Day 48 Encryption Engine and Typing Galore
December 22, 2021•347 words
What I did: Typings, Implementation and Missing links
Time spent: 107
Comments:
Figuring out how to use typed array. Examining XChaChaPoly1305 implementation details in SNCrypto along with figuring out types
Designing Layer 0 Encryption Key.
- https://doc.libsodium.org/secret-key_cryptography/aead
-
interface EncryptionKey extends Uint8Array{ length: 256; // using the numeric literal type '2'}
Breaking down tasks that we also need to do that are in itself quite massive that are fundamental to 2SSL functioning style but need to be thought out after the layers are designed.
Designing Encryption EngineTakes in three things:1) Raw Payload2) Shared Encryption Key3) UUID's
Discovered the header is currently being pass around in a bad way. Going to split it up into three separate chunks. Technically a Normal Header that is controllable by a higher level is just:Control Bytes, SPacketNumber which is 14 bytes.Technically a Command Header that is controllable by a higher level is just:Control Bytes, Command Data, SPacket Number 88 bytes. However the Command Data is split up in an odd configuration so that the Normal and Command header can utilize the same primary subsystem for decryption and verification.However we'll abstract that at a higher level so it's contiguous so the upper layers can be implemented simpler.
The simple 'raw' header is actually quite complicated and has several 'flattened' layers. Some codependent on other layers which ensures a high level of security, anti tampering and cryptographic security.
For the normal flow here's how the encryption of the NormalMidHeader is converted to EncryptedRawHeader.
Spread
NormalMidHeader
intoDecryptedRawInnerHeader
Drop in
Anti Replay UUID
Encrypt RawPayload and drop in
PayloadKey
,PayloadNounce
andPayloadTag
Use 2SSL Session Derived Key and random Nounce and Encrypt
DecryptedRawInnerHeader
Place
SessionUUID
,random Nounce
,EncryptedRawInnerHeader
, andHeaderTag
intoEncryptedRawHeader
Tada!!
Even the types are important. Doing the <modifier><group> so instead of a bunch of CryptoKey
, CryptoNounce
... which is harder to read scanning down since we read from left to right we instead define as KeyCrypto
, NounceCrypto
and such. Which is much easier and doesn't require CTRL+Tabbing thru about of BS when using autocomplete.