>
<mxCell id="0" />
<mxCell id="1" parent="0" />
<mxCell id="CaaCqwmmIPOTDNdIYEV8-11" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=0.75;exitY=0;exitDx=0;exitDy=0;entryX=0.75;entryY=0;entryDx=0;entryDy=0;" edge="1" parent="1" source="CaaCqwmmIPOTDNdIYEV8-1" target="CaaCqwmmIPOTDNdIYEV8-2">
<mxGeometry relative="1" as="geometry">
<Array as="points">
<mxPoint x="230" y="210" />
<mxPoint x="230" y="180" />
<mxPoint x="270" y="180" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="CaaCqwmmIPOTDNdIYEV8-12" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=0.75;exitY=0;exitDx=0;exitDy=0;entryX=0.25;entryY=0;entryDx=0;entryDy=0;" edge="1" parent="1" source="CaaCqwmmIPOTDNdIYEV8-1" target="CaaCqwmmIPOTDNdIYEV8-2">
<mxGeometry relative="1" as="geometry">
<Array as="points">
<mxPoint x="210" y="210" />
<mxPoint x="210" y="190" />
<mxPoint x="250" y="190" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="CaaCqwmmIPOTDNdIYEV8-1" value="16 random bytes" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
<mxGeometry x="80" y="210" width="160" height="100" as="geometry" />
</mxCell>
<mxCell id="CaaCqwmmIPOTDNdIYEV8-2" value="quick check bytes" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
<mxGeometry x="240" y="210" width="40" height="100" as="geometry" />
</mxCell>
<mxCell id="CaaCqwmmIPOTDNdIYEV8-3" value="Plaintext" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
<mxGeometry x="280" y="210" width="220" height="100" as="geometry" />
</mxCell>
<mxCell id="CaaCqwmmIPOTDNdIYEV8-4" value="&lt;div&gt;0xD3&lt;/div&gt;&lt;div&gt;0x14&lt;br&gt;&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
<mxGeometry x="500" y="210" width="40" height="100" as="geometry" />
</mxCell>
<mxCell id="CaaCqwmmIPOTDNdIYEV8-5" value="&lt;div&gt;SHA1&lt;/div&gt;&lt;div&gt;Checksum&lt;br&gt;&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
<mxGeometry x="540" y="210" width="270" height="100" as="geometry" />
</mxCell>
<mxCell id="CaaCqwmmIPOTDNdIYEV8-10" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=0.1;exitY=0.5;exitDx=0;exitDy=0;exitPerimeter=0;" edge="1" parent="1" source="CaaCqwmmIPOTDNdIYEV8-8" target="CaaCqwmmIPOTDNdIYEV8-5">
<mxGeometry relative="1" as="geometry">
<Array as="points">
<mxPoint x="310" y="340" />
<mxPoint x="675" y="340" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="CaaCqwmmIPOTDNdIYEV8-8" value="" style="shape=curlyBracket;whiteSpace=wrap;html=1;rounded=1;labelPosition=left;verticalLabelPosition=middle;align=right;verticalAlign=middle;rotation=-90;" vertex="1" parent="1">
<mxGeometry x="300" y="90" width="20" height="460" as="geometry" />
</mxCell>
<mxCell id="CaaCqwmmIPOTDNdIYEV8-14" value="repeated 2 bytes" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1">
<mxGeometry x="190" y="150" width="110" height="30" as="geometry" />
</mxCell>
<mxCell id="CaaCqwmmIPOTDNdIYEV8-15" value="calculate / verify checksum" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1">
<mxGeometry x="414" y="340" width="170" height="30" as="geometry" />
</mxCell>
<mxCell id="CaaCqwmmIPOTDNdIYEV8-19" value="" style="shape=crossbar;whiteSpace=wrap;html=1;rounded=1;" vertex="1" parent="1">
<mxGeometry x="500" y="370" width="310" height="20" as="geometry" />
</mxCell>
<mxCell id="CaaCqwmmIPOTDNdIYEV8-18" value="" style="group" vertex="1" connectable="0" parent="1">
<mxGeometry x="80" y="370" width="200" height="40" as="geometry" />
</mxCell>
<mxCell id="CaaCqwmmIPOTDNdIYEV8-16" value="" style="shape=crossbar;whiteSpace=wrap;html=1;rounded=1;" vertex="1" parent="CaaCqwmmIPOTDNdIYEV8-18">
<mxGeometry width="200" height="20" as="geometry" />
</mxCell>
<mxCell id="CaaCqwmmIPOTDNdIYEV8-17" value="quick check" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="CaaCqwmmIPOTDNdIYEV8-18">
<mxGeometry x="60" y="10" width="80" height="30" as="geometry" />
</mxCell>
<mxCell id="CaaCqwmmIPOTDNdIYEV8-21" value="modification detection code" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1">
<mxGeometry x="572.5" y="380" width="165" height="30" as="geometry" />
</mxCell>
</root>
</mxGraphModel>
</diagram>
</mxfile>

4
book/assets/drawio/mdc.svg Normal file
View file

File diff suppressed because one or more lines are too long
Side by side

After

Width:  |  Height:  |  Size: 13 KiB

13
book/source/decryption.md
View file

@ -128,6 +128,19 @@ The cipher algorithm is either extracted from the decrypted session key (the alg
Once the cipher is initialized, the whole encrypted data from the SEIPD packet is decrypted. Once the cipher is initialized, the whole encrypted data from the SEIPD packet is decrypted.
### Verifying the quick-check bytes
To quickly verify that the correct session-key was used during decryption, bytes with index 14 and 15 are compared to those with index 16 and 17 (zero-indexed).
A mismatch of those pairs of bytes indicates that the wrong session-key was used and decryption is aborted.
### Verifying the modification detection code (mdc)
The contents of a SEIPDv1 packet are protected against unnoticed modification via the addition of a modification detection code.
This is done by calculating the SHA1 checksum of the entire decrypted plaintext, but excluding the last 20 bytes, which are the actual checksum computed by the sender.
Compare figure {numref}`fig-encryption-mdc`.
The result is then compared to those last 20 bytes to detect modifications of the ciphertext.
```{figure} plain_svg/SEIPDv1-decryption.svg ```{figure} plain_svg/SEIPDv1-decryption.svg
:name: fig-decryption-seipd1 :name: fig-decryption-seipd1
:alt: Depicts how the session key is used directly to decrypt the contents of the SEIPD packet. :alt: Depicts how the session key is used directly to decrypt the contents of the SEIPD packet.

21
book/source/encryption.md
View file

@ -117,6 +117,27 @@ When communicating with a mix of recipients, some of whose OpenPGP software only
With SEIPDv1, the session key is directly used as message key to encrypt the payload With SEIPDv1, the session key is directly used as message key to encrypt the payload
``` ```
(quick-check-and-mdc)=
#### Preparing the plaintext with quick check and modification detection code
Before encrypting the plaintext, the data is modified by adding both a prepended "quick check", as well as an appended modification detection code.
The quick check comprises of 16 randomly chosen bytes plus 2 bytes which are the last two of the 16 random bytes repeated.
This mechanism is useful to quickly check, whether the correct session key was used when decrypting the message.
These quick-check bytes are prepended to the plaintext.
The modification detection code on the other hand is added to allow detection of unwanted modification of the ciphertext.
First, the two marker bytes `0xD3` and `0x14` are appended to the plaintext. Then, the SHA1 checksum of the entire plaintext including quick check and marker bytes is calculated and appended to the plaintext.
```{figure} plain_svg/mdc.svg
:name: fig-encryption-mdc
:alt: Depicts, how the prior to encryption, the plaintext bytes are prepended with 18 quick check bytes and appended with 22 bytes of modification detection code. The quick check comprises of 16 random bytes plus 2 repeated bytes. The modification detection code starts with the marker bytes 0xD314, followed by the SHA1 checksum of the entire plaintext including quick check and marker bytes.
The plaintext inside of a SEIPDv1 packet contains quick check bytes, the actual plaintext and modification detection code
```
Lastly, the whole prepared plaintext is encrypted symmetrically.
(seipd-v2)= (seipd-v2)=
### v2 SEIPD, based on AEAD ### v2 SEIPD, based on AEAD