Re: [Tm-rid] Adam's current extended auth message
"Wiethuechter, Adam" <adam.wiethuechter@axenterprize.com> Tue, 01 October 2019 14:21 UTC
Return-Path: <adam.wiethuechter@axenterprize.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AB89120288 for <tm-rid@ietfa.amsl.com>; Tue, 1 Oct 2019 07:21:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=axenterprize.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gUPklEIYLBzJ for <tm-rid@ietfa.amsl.com>; Tue, 1 Oct 2019 07:21:04 -0700 (PDT)
Received: from mail-qk1-x733.google.com (mail-qk1-x733.google.com [IPv6:2607:f8b0:4864:20::733]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D87812082D for <tm-rid@ietf.org>; Tue, 1 Oct 2019 07:21:04 -0700 (PDT)
Received: by mail-qk1-x733.google.com with SMTP id w2so11387276qkf.2 for <tm-rid@ietf.org>; Tue, 01 Oct 2019 07:21:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axenterprize.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=KNI834kTzXdxg416cfn0+gfIYCSWY1QqygED9K7eDEA=; b=lwPBQA0I79YX3wq96/3rBnSVlxCcwNUb4wji3NdLB3p6fD2h1B/Q3SNOhivOZ4TiMp VWoRLzc8DMVjY1nr0D3uDMQMlHNC75zwjLA+jBhODjIjNy6Sp6/g0ASBZeYWmG9e/ILT LA+ggVLq4en33nZdDUMSPDPexwLonF85lZR+w=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=KNI834kTzXdxg416cfn0+gfIYCSWY1QqygED9K7eDEA=; b=qxiJaSwv3Wy7A15qhtqLONQcCtCz0uke+iPOzF2pIc4PLg7sKqN/5C+JPtce5b5QCc jNOgzRAs412Nd/fH1y+0XX9KWpM4k9ktlgi9swQxkI33PusNvUDnKUhz5+mEPQdRSSAv oIByvQTTtpoJclOA7DgUoR0FlQCklJo2ceo99VhzaqOAxILcjzKRAykHuV6pch6JWtS/ ajYkRhO6NzFXdbsFJ76yBX/DnAF9u2CmV7GpKrayhXjk6X+nEUvGhTScFcNDR264AAkl SyS/q9/WngPVsfJ3miA37T4Npw9XF79/RBo+1QTFN1VNN2WFFzVtFdFPQGR8BbbdDhez tOQw==
X-Gm-Message-State: APjAAAXge7znI3oFadhqCtTVTWFxftAhz1rws8pfD9bpAXL2/TZQv60n 0VhM8lqhDZUapLBvlXFJW8zmlZJajwlWsefvsfrdpm0Uww==
X-Google-Smtp-Source: APXvYqwREveqDMmBKHL55QsBOY8Awz0ChDBHVLF7igamgzXgEeZxnCUXK207ZhpI8fiNzc/mjv3qVSRTZxHgPpbzD0U=
X-Received: by 2002:a37:8044:: with SMTP id b65mr6135688qkd.138.1569939663166; Tue, 01 Oct 2019 07:21:03 -0700 (PDT)
MIME-Version: 1.0
References: <1c0487eb-016e-5dbf-deb7-4fb7aeeb53e8@labs.htt-consult.com>
In-Reply-To: <1c0487eb-016e-5dbf-deb7-4fb7aeeb53e8@labs.htt-consult.com>
From: "Wiethuechter, Adam" <adam.wiethuechter@axenterprize.com>
Date: Tue, 01 Oct 2019 10:20:50 -0400
Message-ID: <CA+r8TqW-u+_eOzG63QXReWwG+O-b6ZYDVtttvmnbd8JC3bkP6A@mail.gmail.com>
To: Robert Moskowitz <rgm@labs.htt-consult.com>
Cc: "tm-rid@ietf.org" <tm-rid@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f134af0593da0fa3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/lydGPl_f74eCx7q8TlihW2qrkpA>
Subject: Re: [Tm-rid] Adam's current extended auth message
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Trustworthy Multipurpose RemoteID <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Oct 2019 14:21:09 -0000
All, This sadly might be changed considerably due to in version 0.8 of the spec the authentication message has changed. It now, from what I can tell in commits here [1] that it has a max of 5 pages and there are new field formats. The specific commit for those interested is: 92d4a9c. While a few of the fields address some of the issues we were targeting (the timestamp) it is not exactly as we envisioned it. I am working now on fixing our format and seeing how it fits in the new one. I will keep everyone here posted as I make progress on this. [1] https://github.com/opendroneid/opendroneid-core-c/commits/master On Fri, Sep 27, 2019 at 12:37 PM Robert Moskowitz <rgm@labs.htt-consult.com> wrote: > I am sending this layout that Adam has been working on for people to get > some idea of what we have been working on. It needs fixes and details. > > It uses ECDSA-384 sigs of 96bytes. I will be recommending EdDSA25519 > sigs of 64 bytes. > > What goes into making the message hashes and how are they computed? For > the later, i recommend SHAKE128 (or cSHAKE128). > > There is more, but I am short of time with Rosh Hashana Monday and > Tuesday. Here it is: > > > > ================================================================= > | General Format | > ================================================================= > Page 0: > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +---------------+---------------+-------+-------+-------+-------+ > | Msg. Header | # Hashes Left | STS-P | ETS-P | H-Alg | H-Len | > +---------------+---------------+-------+-------+-------+-------+ > | Start Timestamp | End Timestamp | > +-------------------------------+-------------------------------+ > | Hash of Previous Auth. Message | > +---------------------------------------------------------------+ > | Hash of Current Auth. Message | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > Msg. Header: (1 byte) > Defined by ASTM Remote ID Message protocol. > Bits 7-4: AuthType > Bits 3-0: Data Page > See https://github.com/opendroneid/specs, Message for more > details. > # Hashes Left: (1 byte) > A count of the number of hashes to be found in this Auth > message. This does not include the previous or current > Auth message hashes. > The first page will decrement this by 2 for the next page > in the sequence. > STS-P, ETS-P: (4 bits), (4 bits) > This is a precision value for the Start and End timestamps > respectively. > > See ASTM draft, Figure 3; Timestamp/Speed Accuracy field > for details. We are only concered about bits 7-4. > H-Alg, H-Len: (4 bits), (4 bits) > These are fields for relaying information of the Hash > algorithm used for the messages and the Hash length (in octets). > For this example of the format a length of 4 bytes is > used. > Start Timestamp: (2 bytes) > Time stamp dictating that messages hashed in this Auth > message came after this specified time, but NOT after > End Timestamp. > See ASTM draft for Timestamp format details. > End Timestamp: (2 bytes) > Time stamp dictating that messages hashed in this Auth > message came before this specified time, but NOT before > Start Timestamp. > See ASTM draft for Timestamp format details. > Hash of Previous Auth. Message: (4 bytes) > A hash of the previous send Auth message. > Hash of Current Auth. Message: (4 bytes) > A hash of the current Auth message. > A few notes on this field: > a) First during creation and signing of this message format > this field MUST be set to 0. So the signature will be > based on this field being 0, as well as its own hash. It > is an open question of if we compute the hash, then sign > or sign then compute. > b) There a few different ways to cycle this message. We can > "roll up" the hash of 'current' to 'previous' when needed > or to completely recompute the hash. This mostly depends on > the previous note. > Message Hash: (4 bytes) > A hash of a previously sent message. > > =============================================================================== > Page 1 to N (N<=11): > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +---------------+---------------+-------------------------------+ > | Msg. Header | # Hashes Left | RESERVED | > +---------------+---------------+-------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > Msg. Header: (1 byte) > Defined by ASTM Remote ID Message protocol. > Bits 7-4: AuthType > Bits 3-0: Data Page > See https://github.com/opendroneid/specs, Message for more > details. > # Hashes Left: (1 byte) > A count of the number of hashes to be found left in this > Auth message. > Every full page of hashes will decrement this by 5 until it > reaches 0 (which signals the end of hashes and start of > the Auth message signature). > If a page has less than 5 hashes then the rest of the page > should be padded with zeros. > Message Hash: (4 bytes) > A hash of a previously sent message. > ========================================================================== > Page N to K (N<=11 && K<=15): > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +---------------+---------------+-------------------------------+ > | Msg. Header | # Hashes Left | RESERVED | > +---------------+---------------+-------------------------------+ > | Length | Signature Algorithm | > +-------------------------------+-------------------------------+ > | | > | | > | | > | HIP Signature | > | | > | | > | | > +---------------------------------------------------------------+ > Msg. Header: (1 byte) > Defined by ASTM Remote ID Message protocol. > Bits 7-4: AuthType > Bits 3-0: Data Page > See https://github.com/opendroneid/specs, Message for more > details. > # Hashes Left: (1 byte) > A count of the number of hashes to be found in this Auth > message. This does not include the previous or current > Auth message hashes. > For this page (and all subsequent pages) it SHOULD be 0. > > Length: (2 bytes) > length is octets, excluding Length, and Padding > Signature Algoirthm: (2 bytes) > Self explanatory. > HIP Signature: (96 bytes) > Based on ECDSA-384 Signature. > If smaller HIT based signature is used then more hashes can fit > into the full message format across the 16 pages. With a > ECDSA-384 signature a maximum of 64 message hashes can be sent. > 23 bytes per page * 16 pages = 368 bytes > - 96 bytes for sig = 272 bytes > - 8 bytes for timestamps = 264 bytes > - 8 bytes for auth message hashs = 256 bytes > / 4 bytes per hash = 64 hashes > See RFC4754 for detail on ECDSA-384 and RFC7401 on HIPs use of > ECDSA for HI/HIT. > If the end of the signature does not fill a full page, it > WILL be padded with zeros at the end. > > ============================================================================ > Page 0: > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +---------------+---------------+-------+-------+-------+-------+ > | Msg. Header | # Hashes Left | STS-P | ETS-P | H-Alg | H-Len | > +---------------+---------------+-------+-------+-------+-------+ > | Start Timestamp | End Timestamp | > +-------------------------------+-------------------------------+ > | Hash of Previous Auth. Message | > +---------------------------------------------------------------+ > | Hash of Current Auth. Message | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > Page 1 to N (N<=11): > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +---------------+---------------+-------------------------------+ > | Msg. Header | # Hashes Left | RESERVED | > +---------------+---------------+-------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > Page N to K (N<=11 && K<=15): > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +---------------+---------------+-------------------------------+ > | Msg. Header | # Hashes Left | RESERVED | > +---------------+---------------+-------------------------------+ > | Length | Signature Algorithm | > +-------------------------------+-------------------------------+ > | | > | | > | | > | HIP Signature | > | | > | | > | | > +---------------------------------------------------------------+ > > ============================================================================ > DETAILED EXAMPLE OF FULL AUTH MESSAGE FORMAT > ================================================================= > | AUTH PAGE 0 | > ================================================================= > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +---------------+---------------+-------+-------+-------+-------+ > |0 0 0 1 0 0 0 0|0 0 1 1 0 1 0 0| STS-P | ETS-P | H-Alg |0 1 0 0| > +---------------+---------------+-------+-------+-------+-------+ > | Start Timestamp | End Timestamp | > +-------------------------------+-------------------------------+ > | Hash of Previous Auth. Message | > +---------------------------------------------------------------+ > | Hash of Current Auth. Message | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > ================================================================= > | AUTH PAGE 1 | > ================================================================= > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +---------------+---------------+-------------------------------+ > |0 0 0 1 0 0 0 1|0 0 1 1 0 0 1 0| RESERVED | > +---------------+---------------+-------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > ================================================================= > | AUTH PAGE 2 - 9 | > ================================================================= > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +---------------+---------------+-------------------------------+ > |0 0 0 1 0 0 1 0|0 0 0 0 0 1 0 1| RESERVED | > +---------------+---------------+-------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +---------------+---------------+-------------------------------+ > |0 0 0 1 1 0 0 1|0 0 0 0 0 1 0 1| RESERVED | > +---------------+---------------+-------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > ================================================================= > | AUTH PAGE 10 | > ================================================================= > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +---------------+---------------+-------------------------------+ > |0 0 0 1 1 0 1 0|0 0 0 0 0 0 0 0| RESERVED | > +---------------+---------------+-------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > | Message Hash | > +---------------------------------------------------------------+ > ================================================================= > | AUTH PAGE 11 - 15 (Signature) | > ================================================================= > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +---------------+---------------+-------------------------------+ > |0 0 0 1 1 0 1 1|0 0 0 0 0 0 0 0| RESERVED | > +---------------+---------------+-------------------------------+ > | Length | Signature Algorithm | > +-------------------------------+-------------------------------+ > | | > | | > | | > | HIP Signature | > | | > | | > | | > +---------------------------------------------------------------+ > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +---------------+-----------------------------------------------+ > |0 0 0 1 1 1 0 0| | > +---------------+ | > | | > | | > | | > | | > | HIP Signature | > | | > | | > | | > | | > +---------------------------------------------------------------+ > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +---------------+-----------------------------------------------+ > |0 0 0 1 1 1 0 1| | > +---------------+ | > | | > | | > | | > | | > | HIP Signature | > | | > | | > | | > | | > +---------------------------------------------------------------+ > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +---------------+-----------------------------------------------+ > |0 0 0 1 1 1 1 0| | > +---------------+ | > | | > | | > | | > | | > | HIP Signature | > | | > | | > | | > | | > +---------------------------------------------------------------+ > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +---------------+-----------------------------------------------+ > |0 0 0 1 1 1 1 1| | > +---------------+ | > | HIP Signature | > | | > | | > +---------------------------------------------------------------+ > | | > | | > | Padding | > | | > | | > +---------------------------------------------------------------+ > > > -- > Tm-rid mailing list > Tm-rid@ietf.org > https://www.ietf.org/mailman/listinfo/tm-rid > -- 73's, Adam T. Wiethuechter
- [Tm-rid] Adam's current extended auth message Robert Moskowitz
- Re: [Tm-rid] Adam's current extended auth message Wiethuechter, Adam
- Re: [Tm-rid] Adam's current extended auth message Wiethuechter, Adam