Verified Commit da9e5971 authored by Sofia Celi's avatar Sofia Celi
Browse files

Add notes from OMEMO review

parent d1966716
......@@ -9,6 +9,40 @@ OTRv4 to work correctly over XMPP.
### Explain how multicasting/synchronization will work
#### OMEMO:
From the security audit plus some comments:
"Assume Alice wants to send an OMEMO encrypted message from her phone. She can
detect that Bob’s device(s) support OMEMO by requesting his device list with
PEP. If he does, she encrypts and authenticates her message using a randomly
generated key (`sym_k`). For every device that Alice wants to send the encrypted
message to, she fetches the entire bundle via PEP (sic: this means that a Key
Agreement is done per each device: how is the long-term secret key shared?). If
she wants to add more of her own devices in the conversation, she gets their
bundles as well from her own server. Alice creates a PreKeySignalMessage for
every device by picking a random one-time prekey from each bundle and
encrypting the randomly generated key to each device. She combines all
information in a single MessageElement: the encrypted payload (<payload/>), the
plaintext iv (<iv/>), the sender id (sid) and the encrypted
random key (<key/>) tagged with the corresponding receiver id (rid)"
1. Generate a random `sym_k`.
2. Calculate: `enc_key(32), auth_key(32), IV(16) := SHA-256(sym_k || 0x00 || "OMEMO Payload")`
3. Encrypt: `c := AES_CBC(enc_key, IV || message)`
4. Calculate: `MAC := SHA-256(auth_key || c)`
5. Concatenate: `payload := c || MAC`
6. Execute the double ratchet algorithm and generate a message key `mk`.
7. Calculate: `h_enc_key(32), auth_key(32), IV(16) := SHA-256(m_k || 0x00 || "OMEMO Message Key Material")`
8. Encrypt the payload: `h := (h_enc_key, payload)`
Since step 6, it is executed per device.
* [Private Group Messaging](
* [OMEMO: cryptographic analysis report](
### Define a prekey server discovery and place
### Explain how key management will work
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment