a Secarta project ...

HTTPsec Authentication Protocol

[ View as one printable page ]

Preamble

1. Introduction
1.1. Editorial Conventions
1.2. Terms
1.3. Identifiers
2. Summary
2.1. Authentication Model
2.2. Peer Identifiers
2.3. Protocol Operation
2.3.1. Initialization
2.3.2. Continuation
3. Protocol Messages
3.1. Initialization Messages
3.1.1. Initialization Request
3.1.2. Initialization Response
3.2. Continuation Messages
3.2.1. Continuation Request
3.2.2. Continuation Response
3.3. Challenge Messages
3.3.1. Challenge Response
3.4. Message Flow
4. Protocol Directives
4.1. id
4.2. dh
4.3. certificate
4.4. url
4.5. group
4.6. nonce
4.7. auth
4.8. token
4.9. signature
4.10. count
4.11. mac
4.12. digest
5. Other Headers
5.1. Content-Encoding
5.2. Cache-Control
5.3. Expires
6. Protocol Computations
6.1. Algorithms
6.1.1. Hash Algorithm
6.1.2. Public Key Algorithm
6.1.3. Encryption Scheme
6.1.4. Signature Scheme
6.1.5. Block Cipher
6.1.6. Block Cipher Mode
6.2. Header Canonicalization
6.3. Initialization Transcript
6.4. Continuation Request Transcript
6.5. Continuation Response Transcript
6.6. Shared Secret
6.7. Keys
6.7.1. MAC Keys
6.7.2. Cipher Keys
6.8. Message Body Ciphering
7. Message Validation
7.1. Initialization Request Validation
7.2. Initialization Response Validation
7.3. Continuation Request Validation
7.4. Continuation Response Validation
8. Cache Considerations
9. Security Considerations
10. References
11. Editor Address

6.6. Shared Secret

The security of the protocol depends on the requester and responder establishing an (authenticated) shared secret. Continuation messages employ keys that are derived from this secret value.

The value shared-secret is computed as follows:

shared-secret = H(H( dh-shared-secret || auth-secret || init-transcript ))

where the following apply:

  • dh-shared-secret is calculated by the requester as follows: 
    dh-shared-secret = dh ^ dh-private MOD p
    where dh is from the initialization response, dh-private is the requester's private Diffie-Hellman value (see dh ) and p is the prime modulus of the Diffie-Hellman group chosen by the requester.
  • dh-shared-secret is calculated by the responder as follows: 
    dh-shared-secret = dh ^ dh-private MOD p
    where dh is from the initialization request, dh-private is the responders's private Diffie-Hellman value (see dh ) and p is the prime modulus of the Diffie-Hellman group identified by the group directive in the initialization request.
  • auth-secret is the 256 bit random value generated by the responder. It is passed in encrypted form to the requester via the auth directive in the initialization response.
  • init-transcript is a concatenation of all the initialization directives, computed according to the Initialization Transcript section.
  • H(H()) is the Hash Algorithm iteratively applied twice.
© Secarta. All rights reserved.