From pm+lists at acinq.fr  Tue Oct 27 17:00:24 2015
From: pm+lists at acinq.fr (Pierre)
Date: Tue, 27 Oct 2015 18:00:24 +0100
Subject: [Lightning-dev] [PATCH v3] daemon: encrypted communication
 (version 3)
In-Reply-To: <87twpibc7m.fsf@rustcorp.com.au>
References: <87twpibc7m.fsf@rustcorp.com.au>
Message-ID: <CAMXsxZPLB-9Zq4B-VHS--=m83Vt40aBqdxyNcZbc5VFs1J9NzA@mail.gmail.com>

A few more remarks:

> 2) ECDH is used to derive a shared secret.  From this we generate
>    the following transmission encoding parameters for each side:
>    Session AES-128 key: SHA256(shared-secret || my-sessionpubkey || 0)
>    Session HMAC key: SHA256(shared-secret || my-sessionpubkey || 1)
>    IV for AES: SHA256(shared-secret || my-sessionpubkey || 2)
I suppose we use only the first 16 bytes for aes_key and aes_iv ?

> 3) All packets from then on are encrypted of form:
>         /* HMAC, covering totlen and data */
>         struct sha256 hmac;
>         /* Total data transmitted (including this). */
>         le64 totlen;
>         /* Encrypted contents, rounded up to 16 byte boundary. */
>         u8 data[];
Looking at your code it seems totlen is actually the size of the
unencrypted serialized protobuf message, not the total data
transmitted right ? If so, the comment is a bit misleading, and why
make totlen include the length of itself since it doesn't define the
encrypted message boundaries anyway ?
Also, why encode the length on 64 bits rather than 32 bits ?

Cheers,

Pierre