From 8b0f8b420a11012e2f33d1b5ea0ca58114caf50d Mon Sep 17 00:00:00 2001 From: Dean Eigenmann Date: Wed, 27 Nov 2019 05:51:40 +0100 Subject: [PATCH] spec/abnf-envelope (#51) * adds abnf for envelope * fixed spec * Update waku.md --- waku.md | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/waku.md b/waku.md index 69603baf..f17f3c7b 100644 --- a/waku.md +++ b/waku.md @@ -224,17 +224,29 @@ It is only relevant if you want to decrypt the incoming message, but if you only Data field contains encrypted message of the Envelope. In case of symmetric encryption, it also contains appended Salt (a.k.a. AES Nonce, 12 bytes). Plaintext (unencrypted) payload consists of the following concatenated fields: flags, auxiliary field, payload, padding and signature (in this sequence). - flags: 1 byte; first two bits contain the size of auxiliary field, third bit indicates whether the signature is present. - - auxiliary field: up to 4 bytes; contains the size of payload. +Using [Augmented Backus-Naur form (ABNF)](https://tools.ietf.org/html/rfc5234) we have the following format: - payload: byte array of arbitrary size (may be zero). +``` +; 1 byte; first two bits contain the size of auxiliary field, third bit indicates whether the signature is present. +flags = 1*OCTET - padding: byte array of arbitrary size (may be zero). +; contains the size of payload. +auxiliary-field = 4*OCTET - signature: 65 bytes, if present. +; byte array of arbitrary size (may be zero) +payload = *OCTET - salt: 12 bytes, if present (in case of symmetric encryption). +; byte array of arbitrary size (may be zero). +padding = *OCTET + +; 65 bytes, if present. +signature = 65*OCTET + +; 2 bytes, if present (in case of symmetric encryption). +salt = 2*OCTET + +envelope = flags auxiliary-field payload padding [signature] salt +``` Those unable to decrypt the message data are also unable to access the signature. The signature, if provided, is the ECDSA signature of the Keccak-256 hash of the unencrypted data using the secret key of the originator identity. The signature is serialised as the concatenation of the `R`, `S` and `V` parameters of the SECP-256k1 ECDSA signature, in that order. `R` and `S` are both big-endian encoded, fixed-width 256-bit unsigned. `V` is an 8-bit big-endian encoded, non-normalised and should be either 27 or 28.