Skip to content

Commit

Permalink
Update Specification
Browse files Browse the repository at this point in the history
  • Loading branch information
@hakavlad
hakavlad committed Jun 4, 2024
1 parent d13adeb commit 3b8a0a8
Showing 1 changed file with 45 additions and 16 deletions.
61 changes: 45 additions & 16 deletions docs/SPECIFICATION.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@

# Draft Specification

- Conventions used in this document
- Encrypted file format
- Payload
- Comments
Expand All @@ -22,6 +23,18 @@

---

## Conventions used in this document

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [BCP 14](https://www.rfc-editor.org/info/bcp14) [[RFC 2119](https://www.rfc-editor.org/rfc/rfc2119)] [[RFC 8174](https://www.rfc-editor.org/rfc/rfc8174)] when, and only when, they appear in all capitals, as shown here.

`||` denotes concatenation.
`=` denotes assignment.
`,` denotes separate parameters.
`0x` followed by two hexadecimal characters denotes a byte value in the 0-255 range.
`++` denotes incremented by one in little-endian.

---

## Encrypted file format

Cryptoblob structure:
Expand Down Expand Up @@ -72,6 +85,8 @@ Alternative scheme:
cryptoblob = header_salt || header_pad || ciphertext || MAC tag || footer_pad || footer_salt
```

---

## Payload

Payload consists of Comments up to 512 bytes and File contents from 0 bytes.
Expand All @@ -91,6 +106,8 @@ The payload file could be:
- regular file;
- block device.

---

## Input keying material

`tird` can use passhrases and contents of keyfiles to derive one-time keys.
Expand All @@ -103,6 +120,8 @@ User can specify none, one or multiple keyfile paths.

User can specify none, one or multiple passphrases.

---

## Salt

Creating `blake2_salt` and `argon2_salt`:
Expand All @@ -129,6 +148,8 @@ blake2_salt = header_salt[:8] || footer_salt[:8]
argon2_salt = header_salt[-8:] || footer_salt[-8:]
```

---

## Key derivation scheme

How to get one-time keys (encryption key, padding key, MAC key) from input keying material and salt.
Expand Down Expand Up @@ -170,6 +191,8 @@ ChaCha20 pad_key1:16 pad_key2:16 keyed BLAKE2b-512
pad size header_pad and footer_pad
```

---

## Keys utilization

### Padding
Expand Down Expand Up @@ -208,34 +231,38 @@ MAC tag = BLAKE2b-512(MAC message, MAC key)
Fake MAC tag = urandom(64)
```

---

## Layer cake: embed and extract

### Just embed and extract (no encryption)

Container file format

```
0 start end
| | |
+--------------+--------------+----------+
| | message | |
+--------------+--------------+----------+
0 start end start end
| | | | |
+----+----------+-------+----------+-----+
| | message1 | | message2 | |
+----+----------+-------+----------+-----+
```

### Encrypt & embed, Extract & decrypt

Container file format
Container file format:

```
0 start end
| | |
+--------------+--------------+----------+
| | cryptoblob | |
+--------------+--------------+----------+
0 start end start end
| | | | |
+----+-------------+-------+-------------+------+
| | cryptoblob1 | | cryptoblob2 | |
+----+-------------+-------+-------------+------+
```

Write a cryptoblob over a container file.

---

## Creating files with random data

Create a new file and write random data with chunks up to 128 KiB.
Expand All @@ -244,16 +271,18 @@ Create a new file and write random data with chunks up to 128 KiB.
output file contents = urandom(size)
```

---

## Overwriting file contents with random data

Owerwrite file contents with random data from the start position to the end position.

Use chunks up to 128 KiB.

```
0 start end
| | |
+--------------+-------------+----------+
| | random data | |
+--------------+-------------+----------+
0 start end
| | |
+-------+-------------+-----+
| | random data | |
+-------+-------------+-----+
```

0 comments on commit 3b8a0a8

Please sign in to comment.