From e858217d09fb94418eb96f75f610bf7e8a5416a5 Mon Sep 17 00:00:00 2001 From: drebs Date: Mon, 1 Dec 2014 15:27:28 -0200 Subject: Add scrypt parameters to Soledad doc. --- docs/design/soledad.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/design/soledad.md b/docs/design/soledad.md index d482f9a..d876995 100644 --- a/docs/design/soledad.md +++ b/docs/design/soledad.md @@ -158,13 +158,17 @@ Before a JSON document is synced with the server, it is transformed into a docum About these fields: * `_enc_json`: The original JSON document, encrypted and hex encoded. Calculated as: +``` doc_key = hmac(storage_secret[MAC_KEY_LENGTH:], doc_id) ciphertext = hex(sym_encrypt(cipher, content, doc_key)) +``` * `_enc_scheme`: Information about the encryption scheme used to encrypt this document (i.e.`pubkey`, `symkey` or `none`). * `_enc_method`: Information about the block cipher that is used to encrypt this document. * `_mac`: A MAC to prevent the server from tampering with stored documents. Calculated as: +``` mac_key = hmac(storage_secret[:MAC_KEY_LENGTH], doc_id) _mac = hmac(doc_id|rev|ciphertext|_enc_scheme|_enc_method|_enc_iv, mac_key) +``` * `_mac_method`: The method used to calculate the mac above (currently hmac). Other variables: @@ -247,6 +251,13 @@ About these fields: * `_mac_method`: The method used to calculate the mac above (currently hmac). * `_mac`: Defined as `hmac(doc_id|rev|ciphertext, doc_key)`. The purpose of this field is to prevent the server from tampering with the stored documents. +Currently, scrypt parameters are: + + N (CPU/memory cost parameter) = 2^14 = 16384 + p (paralelization parameter) = 1 + r (length of block mixed by SMix()) = 8 + dkLen (length of derived key) = 32 bytes = 256 bits + Other fields we might want to include in the future: * `expires_on`: the month in which this recovery document should be purged from the database. The server may choose to purge documents before their expiration, but it should not let them linger after it. -- cgit v1.2.3