Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
O
Olm
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Wiki
Requirements
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Test cases
Artifacts
Deploy
Releases
Package Registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Issue analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Nheko Reborn
Olm
Commits
be9d7406
Commit
be9d7406
authored
9 years ago
by
Mark Haines
Browse files
Options
Downloads
Patches
Plain Diff
Add some links to the spec for the various primitives being used.
parent
40e49ee1
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
docs/olm.rst
+27
-17
27 additions, 17 deletions
docs/olm.rst
with
27 additions
and
17 deletions
docs/olm.rst
+
27
−
17
View file @
be9d7406
...
...
@@ -11,13 +11,13 @@ The Olm Algorithm
Initial setup
~~~~~~~~~~~~~
The setup takes four Curve25519 inputs: Identity keys for Alice and Bob,
The setup takes four Curve25519
_
inputs: Identity keys for Alice and Bob,
:math:`I_A` and :math:`I_B`, and emphemeral keys for Alice and Bob,
:math:`E_A` and :math:`E_B`. A shared secret, :math:`S`, is generated using
Triple Diffie-Hellman. The initial 256 bit root key, :math:`R_0`, and 256
bit
chain key, :math:`C_{0,0}`, are derived from the shared secret using an
HMAC-based Key Derivation Function
(HKDF) with default salt and ``"OLM_ROOT"``
as the info.
`
Triple Diffie-Hellman
`_
. The initial 256 bit root key, :math:`R_0`, and 256
bit
chain key, :math:`C_{0,0}`, are derived from the shared secret using an
HMAC-based Key Derivation Function
using SHA-256_ as the hash function
(HKDF-SHA-256_) with default salt and ``"OLM_ROOT"``
as the info.
.. math::
\begin{align}
...
...
@@ -34,8 +34,9 @@ Curve25519 inputs: the previous ratchet key, :math:`T_{i-1}`, and the current
ratchet key :math:`T_i`. The even ratchet keys are generated by Alice.
The odd ratchet keys are generated by Bob. A shared secret is generated
using Diffie-Hellman on the ratchet keys. The next root key, :math:`R_i`, and
chain key, :math:`C_{i,0}`, are derived from the shared secret using an HKDF
using :math:`R_{i-1}` as the salt and ``"OLM_RATCHET"`` as the info.
chain key, :math:`C_{i,0}`, are derived from the shared secret using
HKDF-SHA-256_ using :math:`R_{i-1}` as the salt and ``"OLM_RATCHET"`` as the
info.
.. math::
\begin{align}
...
...
@@ -51,8 +52,8 @@ Advancing the chain key
~~~~~~~~~~~~~~~~~~~~~~~
Advancing a root key takes the previous chain key, :math:`C_{i,j-i}`. The next
chain key, :math:`C_{i,j}`, is the HMAC of ``"\x02"`` using the
previous chain
key as the key.
chain key, :math:`C_{i,j}`, is the HMAC
-SHA-256_
of ``"\x02"`` using the
previous chain
key as the key.
.. math::
\begin{align}
...
...
@@ -63,9 +64,9 @@ Creating a message key
~~~~~~~~~~~~~~~~~~~~~~
Creating a message key takes the current chain key, :math:`C_{i,j}`. The
message key, :math:`M_{i,j}`, is the HMAC of ``"\x01"`` using the
current
chain key as the key. The message keys where :math:`i` is even are used
by
Alice to encrypt messages. The message keys where :math:`i` is odd are used
message key, :math:`M_{i,j}`, is the HMAC
-SHA-256_
of ``"\x01"`` using the
current
chain key as the key. The message keys where :math:`i` is even are used
by
Alice to encrypt messages. The message keys where :math:`i` is odd are used
by Bob to encrypt messages.
.. math::
...
...
@@ -225,18 +226,27 @@ Olm Authenticated Encryption
Version 1
~~~~~~~~~
Version 1 of Olm uses AES-256 in CBC mode with PCKS#7 padding for encryption
Version 1 of Olm uses AES-256
_
in CBC
_
mode with
`
PCKS#7
`_
padding for encryption
and HMAC-SHA-256 for authentication. The 256 bit AES key, 256 bit HMAC key,
and 128 bit AES IV are derived from the message key using HKDF-SHA-256 using
the default salt and an info of ``"OLM_KEYS"``.
First the plain-text
, :math:`P_{i,j}`,
is encrypted to get the cipher-text
:math:`X_{i,j}`.
Then the entire message, both the headers and cipher-text,
are HMAC'd and the
MAC is appended to the message.
First the plain-text is encrypted to get the cipher-text
, :math:`X_{i,j}`.
Then the entire message, both the headers and cipher-text,
are HMAC'd and the
MAC is appended to the message.
.. math::
\begin{align}
AES\_KEY_{i,j}\;\parallel\;HMAC\_KEY_{i,j}\;\parallel\;AES\_IV_{i,j}
&= HKDF\left(M_{i,j},\,\text{"OLM\_
RATCHET
"}\right) \\
&= HKDF\left(M_{i,j},\,\text{"OLM\_
KEYS
"}\right) \\
\end{align}
.. _`Curve25519`: http://cr.yp.to/ecdh.html
.. _`Triple Diffie-Hellman`: https://whispersystems.org/blog/simplifying-otr-deniability/
.. _`HKDF-SHA-256`: https://tools.ietf.org/html/rfc5869
.. _`HMAC-SHA-256`: https://tools.ietf.org/html/rfc2104
.. _`SHA-256`: https://tools.ietf.org/html/rfc6234
.. _`AES-256`: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
.. _`CBC`: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
.. _`PCKS#7`: https://tools.ietf.org/html/rfc2315
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
