update direct-messages: README, constants, vector

ssbc · Jun 2, 2020 · 17256f8 · 17256f8
1 parent 0433713
commit 17256f8
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 18 deletions.
diff --git a/direct-messages/README.md b/direct-messages/README.md
@@ -15,21 +15,32 @@ because the same message can simultaneously:
 We define a shared key that the sender + recipient can both derive:
 
 ```js
+const hash = 'SHA256'
+const length = 32
+const salt = SHA256('envelope-dm-v1-extract-salt')
 
-function computeDirectMessageKey (my_secret, your_public) {
-  var hash = 'SHA256'
-  var input_keying_material = scalarmult(my_secret, your_public)
-  var salt = "envelope-id-based-dm-converted-ed25519"
-  // see 'private-group-spec/direct-messages/constants.json'
+function directMessageKey (my_dh_secret, my_dh_public, my_feed_tfk, your_dh_public, your_feed_tfk) {
+  var  input_keying_material = scalarmult(my_dh_secret, your_dh_public)
 
-  return hkdf.Extract(hash, input_keying_material, salt)
+  var info_context = Buffer.from('envelope-ssb-dm-v1/key', 'utf8')
+  var info_keys = sort([
+    my_dh_public || my_feed_tfk,
+    your_dh_public || your_feed_tfk
+  ])
+  var info = slp.encode([info_context, ...info_keys])
+
+  return hkdf(input_keying_material, length, { salt, info, hash })
 }
 ```
 
 Notes:
-- we (curently) use the primary feed keys for this derivation
-- for feeds based on `ed25519` keypairs, we convert these to `curve25519` keypairs before doing scalarmult
-- note this uses `hkdf.Extract` (while other parts of this stack use `hkdf.Expand`)
+- `(dh_secret, dh_public)` is some Diffie-Hellman compatible keypair to be used for encryption 
+    - currently we take feed keys (`ed25519` signing keys) and convert these to keys compatible with diffie-hellman (dh) shared key encryption (`curve25119` keys)
+    - in the future we plan to generate dh encryption keys seperately
+- `feed_tfk` is the "id" of a feed, namely the public part of that feed's signing keypair, encoded in "type-format-key" format (see [TFK][TFK])
+- `||` means Buffer concat
+- `sort` means sort these 2 buffers bytewise so that the smallest is first
+- `slp.encode` is "shallow length-prefixed encode" (see [SLP][SLP])
 
 
 ## Using `feed_id`
@@ -81,3 +92,6 @@ Questions:
 - if we allow multiple of these keys, does that mean we have to try all keys from a person history?
 - do we make a policy for "forgeting" past keys (e.g. n days after new one received)?
 
+
+[SLP]: https://github.com/ssbc/envelope-spec/blob/master/encoding/slp.md
+[TFK]: https://github.com/ssbc/envelope-spec/blob/master/encoding/tfk.md
diff --git a/direct-messages/constants.json b/direct-messages/constants.json
@@ -1,3 +1,4 @@
 {
-  "SALT": "envelope-dm-v1-extract-salt"
+  "SALT": "envelope-dm-v1-extract-salt",
+  "INFO_CONTEXT": "envelope-ssb-dm-v1/key"
 }
diff --git a/vectors/direct-message-key1.json b/vectors/direct-message-key1.json
@@ -2,15 +2,13 @@
   "type": "direct_message_shared_key",
   "description": "calculate a shared DM key for another feedID",
   "input": {
-    "my_keys": {
-      "curve": "ed25519",
-      "public": "PgtHJT1L29Gh6wmS4Q9UDeUJZ6ZSkTFgryoHy02gKpc=.ed25519",
-      "private": "GSxyffiCY9IIgPNr+zA5ce5Se8x47Rc5jLZEAnJFhOA+C0clPUvb0aHrCZLhD1QN5QlnplKRMWCvKgfLTaAqlw==.ed25519",
-      "id": "@PgtHJT1L29Gh6wmS4Q9UDeUJZ6ZSkTFgryoHy02gKpc=.ed25519"
-    },
-    "feed_id": "@JnyVm12Cj247NCvFZgGy1v2HfISN3UvA5mJ2mXFzVwg=.ed25519"
+    "my_dh_secret": "oHz0nhFr8jeMDGboBB0McRsdTJJwSpfbOLcZHEsyeWc=",
+    "my_dh_public": "yC0PdAXkQ7Rn7ZiWvxLYh4o87JVEUElYse/4Cb4vxA4=",
+    "my_feed_tfk": "AAB0XWAxwFnBlTaIUuKVwtXLAsC8Hhh2ZhKPn44+eLuogA==",
+    "your_dh_public": "8419fvlDL7TJ/HA/T30q3rR/29kol/Q3HRWiYiSSVBA=",
+    "your_feed_tfk": "AADmNimSs3wcQ6L8+dwRB9mi3icNRRSWW3nQWS33Oki2OQ=="
   },
   "output": {
-    "shared_key": "xjsK+Lbt8WhB3aDre42Sb/fGwylHyTL5rBFP6qCKMtk="
+    "shared_key": "D9uHQqHLiPRTzV+TLa4dRUDZtfvUCwzVTGiOnzJCaXI="
   }
 }