[GNUnet-SVN] [taler-anastasis] branch master updated (f7f0575 -> be03236)

[gnunet]

This is an automated email from the git hooks/post-receive script.

dennis-neufeld pushed a change to branch master
in repository anastasis.

    from f7f0575  updates to spec
     new 15a1c5b  Clarified the header Anastasis-Version
     new be03236  Worked on FIXMEs

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 src/api/api-anastasis.rst    | 23 +++++++++++++----------
 src/api/crypto-anastasis.rst | 29 ++++++++++++++++++++++-------
 2 files changed, 35 insertions(+), 17 deletions(-)

diff --git a/src/api/api-anastasis.rst b/src/api/api-anastasis.rst
index 0dc9823..8163097 100644
--- a/src/api/api-anastasis.rst
+++ b/src/api/api-anastasis.rst
@@ -176,6 +176,8 @@ public key using the Crockford base32-encoding.
 
   :status 200 OK:
     The escrow provider responds with an `EncryptedRecoveryDocument`_ object.
+  :status 304 Not modified:
+    The client requested the same ressource he already owns.
   :status 400 Bad request:
     The $ACCOUNT_PUB is not an EdDSA public key.
   :status 402 Payment Required:
@@ -186,12 +188,14 @@ public key using the Crockford base32-encoding.
   :status 404 Not Found:
     The requested resource was not found.
 
-  *Anastasis-Version*: $NUMBER --- return actual version number in header;
-  (if not specified in request, return latest version of 
EncryptedRecoveryDocument_ ).
+  *Anastasis-Version*: $NUMBER --- The server must return actual version 
number in header;
+  the client specifies version number in the header of the request (if not 
specified in request, the server returns latest version of 
EncryptedRecoveryDocument_ ).
+
+  *Etag*: Etag, hash over the body for caching and to prevent redundancies. If 
status is 200 OK, the server must send the Etag.
 
-  *Etag*: Etag, hash over the body for caching.
+  *If-None-Match*: Contains the Etag-Value which the client has reveived 
before from the server. The client must send this header with every request.
 
-  *Anastasis-Account-Signature*: Signature by the account's private key 
affirming the desire to download the policy.
+  *Anastasis-Account-Signature*: The client must provide Base-32 encoded EdDSA 
signature over hash of body with $ACCOUNT_PRIV, affirming desire to download 
the requested encrypted recovery document.
 
 .. http:post:: /policy/$ACCOUNT_PUB
 
@@ -219,16 +223,15 @@ public key using the Crockford base32-encoding.
   :status 413 Request Entity Too Large:
     The upload is too large *or* too small. The response body may elaborate on 
the error.
 
-  FIXME: clarify which headers are from client and which from server (or 
both!).
     
-  *Anastasis-Version*: $NUMBER --- return actual version number as determined 
by the server.
+  *Anastasis-Version*: $NUMBER --- The server must return the actual version 
number it determined.
     Only generated if the status is 204 or 304.
 
-  *If-modified-since*: Must contain an Etag with the hash over the body (to 
avoid unnecessary re-uploads).
+  *If-modified-since*: The client must provide an Etag with the hash over the 
body (to avoid unnecessary re-uploads).
 
-  *Anastasis-Policy-Signature*: Base-32 encoded EdDSA signature over hash of 
body with $ACCOUNT_PRIV, affirming desire to upload an encrypted recovery 
document.
+  *Anastasis-Policy-Signature*: The client must provide Base-32 encoded EdDSA 
signature over hash of body with $ACCOUNT_PRIV, affirming desire to upload an 
encrypted recovery document.
 
-  *Payment-Identifier*: Base-32 encoded 32-byte payment identifier that was 
included in a previous payment (see 402 status code). Used to allow the server 
to check that the client paid for the upload (to protect the server against DoS 
attacks) and that the client knows a real secret of financial value (as the 
kdf_id might be known to an attacker). If this header is missing (or the 
associated payment has exceeded the upload limit), the server must return a 402 
response.  When making payme [...]
+  *Payment-Identifier*: Base-32 encoded 32-byte payment identifier that was 
included in a previous payment (see 402 status code). Used to allow the server 
to check that the client paid for the upload (to protect the server against DoS 
attacks) and that the client knows a real secret of financial value (as the 
kdf_id might be known to an attacker). If this header is missing in the 
client's request (or the associated payment has exceeded the upload limit), the 
server must return a 402 resp [...]
 
   **Details:**
 
@@ -353,7 +356,7 @@ argument and signature may be optional.
   :status 412 Precondition Failed:
     The selected authentication method is not supported on this provider.
 
-  *Anastasis-Account-Signature*: Client header with the signature by the 
account's private key affirming the desire to upload the truth; only present if 
"account" is specified in the URL.
+  *Anastasis-Account-Signature*: The client must provide Base-32 encoded EdDSA 
signature over hash of body with $ACCOUNT_PRIV, affirming the desire to upload 
the truth; only present if "account" is specified in the URL.
 
   **Details:**
 
diff --git a/src/api/crypto-anastasis.rst b/src/api/crypto-anastasis.rst
index b5df6ec..a73d31e 100644
--- a/src/api/crypto-anastasis.rst
+++ b/src/api/crypto-anastasis.rst
@@ -50,7 +50,7 @@ determined by an adversary performing a targeted attack, as a 
user's
 likely also be available to other actors.
 
 
-.. code-block::
+.. code-block:: tsref
 
     kdf_id := SCrypt( user_identifier, server_salt, keysize )
 
@@ -78,7 +78,7 @@ generate the corresponding public key.  Here, "ver" is used 
as a salt for the
 HKDF to ensure that the result differs from other cases where we hash
 kdf_id.
 
-.. code-block::
+.. code-block:: tsref
 
     ver_secret:= HKDF(kdf_id, "ver", keysize)
     eddsa_priv := eddsa_d_to_a(ver_secret)
@@ -95,7 +95,7 @@ kdf_id.
 
 **eddsa_d_to_a()**: Function which converts the ver_key to a valid EdDSA 
private key. Specifically, assuming the value eddsa_priv is in a 32-byte array 
"digest", the function clears and sets certain bits as follows:
 
-.. code-block::
+.. code-block:: tsref
 
    digest[0] = (digest[0] & 0x7f) | 0x40;
    digest[31] &= 0xf8;
@@ -113,7 +113,7 @@ symmetric key and an initialization vector (IV).  To ensure 
that the
 symmetric key changes for each encryption operation, we compute the
 key material using an HKDF over a nonce and the kdf_id.
 
-.. code-block::
+.. code-block:: tsref
 
     (iv,key) := HKDF(kdf_id, nonce, keysize + ivsize)
 
@@ -148,13 +148,28 @@ From this the symmetric key is computed as described 
above.
 We use AES256-GCM for the encryption of the recovery_document and
 key_share. 
 
-FIXME: This is underspecified. ( To be adjusted after Monday(Nonce))
+.. code-block:: tsref
 
+    (encrypted_recovery_document, aes_gcm_tag) = AES256_GCM(recovery_document, 
key, iv)
+    (encrypted_key_share, aes_gcm_tag) = AES256_GCM(key_share, key, iv)
+
+**encrypted_recovery_document**: The encrypted RecoveryDocument 
(recovery_document) which contains the policies. 
+
+**encrypted_key_share**: The encrypted KeyShare (key_share).
 
 2.2 Signatures
 ^^^^^^^^^^^^^^
 
 The EdDSA keys are used to sign the data sent from the client to the
-server. Everything the client sends to server is signed.
+server. Everything the client sends to server is signed. The following 
algorithm is equivalent for **Anastasis-Policy-Signature**.
+
+.. code-block:: tsref
+
+    (anastasis-account-signature) = eddsa_sign(h_body, eddsa_priv)
+    ver_res = eddsa_verifiy(h_body, anastasis-account-signature, eddsa_pub)
+
+**anastasis-account-signature**: Signature over the hash of body. 
+
+**h_body**: The hashed body.
 
-FIXME: This is underspecified.
+**ver_res**: A boolean value. True: Verification passed, False: Verification 
failed.

-- 
To stop receiving notification emails like this one, please contact
address@hidden.