diff --git a/.gitignore b/.gitignore index 2349b9d..1926fb7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,2 @@ cpu.out -tinker.test vendor diff --git a/README.md b/README.md index 0b3a48e..afdbe94 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,16 @@ And because we also have Bob's secret key, we can also go ahead and decrypt the Normally, of course, you would have a friend send you their `recipient` file (public key) and you would add it to your trust store. +In order to help you not screw up any configuration, Jess has the concept of __requirements__: +- Confidentiality ... hide contents +- Integrity ... check that nothing was modified +- Recipient Authentication ... verify identity of recipient +- Sender Authentication ... verify identity of sender + +By default, all of them are required. If you, for some reason, do not require one ore more of them, you will have to disable them in the envelope for closing an envelope (encrypting) and pass the reduced requirements when opening a letter (decrypting). + +In addition, if you are worried about weak algorithms, you can just pass a minimum security level (attack complexity as 2^n) that you require all algorithms to achieve. Jess does not contain any known weak algorithms, but if that changes, jess will warn you - after you upgraded to the new version. + Jess does not have a PKI or some sort of web of trust. You have to exchange public keys by yourself. Jess is also capable of securing a network connection, but this currently only works with the library, not the CLI. @@ -65,14 +75,14 @@ cd cmd Before we dive into technical details, here are some more/updated terms: - __Tool/Scheme__ a cryptographic primitive/scheme - Identified via their Name/ID (used interchangeably) -- __Signet/Recipient__ the +- __Signet/Recipient__ a private/secret or public key - Identified by their ID (usually a UUID) -- __Envelope__ hold configuration, but also requirements +- __Envelope__ an encryption configuration, but also requirements - Identified by the name given to them Every algorithm/piece that can be used to _build_ a complete encryption operation is called a Tool. Tools have different capabilites and might cover more than just one primitive - eg. AES-GCM covers _Confidentiality_ and _Integrity_. -Tinker can either operate in _single-op_ (eg. file encryption) or _communication_ (eg. securing network traffic) mode. +Jess can either operate in _single-op_ (eg. file encryption) or _communication_ (eg. securing network traffic) mode. Basically, every operation needs: - _SenderAuthentication_ and _ReceiverAuthentication_: @@ -98,10 +108,15 @@ Should any of these properties _not_ be required, the user has to intentionally ### Specification -There is some more detail in `SPEC.md`. +There is some more detail in [SPEC.md](./SPEC.md). ### Testing +Basically, tests are run like this: +``` +go test +``` + There is a special variable to enable very comprehensive testing: ``` diff --git a/SPEC.md b/SPEC.md index 03e20ef..29bf1f5 100644 --- a/SPEC.md +++ b/SPEC.md @@ -22,13 +22,24 @@ Signets hold secrets, such as a private key. Recipients represents the public (i Seals hold key establishment data, such as public keys or encapsulated keys. +#### Requirements + +Every operation is subject to requirements: + +- Confidentiality +- Integrity +- Recipient Authentication +- Sender Authentication + ## Stored Data The basic ability of jess is to open and close letters - discrete data blobs, such as a file stored on disk. +The algorithms used depend on the requirements, normally the full range of key exchange, encryption, MAC, and signing is used. Keys are established as with the wire protocol, but stop as soon as `[client—>server]` shared key has been established. + ## Wire Protocol -The wire protocol is requires the Confidentiality, Integrity and RecipientAuthentication requirements. +The wire protocol is requires the Confidentiality, Integrity and Recipient Authentication requirements. Keys are established using ephemeral keys and are re-established frequently, providing forward secrecy: - Even if the static key is compromised, data encrypted in the past will remain secured. @@ -50,11 +61,38 @@ If you are familiar with the Noise Protocol Framework, you will notice that this Currently, all key establishment elements and signatures are not hidden and can be seen on the wire. This will change in a future protocol version. Also, signatures, pre-shared keys and passwords - as part of the handshake - are not yet supported and future support is uncertain. +### Keys and Nonces + +In order to dynamically support different types of algorithms, Jess always uses a KDF to provide keys and nonces to algorithms: + +<img src="./docs/key_derivation.svg"> + +<!-- +edit here: +www.diagram.codes/d/sequence + +source: +alias s="session" +alias k="kdf" +alias e="encryption" +alias i="integrity" + +s->k: "session key and nonce" +k->k: "initialize" +k->s: "derive new session key (wire only)" +k->e: "derive key for encryption algorithm" +k->e: "derive nonce for encryption algorithm" +k->i: "derive key for integrity algorithm" +k->i: "derive nonce for encryption algorithm" +e->e: "encrypt/decrypt" +i->i: "calculate/check integrity" +--> + ### Key Establishment Procedure with DH Based Algorithm -`init only` signifies steps that are only performed in the initial handshake. Other steps are performed for both the initial handshake and renewals. The semi-ephemeral keys `[se]` are rather short-lived keys (hours to days), that are securely distributed in a seperate manner. +`init only` signifies steps that are only performed in the initial handshake. Other steps are performed for both the initial handshake and renewals. The semi-ephemeral keys `[se]` are rather short-lived keys (hours to days), that are securely distributed in a separate manner. -<svg xmlns="http://www.w3.org/2000/svg" id="mainsvg" width="731.720703125" height="382" viewBox="-10 -10 731.720703125 382"><defs><marker id="arrow" viewBox="0 0 10 10" refX="10" refY="5" markerWidth="6" markerHeight="6" orient="auto-start-reverse"><path d="M 0 0 L 10 5 L 0 10 z"/></marker><filter id="shadowfilter" x="-20%" y="-20%" width="150%" height="150%" filterUnits="objectBoundingBox" primitiveUnits="userSpaceOnUse" color-interpolation-filters="linearRGB"><feDropShadow stdDeviation="4 4" in="SourceGraphic" dx="1" dy="1" flood-color="#BABABA" flood-opacity="0.9" x="0%" y="0%" width="100%" height="100%" result="dropShadow"/></filter><filter id="shadowfilter2" x="0" y="0" width="200%" height="200%" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0"/><feOffset dy="4" dx="2"/><feGaussianBlur stdDeviation="2"/><feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.25 0"/><feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow"/><feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow" result="shape"/></filter></defs><g transform="translate(0, 0)"><rect width="55.5390625" height="38" stroke="#555656" fill="white" stroke-width="1.3" transform="translate(0, 0)" rx="2" filter="url(#shadowfilter)"/><text fill="black" font-size="16" font-weight="normal" transform="translate(10, 19)" alignment-baseline="middle" font-family="Bookman"> client </text></g><g transform="translate(150.287109375, 0)"><rect width="59.0859375" height="38" stroke="#555656" fill="white" stroke-width="1.3" transform="translate(0, 0)" rx="2" filter="url(#shadowfilter)"/><text fill="black" font-size="16" font-weight="normal" transform="translate(10, 19)" alignment-baseline="middle" font-family="Bookman"> server </text></g><path d="M 27.76953125,50 L 37.76953125 50 L 37.76953125 68 L 27.76953125 68" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 179.830078125,80 L 189.830078125 80 L 189.830078125 98 L 179.830078125 98" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 27.76953125,110 L 37.76953125 110 L 37.76953125 128 L 27.76953125 128" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 27.76953125,162 L 179.830078125 162" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 179.830078125,170 L 189.830078125 170 L 189.830078125 188 L 179.830078125 188" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 179.830078125,200 L 189.830078125 200 L 189.830078125 218 L 179.830078125 218" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 179.830078125,252 L 27.76953125 252" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 27.76953125,260 L 37.76953125 260 L 37.76953125 278 L 27.76953125 278" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 27.76953125,312 L 179.830078125 312" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 179.830078125,320 L 189.830078125 320 L 189.830078125 338 L 179.830078125 338" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 27.76953125,38 L 27.76953125 362" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1"/><path d="M 179.830078125,38 L 179.830078125 362" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1"/><g transform="translate(39.76953125, 50)"><rect width="166.404296875" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 9)" alignment-baseline="middle">generates ephemeral key [e1]</text></g><g transform="translate(191.830078125, 80)"><rect width="347.228515625" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 9)" alignment-baseline="middle">init only: generates semi-ephemeral key [se] and distributes it</text></g><g transform="translate(39.76953125, 110)"><rect width="401.3828125" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 9)" alignment-baseline="middle">init only: makes secret [s1] from [e1, se], applies it to [client—>server]</text></g><g transform="translate(54.97900390625, 140)"><rect width="97.6416015625" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 9)" alignment-baseline="middle">sends public [e1]</text></g><g transform="translate(191.830078125, 170)"><rect width="401.3828125" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 9)" alignment-baseline="middle">init only: makes secret [s1] from [se, e1], applies it to [client—>server]</text></g><g transform="translate(191.830078125, 200)"><rect width="519.890625" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 9)" alignment-baseline="middle">generates ephemeral key [e2], makes secret [s2] from [e2, e1], applies it to [client<—server]</text></g><g transform="translate(54.97900390625, 230)"><rect width="97.6416015625" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 9)" alignment-baseline="middle">sends public [e2]</text></g><g transform="translate(39.76953125, 260)"><rect width="472.216796875" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 9)" alignment-baseline="middle">makes secret [s2] from [e1, e2], applies it to [client<—server] and [client—>server]</text></g><g transform="translate(51.76953125, 290)"><rect width="104.060546875" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 9)" alignment-baseline="middle">sends APPLY flag</text></g><g transform="translate(191.830078125, 320)"><rect width="217.4755859375" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 9)" alignment-baseline="middle">applies secret [s2] to [client—>server]</text></g></svg> +<img src="./docs/key_establishment_dh.svg"> <!-- edit here: @@ -69,7 +107,7 @@ s->s: "init only: generates semi-ephemeral key [se] and distributes it" c->c: "init only: makes secret [s1] from [e1, se], applies it to [client—>server]" c->s: "sends public [e1]" -s->s: "init only: makes secret [s1] from [se, e1], applies it to [client—>server]" +s->s: "init only: makes secret [s1] from [se, e1], applies it to [client—>server] and [client<—server]" s->s: "generates ephemeral key [e2], makes secret [s2] from [e2, e1], applies it to [client<—server]" s->c: "sends public [e2]" @@ -81,9 +119,9 @@ s->s: "applies secret [s2] to [client—>server]" ### Key Establishment Procedure with Key Encapsulation -`init only` signifies steps that are only performed in the initial handshake. Other steps are performed for both the initial handshake and renewals. The semi-ephemeral keys `[se]` are rather short-lived keys (hours to days), that are securely distributed in a seperate manner. +`init only` signifies steps that are only performed in the initial handshake. Other steps are performed for both the initial handshake and renewals. The semi-ephemeral keys `[se]` are rather short-lived keys (hours to days), that are securely distributed in a separate manner. -<svg xmlns="http://www.w3.org/2000/svg" id="mainsvg" width="700.4599609375" height="412" viewBox="-10 -10 700.4599609375 412"><defs><marker id="arrow" viewBox="0 0 10 10" refX="10" refY="5" markerWidth="6" markerHeight="6" orient="auto-start-reverse"><path d="M 0 0 L 10 5 L 0 10 z"/></marker><filter id="shadowfilter" x="-20%" y="-20%" width="150%" height="150%" filterUnits="objectBoundingBox" primitiveUnits="userSpaceOnUse" color-interpolation-filters="linearRGB"><feDropShadow stdDeviation="4 4" in="SourceGraphic" dx="1" dy="1" flood-color="#BABABA" flood-opacity="0.9" x="0%" y="0%" width="100%" height="100%" result="dropShadow"/></filter><filter id="shadowfilter2" x="0" y="0" width="200%" height="200%" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0"/><feOffset dy="4" dx="2"/><feGaussianBlur stdDeviation="2"/><feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.25 0"/><feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow"/><feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow" result="shape"/></filter></defs><g transform="translate(0, 0)"><rect width="55.5390625" height="38" stroke="#555656" fill="white" stroke-width="1.3" transform="translate(0, 0)" rx="2" filter="url(#shadowfilter)"/><text fill="black" font-size="16" font-weight="normal" transform="translate(10, 19)" alignment-baseline="middle" font-family="Bookman"> client </text></g><g transform="translate(159.8232421875, 0)"><rect width="59.0859375" height="38" stroke="#555656" fill="white" stroke-width="1.3" transform="translate(0, 0)" rx="2" filter="url(#shadowfilter)"/><text fill="black" font-size="16" font-weight="normal" transform="translate(10, 19)" alignment-baseline="middle" font-family="Bookman"> server </text></g><path d="M 27.76953125,50 L 37.76953125 50 L 37.76953125 68 L 27.76953125 68" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 189.3662109375,80 L 199.3662109375 80 L 199.3662109375 98 L 189.3662109375 98" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 27.76953125,110 L 37.76953125 110 L 37.76953125 128 L 27.76953125 128" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 27.76953125,162 L 189.3662109375 162" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 27.76953125,192 L 189.3662109375 192" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 189.3662109375,200 L 199.3662109375 200 L 199.3662109375 218 L 189.3662109375 218" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 189.3662109375,230 L 199.3662109375 230 L 199.3662109375 248 L 189.3662109375 248" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 189.3662109375,282 L 27.76953125 282" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 27.76953125,290 L 37.76953125 290 L 37.76953125 308 L 27.76953125 308" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 27.76953125,342 L 189.3662109375 342" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 189.3662109375,350 L 199.3662109375 350 L 199.3662109375 368 L 189.3662109375 368" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 27.76953125,38 L 27.76953125 392" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1"/><path d="M 189.3662109375,38 L 189.3662109375 392" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1"/><g transform="translate(39.76953125, 50)"><rect width="166.404296875" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 9)" alignment-baseline="middle">generates ephemeral key [e1]</text></g><g transform="translate(201.3662109375, 80)"><rect width="347.228515625" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 9)" alignment-baseline="middle">init only: generates semi-ephemeral key [se] and distributes it</text></g><g transform="translate(39.76953125, 110)"><rect width="531.990234375" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 9)" alignment-baseline="middle">init only: creates secret [s1], applies it to [client—>server], encapsulates it with [se] to get [c1]</text></g><g transform="translate(59.7470703125, 140)"><rect width="97.6416015625" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 9)" alignment-baseline="middle">sends public [e1]</text></g><g transform="translate(51.76953125, 170)"><rect width="113.5966796875" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 9)" alignment-baseline="middle">init only: sends [c1]</text></g><g transform="translate(201.3662109375, 200)"><rect width="388.1689453125" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 9)" alignment-baseline="middle">init only: gets secret [s1] from [se, c1], applies it to [client—>server]</text></g><g transform="translate(201.3662109375, 230)"><rect width="479.09375" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 9)" alignment-baseline="middle">creates secret [s2], applies it to [client<—server], encapsulates it with [e1] to get [c2]</text></g><g transform="translate(78.99365234375, 260)"><rect width="59.1484375" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 9)" alignment-baseline="middle">sends [c2]</text></g><g transform="translate(39.76953125, 290)"><rect width="459.0029296875" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 9)" alignment-baseline="middle">gets secret [s2] from [e1, c2], applies it to [client<—server] and [client—>server]</text></g><g transform="translate(56.53759765625, 320)"><rect width="104.060546875" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 9)" alignment-baseline="middle">sends APPLY flag</text></g><g transform="translate(201.3662109375, 350)"><rect width="217.4755859375" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 9)" alignment-baseline="middle">applies secret [s2] to [client—>server]</text></g></svg> +<img src="./docs/key_establishment_ke.svg"> <!-- edit here: @@ -99,7 +137,7 @@ c->c: "init only: creates secret [s1], applies it to [client—>server], encapsu c->s: "sends public [e1]" c->s: "init only: sends [c1]" -s->s: "init only: gets secret [s1] from [se, c1], applies it to [client—>server]" +s->s: "init only: gets secret [s1] from [se, c1], applies it to [client—>server] and [client<—server]" s->s: "creates secret [s2], applies it to [client<—server], encapsulates it with [e1] to get [c2]" s->c: "sends [c2]" diff --git a/docs/key_derivation.svg b/docs/key_derivation.svg new file mode 100644 index 0000000..8b1d4c0 --- /dev/null +++ b/docs/key_derivation.svg @@ -0,0 +1 @@ +<svg xmlns="http://www.w3.org/2000/svg" id="mainsvg" width="818.224609375" height="352" viewBox="-10 -10 818.224609375 352"><defs><marker id="arrow" viewBox="0 0 10 10" refX="10" refY="5" markerWidth="6" markerHeight="6" orient="auto-start-reverse"><path d="M 0 0 L 10 5 L 0 10 z"/></marker><filter id="shadowfilter" x="-20%" y="-20%" width="150%" height="150%" filterUnits="objectBoundingBox" primitiveUnits="userSpaceOnUse" color-interpolation-filters="linearRGB"><feDropShadow stdDeviation="4 4" in="SourceGraphic" dx="1" dy="1" flood-color="#BABABA" flood-opacity="0.9" x="0%" y="0%" width="100%" height="100%" result="dropShadow"/></filter><filter id="shadowfilter2" x="0" y="0" width="200%" height="200%" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0"/><feOffset dy="4" dx="2"/><feGaussianBlur stdDeviation="2"/><feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.25 0"/><feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow"/><feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow" result="shape"/></filter></defs><g transform="translate(0, 0)"><rect width="66.2265625" height="38" stroke="#555656" fill="white" stroke-width="1.3" transform="translate(0, 0)" rx="2" filter="url(#shadowfilter)"/><text fill="black" font-size="16" font-weight="normal" transform="translate(10, 10)" alignment-baseline="middle" font-family="Bookman"><tspan x="0" dy="16">session</tspan></text></g><g transform="translate(258.0048828125, 0)"><rect width="41.328125" height="38" stroke="#555656" fill="white" stroke-width="1.3" transform="translate(0, 0)" rx="2" filter="url(#shadowfilter)"/><text fill="black" font-size="16" font-weight="normal" transform="translate(10, 10)" alignment-baseline="middle" font-family="Bookman"><tspan x="0" dy="16">kdf</tspan></text></g><g transform="translate(497.4931640625, 0)"><rect width="88.421875" height="38" stroke="#555656" fill="white" stroke-width="1.3" transform="translate(0, 0)" rx="2" filter="url(#shadowfilter)"/><text fill="black" font-size="16" font-weight="normal" transform="translate(10, 10)" alignment-baseline="middle" font-family="Bookman"><tspan x="0" dy="16">encryption</tspan></text></g><g transform="translate(609.9150390625, 0)"><rect width="74.2109375" height="38" stroke="#555656" fill="white" stroke-width="1.3" transform="translate(0, 0)" rx="2" filter="url(#shadowfilter)"/><text fill="black" font-size="16" font-weight="normal" transform="translate(10, 10)" alignment-baseline="middle" font-family="Bookman"><tspan x="0" dy="16">integrity</tspan></text></g><path d="M 33.11328125,72 L 278.6689453125 72" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 278.6689453125,80 L 288.6689453125 80 L 288.6689453125 98 L 278.6689453125 98" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 278.6689453125,132 L 33.11328125 132" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 278.6689453125,162 L 541.7041015625 162" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 278.6689453125,192 L 541.7041015625 192" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 278.6689453125,222 L 647.0205078125 222" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 278.6689453125,252 L 647.0205078125 252" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 541.7041015625,260 L 551.7041015625 260 L 551.7041015625 278 L 541.7041015625 278" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 647.0205078125,290 L 657.0205078125 290 L 657.0205078125 308 L 647.0205078125 308" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 33.11328125,38 L 33.11328125 332" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1"/><path d="M 278.6689453125,38 L 278.6689453125 332" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1"/><path d="M 541.7041015625,38 L 541.7041015625 332" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1"/><path d="M 647.0205078125,38 L 647.0205078125 332" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1"/><g transform="translate(92.4892578125, 50)"><rect width="126.8037109375" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">session key and nonce</tspan></text></g><g transform="translate(290.6689453125, 80)"><rect width="50.9794921875" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">initialize</tspan></text></g><g transform="translate(57.11328125, 110)"><rect width="197.5556640625" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">derive new session key (wire only)</tspan></text></g><g transform="translate(309.27587890625, 140)"><rect width="201.8212890625" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">derive key for encryption algorithm</tspan></text></g><g transform="translate(302.6689453125, 170)"><rect width="215.03515625" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">derive nonce for encryption algorithm</tspan></text></g><g transform="translate(368.1513671875, 200)"><rect width="189.38671875" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">derive key for integrity algorithm</tspan></text></g><g transform="translate(355.3271484375, 230)"><rect width="215.03515625" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">derive nonce for encryption algorithm</tspan></text></g><g transform="translate(553.7041015625, 260)"><rect width="89.8486328125" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">encrypt/decrypt</tspan></text></g><g transform="translate(659.0205078125, 290)"><rect width="139.2041015625" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">calculate/check integrity</tspan></text></g></svg> \ No newline at end of file diff --git a/docs/key_establishment_dh.svg b/docs/key_establishment_dh.svg new file mode 100644 index 0000000..3044d93 --- /dev/null +++ b/docs/key_establishment_dh.svg @@ -0,0 +1 @@ +<svg xmlns="http://www.w3.org/2000/svg" id="mainsvg" width="736.943359375" height="382" viewBox="-10 -10 736.943359375 382"><defs><marker id="arrow" viewBox="0 0 10 10" refX="10" refY="5" markerWidth="6" markerHeight="6" orient="auto-start-reverse"><path d="M 0 0 L 10 5 L 0 10 z"/></marker><filter id="shadowfilter" x="-20%" y="-20%" width="150%" height="150%" filterUnits="objectBoundingBox" primitiveUnits="userSpaceOnUse" color-interpolation-filters="linearRGB"><feDropShadow stdDeviation="4 4" in="SourceGraphic" dx="1" dy="1" flood-color="#BABABA" flood-opacity="0.9" x="0%" y="0%" width="100%" height="100%" result="dropShadow"/></filter><filter id="shadowfilter2" x="0" y="0" width="200%" height="200%" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0"/><feOffset dy="4" dx="2"/><feGaussianBlur stdDeviation="2"/><feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.25 0"/><feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow"/><feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow" result="shape"/></filter></defs><g transform="translate(0, 0)"><rect width="55.5390625" height="38" stroke="#555656" fill="white" stroke-width="1.3" transform="translate(0, 0)" rx="2" filter="url(#shadowfilter)"/><text fill="black" font-size="16" font-weight="normal" transform="translate(10, 10)" alignment-baseline="middle" font-family="Bookman"><tspan x="0" dy="16">client</tspan></text></g><g transform="translate(150.287109375, 0)"><rect width="59.0859375" height="38" stroke="#555656" fill="white" stroke-width="1.3" transform="translate(0, 0)" rx="2" filter="url(#shadowfilter)"/><text fill="black" font-size="16" font-weight="normal" transform="translate(10, 10)" alignment-baseline="middle" font-family="Bookman"><tspan x="0" dy="16">server</tspan></text></g><path d="M 27.76953125,50 L 37.76953125 50 L 37.76953125 68 L 27.76953125 68" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 179.830078125,80 L 189.830078125 80 L 189.830078125 98 L 179.830078125 98" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 27.76953125,110 L 37.76953125 110 L 37.76953125 128 L 27.76953125 128" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 27.76953125,162 L 179.830078125 162" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 179.830078125,170 L 189.830078125 170 L 189.830078125 188 L 179.830078125 188" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 179.830078125,200 L 189.830078125 200 L 189.830078125 218 L 179.830078125 218" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 179.830078125,252 L 27.76953125 252" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 27.76953125,260 L 37.76953125 260 L 37.76953125 278 L 27.76953125 278" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 27.76953125,312 L 179.830078125 312" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 179.830078125,320 L 189.830078125 320 L 189.830078125 338 L 179.830078125 338" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 27.76953125,38 L 27.76953125 362" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1"/><path d="M 179.830078125,38 L 179.830078125 362" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1"/><g transform="translate(39.76953125, 50)"><rect width="166.404296875" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">generates ephemeral key [e1]</tspan></text></g><g transform="translate(191.830078125, 80)"><rect width="347.228515625" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">init only: generates semi-ephemeral key [se] and distributes it</tspan></text></g><g transform="translate(39.76953125, 110)"><rect width="401.3828125" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">init only: makes secret [s1] from [e1, se], applies it to [client—>server]</tspan></text></g><g transform="translate(54.97900390625, 140)"><rect width="97.6416015625" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">sends public [e1]</tspan></text></g><g transform="translate(191.830078125, 170)"><rect width="525.11328125" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">init only: makes secret [s1] from [se, e1], applies it to [client—>server] and [client<—server]</tspan></text></g><g transform="translate(191.830078125, 200)"><rect width="519.890625" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">generates ephemeral key [e2], makes secret [s2] from [e2, e1], applies it to [client<—server]</tspan></text></g><g transform="translate(54.97900390625, 230)"><rect width="97.6416015625" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">sends public [e2]</tspan></text></g><g transform="translate(39.76953125, 260)"><rect width="472.216796875" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">makes secret [s2] from [e1, e2], applies it to [client<—server] and [client—>server]</tspan></text></g><g transform="translate(51.76953125, 290)"><rect width="104.060546875" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">sends APPLY flag</tspan></text></g><g transform="translate(191.830078125, 320)"><rect width="217.4755859375" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">applies secret [s2] to [client—>server]</tspan></text></g></svg> \ No newline at end of file diff --git a/docs/key_establishment_ke.svg b/docs/key_establishment_ke.svg new file mode 100644 index 0000000..411626a --- /dev/null +++ b/docs/key_establishment_ke.svg @@ -0,0 +1 @@ +<svg xmlns="http://www.w3.org/2000/svg" id="mainsvg" width="733.265625" height="412" viewBox="-10 -10 733.265625 412"><defs><marker id="arrow" viewBox="0 0 10 10" refX="10" refY="5" markerWidth="6" markerHeight="6" orient="auto-start-reverse"><path d="M 0 0 L 10 5 L 0 10 z"/></marker><filter id="shadowfilter" x="-20%" y="-20%" width="150%" height="150%" filterUnits="objectBoundingBox" primitiveUnits="userSpaceOnUse" color-interpolation-filters="linearRGB"><feDropShadow stdDeviation="4 4" in="SourceGraphic" dx="1" dy="1" flood-color="#BABABA" flood-opacity="0.9" x="0%" y="0%" width="100%" height="100%" result="dropShadow"/></filter><filter id="shadowfilter2" x="0" y="0" width="200%" height="200%" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0"/><feOffset dy="4" dx="2"/><feGaussianBlur stdDeviation="2"/><feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.25 0"/><feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow"/><feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow" result="shape"/></filter></defs><g transform="translate(0, 0)"><rect width="55.5390625" height="38" stroke="#555656" fill="white" stroke-width="1.3" transform="translate(0, 0)" rx="2" filter="url(#shadowfilter)"/><text fill="black" font-size="16" font-weight="normal" transform="translate(10, 10)" alignment-baseline="middle" font-family="Bookman"><tspan x="0" dy="16">client</tspan></text></g><g transform="translate(159.8232421875, 0)"><rect width="59.0859375" height="38" stroke="#555656" fill="white" stroke-width="1.3" transform="translate(0, 0)" rx="2" filter="url(#shadowfilter)"/><text fill="black" font-size="16" font-weight="normal" transform="translate(10, 10)" alignment-baseline="middle" font-family="Bookman"><tspan x="0" dy="16">server</tspan></text></g><path d="M 27.76953125,50 L 37.76953125 50 L 37.76953125 68 L 27.76953125 68" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 189.3662109375,80 L 199.3662109375 80 L 199.3662109375 98 L 189.3662109375 98" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 27.76953125,110 L 37.76953125 110 L 37.76953125 128 L 27.76953125 128" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 27.76953125,162 L 189.3662109375 162" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 27.76953125,192 L 189.3662109375 192" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 189.3662109375,200 L 199.3662109375 200 L 199.3662109375 218 L 189.3662109375 218" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 189.3662109375,230 L 199.3662109375 230 L 199.3662109375 248 L 189.3662109375 248" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 189.3662109375,282 L 27.76953125 282" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 27.76953125,290 L 37.76953125 290 L 37.76953125 308 L 27.76953125 308" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 27.76953125,342 L 189.3662109375 342" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 189.3662109375,350 L 199.3662109375 350 L 199.3662109375 368 L 189.3662109375 368" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1" marker-end="url(#arrow)"/><path d="M 27.76953125,38 L 27.76953125 392" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1"/><path d="M 189.3662109375,38 L 189.3662109375 392" fill="none" stroke="black" stroke-dasharray="none" stroke-width="1"/><g transform="translate(39.76953125, 50)"><rect width="166.404296875" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">generates ephemeral key [e1]</tspan></text></g><g transform="translate(201.3662109375, 80)"><rect width="347.228515625" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">init only: generates semi-ephemeral key [se] and distributes it</tspan></text></g><g transform="translate(39.76953125, 110)"><rect width="531.990234375" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">init only: creates secret [s1], applies it to [client—>server], encapsulates it with [se] to get [c1]</tspan></text></g><g transform="translate(59.7470703125, 140)"><rect width="97.6416015625" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">sends public [e1]</tspan></text></g><g transform="translate(51.76953125, 170)"><rect width="113.5966796875" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">init only: sends [c1]</tspan></text></g><g transform="translate(201.3662109375, 200)"><rect width="511.8994140625" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">init only: gets secret [s1] from [se, c1], applies it to [client—>server] and [client<—server]</tspan></text></g><g transform="translate(201.3662109375, 230)"><rect width="479.09375" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">creates secret [s2], applies it to [client<—server], encapsulates it with [e1] to get [c2]</tspan></text></g><g transform="translate(78.99365234375, 260)"><rect width="59.1484375" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">sends [c2]</tspan></text></g><g transform="translate(39.76953125, 290)"><rect width="459.0029296875" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">gets secret [s2] from [e1, c2], applies it to [client<—server] and [client—>server]</tspan></text></g><g transform="translate(56.53759765625, 320)"><rect width="104.060546875" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">sends APPLY flag</tspan></text></g><g transform="translate(201.3662109375, 350)"><rect width="217.4755859375" height="18" stroke="none" fill="white" stroke-width="1" transform="translate(0, 0)" rx="5"/><text fill="black" font-size="14" font-weight="normal" transform="translate(1, 1)" alignment-baseline="middle"><tspan x="0" dy="14">applies secret [s2] to [client—>server]</tspan></text></g></svg> \ No newline at end of file