a Secarta project ...

HTTPsec Authentication Protocol

[ View as one printable page ]

Preamble

1. Introduction
1.1. Editorial Conventions
1.2. Terms
1.3. Identifiers
2. Summary
2.1. Authentication Model
2.2. Peer Identifiers
2.3. Protocol Operation
2.3.1. Initialization
2.3.2. Continuation
3. Protocol Messages
3.1. Initialization Messages
3.1.1. Initialization Request
3.1.2. Initialization Response
3.2. Continuation Messages
3.2.1. Continuation Request
3.2.2. Continuation Response
3.3. Challenge Messages
3.3.1. Challenge Response
3.4. Message Flow
4. Protocol Directives
4.1. id
4.2. dh
4.3. certificate
4.4. url
4.5. group
4.6. nonce
4.7. auth
4.8. token
4.9. signature
4.10. count
4.11. mac
4.12. digest
5. Other Headers
5.1. Content-Encoding
5.2. Cache-Control
5.3. Expires
6. Protocol Computations
6.1. Algorithms
6.1.1. Hash Algorithm
6.1.2. Public Key Algorithm
6.1.3. Encryption Scheme
6.1.4. Signature Scheme
6.1.5. Block Cipher
6.1.6. Block Cipher Mode
6.2. Header Canonicalization
6.3. Initialization Transcript
6.4. Continuation Request Transcript
6.5. Continuation Response Transcript
6.6. Shared Secret
6.7. Keys
6.7.1. MAC Keys
6.7.2. Cipher Keys
6.8. Message Body Ciphering
7. Message Validation
7.1. Initialization Request Validation
7.2. Initialization Response Validation
7.3. Continuation Request Validation
7.4. Continuation Response Validation
8. Cache Considerations
9. Security Considerations
10. References
11. Editor Address

6.8. Message Body Ciphering

Message entity-body ciphering may be be applied to any continuation message, at the discretion of the sending peer. If entity-body ciphering is applied, this MUST be indicated by the presence of the "x-httpsec/1.0-cipher" identifier in the enumeration of applied encodings declared by the Content-Encoding header. The order of operations is "cipher-then-authenticate", i.e. if used ciphering MUST be applied before the digest computation.

The ciphering of messages whose entity-body is empty will cause the entity-body to become non-empty as an artifact of padding scheme specified in the Block Cipher Mode. This should be taken into consideration when preparing messages for which it is illegal to have an entity body, such as GET requests, HEAD requests, and HEAD responses.

It is important to note that message entity-body ciphering in the absence of message authentication provides no detection of tampering during message transport. Entity-bodies are "ciphered but not authenticated" if they declare "x-httpsec/1.0-cipher" in the Content-Encoding header, but have no digest directive. This outcome SHOULD be restricted to circumstances where it is unfeasible to compute the digest hash, for instance when the entity-body is a stream of indeterminate length.

Request entity-bodies are enciphered and deciphered as follows:

Encipher:
   <body-cipher> = ENCIPHER-MODE( request-cipher-key, IV, <body-plain> )

Decipher:
   <body-plain>  = DECIPHER-MODE( request-cipher-key, IV, <body-cipher> )

where:
   IV = ENCIPHER( request-cipher-key, Bytes16( count ) )

Response entity-bodies are enciphered and deciphered as follows:

Encipher:
   <body-cipher> = ENCIPHER-MODE( response-cipher-key, IV, <body-plain> )

Decipher:
   <body-plain>  = DECIPHER-MODE( response-cipher-key, IV, <body-cipher> )

where:
   IV = ENCIPHER( request-cipher-key, Bytes16( count ) )

The following are defined and apply to both requests and responses:

  • request-cipher-key and response-cipher-key are as derived in the section Cipher Keys.
  • count is the numerical value implied by the count directive of the message being enciphered/deciphered.
  • Bytes16(x) is the value x encoded with leading zeros in exactly 16 bytes, most significant bits first, most significant byte first.
  • ENCIPHER(k,b) is the block enciphering function employing this specification's Block Cipher, using key k, applied to input block b. Lengths are as follows: k is 32 bytes, and b is 16 bytes.
  • ENCIPHER-MODE(k,iv,t) is the chained enciphering function employing this specification's Block Cipher Mode, using key k, initialization vector iv, applied to input text t. Lengths are as follows: k is 32 bytes, n is 16 bytes, t is of arbitrary length.
  • DECIPHER-MODE(k,iv,t) is the chained deciphering function employing this specification's Block Cipher Mode, using key k, initialization vector iv, applied to input text t. Lengths are as follows: k is 32 bytes, n is 16 bytes, t is of arbitrary length.
  • <body-plain> is the plaintext bytes of the message entity-body, as manifest after all encoding declared in the Content-Encoding [HTTP][ 14.11] header are applied.
  • <body-cipher> is the ciphertext bytes of the message entity-body, as manifest before any encodings declared in the Transfer-Encoding [HTTP][ 14.41] header are applied.
© Secarta. All rights reserved.