mirror of
https://github.com/rosenpass/rosenpass.git
synced 2025-12-24 20:10:32 -08:00
219 lines
4.9 KiB
Plaintext
219 lines
4.9 KiB
Plaintext
root: 0 { shape: text }
|
|
PROTOCOL: "PROTOCOL" { shape: text }
|
|
|
|
protocol_comment: 'PROTOCOL = "rosenpass 1 rosenpass.eu aead=chachapoly1305 dprf=blake2s ekem=lightsaber skem=mceliece460896 xaead=xchachapoly1305"' { shape: text}
|
|
|
|
ck_init: '"chaining key init"' { shape: text }
|
|
ck_ext: '"chaining key extract"' { shape: text }
|
|
|
|
mac: '"mac"' { shape: text }
|
|
mac_param: MAC_WIRE_DATA { shape: text }
|
|
cookie: '"cookie"' { shape: text }
|
|
cookie_param: COOKIE_WIRE_DATA { shape: text }
|
|
peer_id: '"peer_id"' { shape: text }
|
|
peer_id_p1: spkm { shape: text}
|
|
peer_id_p2: spkt { shape: text}
|
|
|
|
root -> PROTOCOL
|
|
|
|
PROTOCOL -> mac -> mac_param
|
|
PROTOCOL -> cookie -> cookie_param
|
|
PROTOCOL -> peer_id -> peer_id_p1 -> peer_id_p2
|
|
PROTOCOL -> ck_init
|
|
PROTOCOL -> ck_ext
|
|
|
|
mix: '"mix"' { shape: text }
|
|
user: '"user"' { shape: text }
|
|
rp_eu: '"rosenpass.eu"' { shape: text }
|
|
wg_psk: '"wireguard psk"' { shape: text }
|
|
hs_enc: '"handshake encryption"' { shape: text }
|
|
ini_enc: '"initiator session encryption"' { shape: text }
|
|
res_enc: '"responder session encryption"' { shape: text }
|
|
|
|
ck_ext -> mix
|
|
ck_ext -> user -> rp_eu -> wg_psk
|
|
ck_ext -> hs_enc
|
|
ck_ext -> ini_enc
|
|
ck_ext -> res_enc
|
|
|
|
# ck_init -> InitHello.start
|
|
|
|
InitHello {
|
|
start -> d0 \
|
|
-> m1 -> d1 \
|
|
-> m2 -> d2
|
|
|
|
d2 -> encaps_spkr.m1
|
|
encaps_spkr.d3 -> encrypt_ltk.m1
|
|
encaps_spkr.d3 -> encrypt_ltk.key
|
|
encrypt_ltk.d1 -> encrypt_auth.m1
|
|
encrypt_ltk.d1 -> encrypt_auth.key
|
|
|
|
m1: "mix" { shape: text }
|
|
m2: "mix" { shape: text }
|
|
|
|
start: '"chaining key init"' { shape: text }
|
|
d0: "spkr" { shape: circle }
|
|
d1: "sidi" { shape: circle }
|
|
d2: "epki" { shape: circle }
|
|
|
|
encaps_spkr {
|
|
m1 -> d1 \
|
|
-> m2 -> d2 \
|
|
-> m3 -> d3 \
|
|
|
|
m1: "mix" { shape: text }
|
|
m2: "mix" { shape: text }
|
|
m3: "mix" { shape: text }
|
|
|
|
d1: "spkr" { shape: circle }
|
|
d2: "sctr" { shape: circle }
|
|
d3: "sptr" { shape: circle }
|
|
}
|
|
|
|
encrypt_ltk {
|
|
m1 -> d1
|
|
|
|
encrypt: 'Aead::enc(peer_id(spkr, spki))'
|
|
key -> encrypt: {
|
|
target-arrowhead.label: key
|
|
}
|
|
data -> encrypt: {
|
|
target-arrowhead.label: data
|
|
}
|
|
encrypt -> d1: {
|
|
source-arrowhead.label: output
|
|
}
|
|
|
|
m1: "mix" { shape: text }
|
|
key: '"handshake encryption"' { shape: text }
|
|
data: 'ref from "peer id" branch after spkt' { shape: text }
|
|
d1: "ct" { shape: diamond }
|
|
}
|
|
|
|
encrypt_auth {
|
|
m1 -> d1
|
|
|
|
encrypt: 'Aead::enc(empty())'
|
|
key -> encrypt: {
|
|
target-arrowhead.label: key
|
|
}
|
|
encrypt -> d1: {
|
|
source-arrowhead.label: output
|
|
}
|
|
|
|
m1: "mix" { shape: text }
|
|
key: '"handshake encryption"' { shape: text }
|
|
d1: "ct" { shape: diamond }
|
|
}
|
|
}
|
|
|
|
RespHello {
|
|
start -> d0 -> m1 -> d1
|
|
d1 -> encaps_epki.m1
|
|
encaps_epki.d3 -> encaps_spki.m1
|
|
encaps_spki.d3 -> m2 -> d2
|
|
d2 -> encrypt_auth.m1
|
|
|
|
store_biscuit -> d2
|
|
"pidi" -> store_biscuit {
|
|
target-arrowhead.label: "field=peerid"
|
|
}
|
|
encaps_spki.d3 -> store_biscuit {
|
|
target-arrowhead.label: "field=ck"
|
|
}
|
|
|
|
|
|
m1: "mix" { shape: text }
|
|
m2: "mix" { shape: text }
|
|
|
|
start: '(state from InitHello)' { shape: text }
|
|
d0: "sidr" { shape: circle }
|
|
d1: "sidi" { shape: circle }
|
|
d2: "biscuit" { shape: diamond }
|
|
|
|
store_biscuit: "store_biscuit()"
|
|
|
|
encaps_epki {
|
|
m1 -> d1 \
|
|
-> m2 -> d2 \
|
|
-> m3 -> d3 \
|
|
|
|
m1: "mix" { shape: text }
|
|
m2: "mix" { shape: text }
|
|
m3: "mix" { shape: text }
|
|
|
|
d1: "epki" { shape: circle }
|
|
d2: "ecti" { shape: circle }
|
|
d3: "epti" { shape: circle }
|
|
}
|
|
|
|
encaps_spki {
|
|
m1 -> d1 \
|
|
-> m2 -> d2 \
|
|
-> m3 -> d3 \
|
|
|
|
m1: "mix" { shape: text }
|
|
m2: "mix" { shape: text }
|
|
m3: "mix" { shape: text }
|
|
|
|
d1: "spki" { shape: circle }
|
|
d2: "scti" { shape: circle }
|
|
d3: "spti" { shape: circle }
|
|
}
|
|
|
|
encrypt_auth {
|
|
m1 -> d1
|
|
|
|
encrypt: 'Aead::enc(empty())'
|
|
key -> encrypt: {
|
|
target-arrowhead.label: key
|
|
}
|
|
encrypt -> d1: {
|
|
source-arrowhead.label: output
|
|
}
|
|
|
|
m1: "mix" { shape: text }
|
|
key: '"handshake encryption"' { shape: text }
|
|
d1: "ct" { shape: diamond }
|
|
}
|
|
}
|
|
|
|
InitConf {
|
|
start -> d0 -> m1 -> d1 -> encrypt_auth.m1
|
|
|
|
encrypt_auth.d1 -> ol1 -> o1
|
|
encrypt_auth.d1 -> ol2 -> o2
|
|
encrypt_auth.d1 -> ol3 -> o3
|
|
|
|
m1: "mix" { shape: text }
|
|
|
|
start: '(state from RespHello)' { shape: text }
|
|
d0: "sidi" { shape: circle }
|
|
d1: "sidr" { shape: circle }
|
|
|
|
ol1: '"wireguard psk"' { shape: text }
|
|
ol2: '"initiator session encryption"' { shape: text }
|
|
ol3: '"responder session encryption"' { shape: text}
|
|
o2: "" { shape: page }
|
|
o1: "" { shape: step }
|
|
o2: "" { shape: step }
|
|
o3: "" { shape: step }
|
|
|
|
encrypt_auth {
|
|
m1 -> d1
|
|
|
|
encrypt: 'Aead::enc(empty())'
|
|
key -> encrypt: {
|
|
target-arrowhead.label: key
|
|
}
|
|
encrypt -> d1: {
|
|
source-arrowhead.label: output
|
|
}
|
|
|
|
m1: "mix" { shape: text }
|
|
key: '"handshake encryption"' { shape: text }
|
|
d1: "ct" { shape: diamond }
|
|
}
|
|
}
|