Services/Sync/P2P Key Exchange And Rotation: Difference between revisions

Services/Sync/P2P Key Exchange And Rotation (view source)

Revision as of 22:14, 17 December 2015

156 bytes added , 17 December 2015

Seperated out-of-band steps

Nickel chrome

113

edits

@@ Line 338: / Line 338: @@
 <li>Client A: Authenticate to sync server and create client record with status of 'pending'</li>
 <li>Client A: Send SessionRequestMessage to registered devices, providing an ephemeral key (AEp) and nominating an ephemeral key digest (BEd) of other device, i.e. Client B</li>
-<li>Client B: Send SessionResponseMessage including ephemeral key (BEp) nominated by Client A. Display authcode generated from session key and master key</li>
+<li>Client B: Send SessionResponseMessage including ephemeral key (BEp) nominated by Client A</li>
-<li>Client A: User enters authcode. If the session key component (VCS) is verified then send ClientAuthV2RequestMessage including the master key component of authcode (VCM), thus proving the user is in possession of a registered device, i.e. Client B</li>
+<li>Out-of-Band: User sights authcode displayed on Client B, generated from session key and master key, and enters it on Client A</li>
+<li>Client A: If the session key component (VCS) of authcode is verified then send ClientAuthV2RequestMessage including the master key component of authcode (VCM), thus proving the user is in possession of a registered device, i.e. Client B</li>
 <li>Client B: If Client A responds with proof of possessing registered device then send ClientAuthV2ResponseMessage including the master key</li>
 </ol>
@@ Line 359: / Line 360: @@
             BT                                     BEd              BT
             SK = KDF(3DHE(AIs, AEs, BIp, BEp))                      SK = KDF(3DHE(BIs, BEs, AIp, AEp)
+           Verified = (BEd == DIGEST(BEp))
 t3         AIs                                    AIp, BIp         BIs, MK
-           BT                                                      BT
+(OoB)      BT                                                      BT
             SK                                                      SK
             VCSui = <user input>                                    VCS = DIGEST(SK, BT)
             VCMui = <user input>                                    VCM = DIGEST(MK, BT)
             Verified = (VCSui == DIGEST(SK, BT))
-                      + (BEd == DIGEST(BEp))
 t4         AIs, MK                                AIp, BIp         BIs, MK
@@ Line 374: / Line 374: @@
                                                                     VCMui
                                                                     Verified = (VCMui == VCM)
+t5         AIs, MK                                AIp, BIp         BIs, MK
 </pre>