Day 48 Encryption Engine and Typing Galore

What I did: Typings, Implementation and Missing links

Time spent: 107


Figuring out how to use typed array. Examining XChaChaPoly1305 implementation details in SNCrypto along with figuring out types

Designing Layer 0 Encryption Key.

  2. interface EncryptionKey extends Uint8Array{ length: 256; // using the numeric literal type '2'}

Breaking down tasks that we also need to do that are in itself quite massive that are fundamental to 2SSL functioning style but need to be thought out after the layers are designed.

Designing Encryption EngineTakes in three things:1) Raw Payload2) Shared Encryption Key3) UUID's

Discovered the header is currently being pass around in a bad way. Going to split it up into three separate chunks. Technically a Normal Header that is controllable by a higher level is just:Control Bytes, SPacketNumber which is 14 bytes.Technically a Command Header that is controllable by a higher level is just:Control Bytes, Command Data, SPacket Number 88 bytes. However the Command Data is split up in an odd configuration so that the Normal and Command header can utilize the same primary subsystem for decryption and verification.However we'll abstract that at a higher level so it's contiguous so the upper layers can be implemented simpler.

The simple 'raw' header is actually quite complicated and has several 'flattened' layers. Some codependent on other layers which ensures a high level of security, anti tampering and cryptographic security.

For the normal flow here's how the encryption of the NormalMidHeader is converted to EncryptedRawHeader.

  1. Spread NormalMidHeader into DecryptedRawInnerHeader

  2. Drop in Anti Replay UUID

  3. Encrypt RawPayload and drop in PayloadKey, PayloadNounce and PayloadTag

  4. Use 2SSL Session Derived Key and random Nounce and Encrypt DecryptedRawInnerHeader

  5. Place SessionUUID, random Nounce, EncryptedRawInnerHeader, and HeaderTag into EncryptedRawHeader

Even the types are important. Doing the <modifier><group> so instead of a bunch of CryptoKey, CryptoNounce ... which is harder to read scanning down since we read from left to right we instead define as KeyCrypto, NounceCrypto and such. Which is much easier and doesn't require CTRL+Tabbing thru about of BS when using autocomplete.

You'll only receive email when they publish something new.

More from Gaya
All posts