[html5] r5967 - [giow] (0) Make the PeerConnection UDP data media stream feature prevent replay [...]
whatwg at whatwg.org
whatwg at whatwg.org
Mon Mar 28 16:58:06 PDT 2011
Author: ianh
Date: 2011-03-28 16:58:04 -0700 (Mon, 28 Mar 2011)
New Revision: 5967
Modified:
complete.html
index
source
Log:
[giow] (0) Make the PeerConnection UDP data media stream feature prevent replay attacks, and add integrity checks. Also, make some of the mentions of HMAC-SHA1 make sense.
Modified: complete.html
===================================================================
--- complete.html 2011-03-25 22:21:47 UTC (rev 5966)
+++ complete.html 2011-03-28 23:58:04 UTC (rev 5967)
@@ -239,7 +239,7 @@
<header class=head id=head><p><a class=logo href=http://www.whatwg.org/ rel=home><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1>Web Applications 1.0</h1>
- <h2 class="no-num no-toc">Living Standard — Last Updated 25 March 2011</h2>
+ <h2 class="no-num no-toc">Living Standard — Last Updated 28 March 2011</h2>
</hgroup><p>You can take part in this work. <a href=http://www.whatwg.org/mailing-list>Join the working group's discussion list.</a></p>
<p><strong>Web designers!</strong> We have a <a href=http://blog.whatwg.org/faq/>FAQ</a>, a <a href=http://forums.whatwg.org/>forum</a>, and a <a href=http://www.whatwg.org/mailing-list#help>help mailing list</a> for you!</p>
<!--<p class="impl"><strong>Implementors!</strong> We have a <a href="http://www.whatwg.org/mailing-list#implementors">mailing list</a> for you too!</p>-->
@@ -73236,8 +73236,8 @@
<p>All <code><a href=#peerconnection>PeerConnection</a></code> connections include a <dfn id=data-udp-media-stream>data
UDP media stream</dfn>, which is used to send data packets
peer-to-peer, for instance game control packets. This data channel
- is unreliable (packets are not guaranteed to be delivered, and are
- not guaranteed to be delivered in the right order).</p>
+ is unreliable (packets are not guaranteed to be delivered), and
+ packets received out of order are discarded.</p>
<p>SDP media descriptions for <a href=#data-udp-media-stream title="data UDP media
stream">data UDP media streams</a> must use the "<code title="">application</code>" media type, the "<code title="">udp</code>" transport protocol, and the
@@ -73261,6 +73261,11 @@
and must maintain that UDP media stream for the ICE Agents' whole
lifetime.</p>
+ <p>Each <a href=#peerconnection-data-udp-media-stream><code>PeerConnection</code> data UDP media
+ stream</a> has a <dfn id=sending-sequence-number>sending sequence number</dfn>, which must
+ initially be set to one (1), and a <dfn id=most-recently-received-sequence-number>most recently received
+ sequence number</dfn>, much must initially be zero (0).
+
<p>A <a href=#data-udp-media-stream>data UDP media stream</a> is an <dfn id=active-data-udp-media-stream>active data UDP
media stream</dfn> if the <a href=#peerconnection-ice-agent><code>PeerConnection</code> ICE
Agent</a> has selected a destination for it. A <a href=#data-udp-media-stream>data UDP
@@ -73272,16 +73277,25 @@
<p>Bytes transmitted on a <a href=#data-udp-media-stream>data UDP media stream</a> are
masked so as to prevent cross-protocol attacks (<a href=#data-udp-media-stream>data UDP media
stream</a> always appear to contain random noise to other
- protocols). For the purposes of masking, the <dfn id=data-udp-media-stream-salt>data UDP media
- stream salt</dfn> is defined to be the following 16 bytes, described
- here as hexadecimal numbers: DB 68 B5 FD 17 0E 15 77 56 AF 7A 3A 1A
- 57 75 02</p>
+ protocols). For the purposes of masking, the <dfn id=data-udp-media-stream-masking-salt>data UDP media
+ stream masking salt</dfn> is defined to be the following 16 bytes,
+ described here as hexadecimal numbers: DB 68 B5 FD 17 0E 15 77 56 AF
+ 7A 3A 1A 57 75 02</p>
<!-- obtained thusly: head -c 16 /dev/urandom | hexdump -C -->
+ <p>Bytes transmitted on a <a href=#data-udp-media-stream>data UDP media stream</a> are
+ also hashed so as to prevent forgery attacks (an attacker cannot
+ change the data without knowing the key negotiated via the signaling
+ channel). For the purposes of this hashing, the <dfn id=data-udp-media-stream-hashing-salt>data UDP media
+ stream hashing salt</dfn> is defined to be the following 16 bytes,
+ described here as hexadecimal numbers: 4E 2F 96 AB 0A 39 92 A2 56 94
+ 91 F5 7E 58 2E FA</p>
+ <!-- obtained thusly: head -c 16 /dev/urandom | hexdump -C -->
+
<p>When the user agent is to <dfn id=transmit-a-data-packet-to-a-peer>transmit a data packet to a
peer</dfn> using a <a href=#data-udp-media-stream>data UDP media stream</a> and with a
- byte string payload <var title="">raw message</var>, the user agent must
- run the following steps:</p>
+ byte string payload <var title="">raw message</var>, the user agent
+ must run the following steps:</p>
<ol><li><p>Let <var title="">nonce</var> be 16 cryptographically random
bytes.</li>
@@ -73290,23 +73304,42 @@
encryption key for the <a href=#data-udp-media-stream>data UDP media stream</a> in its
media description, as defined above.</li>
- <li><p>Let <var title="">key</var> be the first 16 bytes of
- the HMAC-SHA1 of the concatenation of the 16 <var title="">nonce</var> bytes, the 16 <a href=#data-udp-media-stream-salt>data UDP media stream
- salt</a> bytes, and the 16 <var title="">ice-key</var> bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+ <li><p>Let <var title="">sending sequence number</var> be the
+ current <a href=#sending-sequence-number>sending sequence number</a>.</li>
+ <li><p>Increment the <a href=#sending-sequence-number>sending sequence number</a> by one
+ (1).</li>
+
+ <li><p>Let <var title="">mask-key</var> be the first 16 bytes of the
+ HMAC-SHA1 of the 16 <a href=#data-udp-media-stream-masking-salt>data UDP media stream masking salt</a>
+ bytes keyed with the 16 <var title="">ice-key</var> bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+
<li><p>Let <var title="">typed raw message</var> be the
- concatenation of three 0x00 bytes, a 0x01 byte, and <var title="">raw message</var>.</li>
+ concatenation of the <var title="">sequence number</var> as a
+ big-endian 64 bit integer, three 0x00 bytes, a 0x01 byte, and <var title="">raw message</var>.</li>
<li><p>Let <var title="">masked message</var> be the result of
encrypting <var title="">typed raw message</var> using AES-128-CTR
- keyed with <var title="">key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
+ keyed with <var title="">mask-key</var> and using the 16 <var title="">nonce</var> bytes as the initial counter value. <a href=#refsAES128CTR>[AES128CTR]</a></li>
<li><p>Let <var title="">masked message with nonce</var> be the
concatenation of <var title="">nonce</var> and <var title="">masked
message</var>.</li>
- <li><p>Send <var title="">masked message with nonce</var> in a UDP
- packet to the destination that the relevant
+ <li><p>Let <var title="">hash-key</var> be the first 16 bytes of
+ the HMAC-SHA1 of the 16 <a href=#data-udp-media-stream-hashing-salt>data UDP media stream hashing
+ salt</a> bytes keyed with the 16 <var title="">ice-key</var>
+ bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+
+ <li><p>Let <var title="">hash</var> be the first 16 bytes of the
+ HMAC-SHA1 of <var title="">masked message with nonce</var> keyed
+ with the 16 <var title="">hash-key</var> bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+
+ <li><p>Let <var title="">hashed masked message with nonce</var> be the
+ concatenation of <var title="">hash</var> and <var title="">masked message with nonce</var>.</li>
+
+ <li><p>Send <var title="">hashed masked message with nonce</var> in
+ a UDP packet to the destination that the relevant
<a href=#peerconnection-ice-agent><code>PeerConnection</code> ICE Agent</a> has selected a
destination for the <a href=#data-udp-media-stream>data UDP media stream</a>.</li>
@@ -73314,36 +73347,64 @@
stream</a> is received, the user agent must run the following
steps:</p>
- <ol><li><p>Let <var title="">masked message with nonce</var> be the UDP
+ <ol><li><p>Let <var title="">hashed masked message with nonce</var> be the UDP
packet's data.</li>
- <li><p>If <var title="">masked message with nonce</var> is shorter than 20
- bytes, then abort these steps.</li>
+ <li><p>If <var title="">hashed masked message with nonce</var> is
+ shorter than 32 bytes, then abort these steps.</li>
<li><p>Let <var title="">ice-key</var> be the 16 bytes given as the
encryption key for the <a href=#data-udp-media-stream>data UDP media stream</a> in the
media description for this media stream. <a href=#refsSDP>[SDP]</a></li>
+ <li><p>Let <var title="">hash-key</var> be the first 16 bytes of
+ the HMAC-SHA1 of the 16 <a href=#data-udp-media-stream-hashing-salt>data UDP media stream hashing
+ salt</a> bytes keyed with the 16 <var title="">ice-key</var>
+ bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+
+ <li><p>Let <var title="">hash</var> be the first 16 bytes of
+ the <var title="">hashed masked message with nonce</var>.</li>
+
+ <li><p>Let <var title="">masked message with nonce</var> be all but
+ the first 16 bytes of <var title="">hashed masked message with
+ nonce</var>.</li>
+
+ <li><p>If <var title="">hash</var> does not equal the first 16
+ bytes of the HMAC-SHA1 of <var title="">masked message with
+ nonce</var> keyed with the 16 <var title="">hash-key</var> bytes,
+ abort these steps. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+
<li><p>Let <var title="">nonce</var> be the first 16 bytes of the
<var title="">masked message with nonce</var>.</li>
<li><p>Let <var title="">masked message</var> be all but the first
16 bytes of <var title="">masked message with nonce</var>.</li>
- <li><p>Let <var title="">key</var> be the first 16 bytes of
- the HMAC-SHA1 of the concatenation of the 16 <var title="">nonce</var> bytes, the 16 <a href=#data-udp-media-stream-salt>data UDP media stream
- salt</a> bytes, and the 16 <var title="">ice-key</var> bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+ <li><p>Let <var title="">mask-key</var> be the first 16 bytes of the
+ HMAC-SHA1 of the 16 <a href=#data-udp-media-stream-masking-salt>data UDP media stream masking salt</a>
+ bytes keyed with the 16 <var title="">ice-key</var> bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
<li><p>Let <var title="">typed raw message</var> be the result of
decrypting <var title="">masked message</var> using AES-128-CTR
- keyed with <var title="">key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
+ keyed with <var title="">mask-key</var> and using the 16 <var title="">nonce</var> bytes as the initial counter value. <a href=#refsAES128CTR>[AES128CTR]</a></li>
- <li><p>If the four bytes of <var title="">typed raw message</var>
- are not 0x00, 0x00, 0x00, and 0x01 respectively, then abort these
- steps.</li>
+ <li><p>Let <var title="">sequence number</var> be the result of
+ interpreting the first eight bytes of <var title="">typed raw
+ message</var> as a 64 bit big-endian integer.</li>
+ <li><p>If <var title="">sequence number</var> is less than the
+ <a href=#most-recently-received-sequence-number>most recently received sequence number</a> then abort
+ these steps.</li>
+
+ <li><p>Let the <a href=#most-recently-received-sequence-number>most recently received sequence number</a>
+ be <var title="">sequence number</var>.</li>
+
+ <li><p>If the ninth, tenth, eleventh, and twelfth bytes of <var title="">typed raw message</var> are not 0x00, 0x00, 0x00, and 0x01
+ respectively, then abort these steps.</li>
+
<li><p>Let <var title="">raw message</var> be the byte string
- consisting of all but the first four characters of <var title="">typed raw message</var>.</li>
+ consisting of all but the first twelve bytes of <var title="">typed
+ raw message</var>.</li>
<li><p>Let <var title="">message</var> be <var title="">raw
message</var> <a href=#decoded-as-utf-8,-with-error-handling>decoded as UTF-8, with error
@@ -73357,7 +73418,12 @@
responsible for this side of the <a href=#data-udp-media-stream>data UDP media
stream</a>.</li>
- </ol><p>A <dfn id=remotely-initiated-data-udp-media-stream>remotely-initiated data UDP media stream</dfn> is the
+ </ol><p class=note>Though described above as being computed for each
+ packet, the <var title="">ice-key</var>, <var title="">hash-key</var>, and <var title="">mask-key</var> values can
+ be precomputed as soon as the <a href=#peerconnection-ice-agent><code>PeerConnection</code> ICE
+ Agent</a> is started.</p>
+
+ <p>A <dfn id=remotely-initiated-data-udp-media-stream>remotely-initiated data UDP media stream</dfn> is the
first "sendrecv" media stream in the initial offer whose media is
"<code title="">application</code>", whose transport protocol is
"<code title="">udp</code>", whose media format description is
Modified: index
===================================================================
--- index 2011-03-25 22:21:47 UTC (rev 5966)
+++ index 2011-03-28 23:58:04 UTC (rev 5967)
@@ -243,7 +243,7 @@
<header class=head id=head><p><a class=logo href=http://www.whatwg.org/ rel=home><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
- <h2 class="no-num no-toc">Living Standard — Last Updated 25 March 2011</h2>
+ <h2 class="no-num no-toc">Living Standard — Last Updated 28 March 2011</h2>
</hgroup><p>You can take part in this work. <a href=http://www.whatwg.org/mailing-list>Join the working group's discussion list.</a></p>
<p><strong>Web designers!</strong> We have a <a href=http://blog.whatwg.org/faq/>FAQ</a>, a <a href=http://forums.whatwg.org/>forum</a>, and a <a href=http://www.whatwg.org/mailing-list#help>help mailing list</a> for you!</p>
<!--<p class="impl"><strong>Implementors!</strong> We have a <a href="http://www.whatwg.org/mailing-list#implementors">mailing list</a> for you too!</p>-->
@@ -73242,8 +73242,8 @@
<p>All <code><a href=#peerconnection>PeerConnection</a></code> connections include a <dfn id=data-udp-media-stream>data
UDP media stream</dfn>, which is used to send data packets
peer-to-peer, for instance game control packets. This data channel
- is unreliable (packets are not guaranteed to be delivered, and are
- not guaranteed to be delivered in the right order).</p>
+ is unreliable (packets are not guaranteed to be delivered), and
+ packets received out of order are discarded.</p>
<p>SDP media descriptions for <a href=#data-udp-media-stream title="data UDP media
stream">data UDP media streams</a> must use the "<code title="">application</code>" media type, the "<code title="">udp</code>" transport protocol, and the
@@ -73267,6 +73267,11 @@
and must maintain that UDP media stream for the ICE Agents' whole
lifetime.</p>
+ <p>Each <a href=#peerconnection-data-udp-media-stream><code>PeerConnection</code> data UDP media
+ stream</a> has a <dfn id=sending-sequence-number>sending sequence number</dfn>, which must
+ initially be set to one (1), and a <dfn id=most-recently-received-sequence-number>most recently received
+ sequence number</dfn>, much must initially be zero (0).
+
<p>A <a href=#data-udp-media-stream>data UDP media stream</a> is an <dfn id=active-data-udp-media-stream>active data UDP
media stream</dfn> if the <a href=#peerconnection-ice-agent><code>PeerConnection</code> ICE
Agent</a> has selected a destination for it. A <a href=#data-udp-media-stream>data UDP
@@ -73278,16 +73283,25 @@
<p>Bytes transmitted on a <a href=#data-udp-media-stream>data UDP media stream</a> are
masked so as to prevent cross-protocol attacks (<a href=#data-udp-media-stream>data UDP media
stream</a> always appear to contain random noise to other
- protocols). For the purposes of masking, the <dfn id=data-udp-media-stream-salt>data UDP media
- stream salt</dfn> is defined to be the following 16 bytes, described
- here as hexadecimal numbers: DB 68 B5 FD 17 0E 15 77 56 AF 7A 3A 1A
- 57 75 02</p>
+ protocols). For the purposes of masking, the <dfn id=data-udp-media-stream-masking-salt>data UDP media
+ stream masking salt</dfn> is defined to be the following 16 bytes,
+ described here as hexadecimal numbers: DB 68 B5 FD 17 0E 15 77 56 AF
+ 7A 3A 1A 57 75 02</p>
<!-- obtained thusly: head -c 16 /dev/urandom | hexdump -C -->
+ <p>Bytes transmitted on a <a href=#data-udp-media-stream>data UDP media stream</a> are
+ also hashed so as to prevent forgery attacks (an attacker cannot
+ change the data without knowing the key negotiated via the signaling
+ channel). For the purposes of this hashing, the <dfn id=data-udp-media-stream-hashing-salt>data UDP media
+ stream hashing salt</dfn> is defined to be the following 16 bytes,
+ described here as hexadecimal numbers: 4E 2F 96 AB 0A 39 92 A2 56 94
+ 91 F5 7E 58 2E FA</p>
+ <!-- obtained thusly: head -c 16 /dev/urandom | hexdump -C -->
+
<p>When the user agent is to <dfn id=transmit-a-data-packet-to-a-peer>transmit a data packet to a
peer</dfn> using a <a href=#data-udp-media-stream>data UDP media stream</a> and with a
- byte string payload <var title="">raw message</var>, the user agent must
- run the following steps:</p>
+ byte string payload <var title="">raw message</var>, the user agent
+ must run the following steps:</p>
<ol><li><p>Let <var title="">nonce</var> be 16 cryptographically random
bytes.</li>
@@ -73296,23 +73310,42 @@
encryption key for the <a href=#data-udp-media-stream>data UDP media stream</a> in its
media description, as defined above.</li>
- <li><p>Let <var title="">key</var> be the first 16 bytes of
- the HMAC-SHA1 of the concatenation of the 16 <var title="">nonce</var> bytes, the 16 <a href=#data-udp-media-stream-salt>data UDP media stream
- salt</a> bytes, and the 16 <var title="">ice-key</var> bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+ <li><p>Let <var title="">sending sequence number</var> be the
+ current <a href=#sending-sequence-number>sending sequence number</a>.</li>
+ <li><p>Increment the <a href=#sending-sequence-number>sending sequence number</a> by one
+ (1).</li>
+
+ <li><p>Let <var title="">mask-key</var> be the first 16 bytes of the
+ HMAC-SHA1 of the 16 <a href=#data-udp-media-stream-masking-salt>data UDP media stream masking salt</a>
+ bytes keyed with the 16 <var title="">ice-key</var> bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+
<li><p>Let <var title="">typed raw message</var> be the
- concatenation of three 0x00 bytes, a 0x01 byte, and <var title="">raw message</var>.</li>
+ concatenation of the <var title="">sequence number</var> as a
+ big-endian 64 bit integer, three 0x00 bytes, a 0x01 byte, and <var title="">raw message</var>.</li>
<li><p>Let <var title="">masked message</var> be the result of
encrypting <var title="">typed raw message</var> using AES-128-CTR
- keyed with <var title="">key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
+ keyed with <var title="">mask-key</var> and using the 16 <var title="">nonce</var> bytes as the initial counter value. <a href=#refsAES128CTR>[AES128CTR]</a></li>
<li><p>Let <var title="">masked message with nonce</var> be the
concatenation of <var title="">nonce</var> and <var title="">masked
message</var>.</li>
- <li><p>Send <var title="">masked message with nonce</var> in a UDP
- packet to the destination that the relevant
+ <li><p>Let <var title="">hash-key</var> be the first 16 bytes of
+ the HMAC-SHA1 of the 16 <a href=#data-udp-media-stream-hashing-salt>data UDP media stream hashing
+ salt</a> bytes keyed with the 16 <var title="">ice-key</var>
+ bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+
+ <li><p>Let <var title="">hash</var> be the first 16 bytes of the
+ HMAC-SHA1 of <var title="">masked message with nonce</var> keyed
+ with the 16 <var title="">hash-key</var> bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+
+ <li><p>Let <var title="">hashed masked message with nonce</var> be the
+ concatenation of <var title="">hash</var> and <var title="">masked message with nonce</var>.</li>
+
+ <li><p>Send <var title="">hashed masked message with nonce</var> in
+ a UDP packet to the destination that the relevant
<a href=#peerconnection-ice-agent><code>PeerConnection</code> ICE Agent</a> has selected a
destination for the <a href=#data-udp-media-stream>data UDP media stream</a>.</li>
@@ -73320,36 +73353,64 @@
stream</a> is received, the user agent must run the following
steps:</p>
- <ol><li><p>Let <var title="">masked message with nonce</var> be the UDP
+ <ol><li><p>Let <var title="">hashed masked message with nonce</var> be the UDP
packet's data.</li>
- <li><p>If <var title="">masked message with nonce</var> is shorter than 20
- bytes, then abort these steps.</li>
+ <li><p>If <var title="">hashed masked message with nonce</var> is
+ shorter than 32 bytes, then abort these steps.</li>
<li><p>Let <var title="">ice-key</var> be the 16 bytes given as the
encryption key for the <a href=#data-udp-media-stream>data UDP media stream</a> in the
media description for this media stream. <a href=#refsSDP>[SDP]</a></li>
+ <li><p>Let <var title="">hash-key</var> be the first 16 bytes of
+ the HMAC-SHA1 of the 16 <a href=#data-udp-media-stream-hashing-salt>data UDP media stream hashing
+ salt</a> bytes keyed with the 16 <var title="">ice-key</var>
+ bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+
+ <li><p>Let <var title="">hash</var> be the first 16 bytes of
+ the <var title="">hashed masked message with nonce</var>.</li>
+
+ <li><p>Let <var title="">masked message with nonce</var> be all but
+ the first 16 bytes of <var title="">hashed masked message with
+ nonce</var>.</li>
+
+ <li><p>If <var title="">hash</var> does not equal the first 16
+ bytes of the HMAC-SHA1 of <var title="">masked message with
+ nonce</var> keyed with the 16 <var title="">hash-key</var> bytes,
+ abort these steps. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+
<li><p>Let <var title="">nonce</var> be the first 16 bytes of the
<var title="">masked message with nonce</var>.</li>
<li><p>Let <var title="">masked message</var> be all but the first
16 bytes of <var title="">masked message with nonce</var>.</li>
- <li><p>Let <var title="">key</var> be the first 16 bytes of
- the HMAC-SHA1 of the concatenation of the 16 <var title="">nonce</var> bytes, the 16 <a href=#data-udp-media-stream-salt>data UDP media stream
- salt</a> bytes, and the 16 <var title="">ice-key</var> bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+ <li><p>Let <var title="">mask-key</var> be the first 16 bytes of the
+ HMAC-SHA1 of the 16 <a href=#data-udp-media-stream-masking-salt>data UDP media stream masking salt</a>
+ bytes keyed with the 16 <var title="">ice-key</var> bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
<li><p>Let <var title="">typed raw message</var> be the result of
decrypting <var title="">masked message</var> using AES-128-CTR
- keyed with <var title="">key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
+ keyed with <var title="">mask-key</var> and using the 16 <var title="">nonce</var> bytes as the initial counter value. <a href=#refsAES128CTR>[AES128CTR]</a></li>
- <li><p>If the four bytes of <var title="">typed raw message</var>
- are not 0x00, 0x00, 0x00, and 0x01 respectively, then abort these
- steps.</li>
+ <li><p>Let <var title="">sequence number</var> be the result of
+ interpreting the first eight bytes of <var title="">typed raw
+ message</var> as a 64 bit big-endian integer.</li>
+ <li><p>If <var title="">sequence number</var> is less than the
+ <a href=#most-recently-received-sequence-number>most recently received sequence number</a> then abort
+ these steps.</li>
+
+ <li><p>Let the <a href=#most-recently-received-sequence-number>most recently received sequence number</a>
+ be <var title="">sequence number</var>.</li>
+
+ <li><p>If the ninth, tenth, eleventh, and twelfth bytes of <var title="">typed raw message</var> are not 0x00, 0x00, 0x00, and 0x01
+ respectively, then abort these steps.</li>
+
<li><p>Let <var title="">raw message</var> be the byte string
- consisting of all but the first four characters of <var title="">typed raw message</var>.</li>
+ consisting of all but the first twelve bytes of <var title="">typed
+ raw message</var>.</li>
<li><p>Let <var title="">message</var> be <var title="">raw
message</var> <a href=#decoded-as-utf-8,-with-error-handling>decoded as UTF-8, with error
@@ -73363,7 +73424,12 @@
responsible for this side of the <a href=#data-udp-media-stream>data UDP media
stream</a>.</li>
- </ol><p>A <dfn id=remotely-initiated-data-udp-media-stream>remotely-initiated data UDP media stream</dfn> is the
+ </ol><p class=note>Though described above as being computed for each
+ packet, the <var title="">ice-key</var>, <var title="">hash-key</var>, and <var title="">mask-key</var> values can
+ be precomputed as soon as the <a href=#peerconnection-ice-agent><code>PeerConnection</code> ICE
+ Agent</a> is started.</p>
+
+ <p>A <dfn id=remotely-initiated-data-udp-media-stream>remotely-initiated data UDP media stream</dfn> is the
first "sendrecv" media stream in the initial offer whose media is
"<code title="">application</code>", whose transport protocol is
"<code title="">udp</code>", whose media format description is
Modified: source
===================================================================
--- source 2011-03-25 22:21:47 UTC (rev 5966)
+++ source 2011-03-28 23:58:04 UTC (rev 5967)
@@ -83531,8 +83531,8 @@
<p>All <code>PeerConnection</code> connections include a <dfn>data
UDP media stream</dfn>, which is used to send data packets
peer-to-peer, for instance game control packets. This data channel
- is unreliable (packets are not guaranteed to be delivered, and are
- not guaranteed to be delivered in the right order).</p>
+ is unreliable (packets are not guaranteed to be delivered), and
+ packets received out of order are discarded.</p>
<p>SDP media descriptions for <span title="data UDP media
stream">data UDP media streams</span> must use the "<code
@@ -83560,6 +83560,11 @@
and must maintain that UDP media stream for the ICE Agents' whole
lifetime.</p>
+ <p>Each <span><code>PeerConnection</code> data UDP media
+ stream</span> has a <dfn>sending sequence number</dfn>, which must
+ initially be set to one (1), and a <dfn>most recently received
+ sequence number</dfn>, much must initially be zero (0).
+
<p>A <span>data UDP media stream</span> is an <dfn>active data UDP
media stream</dfn> if the <span><code>PeerConnection</code> ICE
Agent</span> has selected a destination for it. A <span>data UDP
@@ -83572,15 +83577,24 @@
masked so as to prevent cross-protocol attacks (<span>data UDP media
stream</span> always appear to contain random noise to other
protocols). For the purposes of masking, the <dfn>data UDP media
- stream salt</dfn> is defined to be the following 16 bytes, described
- here as hexadecimal numbers: DB 68 B5 FD 17 0E 15 77 56 AF 7A 3A 1A
- 57 75 02</p>
+ stream masking salt</dfn> is defined to be the following 16 bytes,
+ described here as hexadecimal numbers: DB 68 B5 FD 17 0E 15 77 56 AF
+ 7A 3A 1A 57 75 02</p>
<!-- obtained thusly: head -c 16 /dev/urandom | hexdump -C -->
+ <p>Bytes transmitted on a <span>data UDP media stream</span> are
+ also hashed so as to prevent forgery attacks (an attacker cannot
+ change the data without knowing the key negotiated via the signaling
+ channel). For the purposes of this hashing, the <dfn>data UDP media
+ stream hashing salt</dfn> is defined to be the following 16 bytes,
+ described here as hexadecimal numbers: 4E 2F 96 AB 0A 39 92 A2 56 94
+ 91 F5 7E 58 2E FA</p>
+ <!-- obtained thusly: head -c 16 /dev/urandom | hexdump -C -->
+
<p>When the user agent is to <dfn>transmit a data packet to a
peer</dfn> using a <span>data UDP media stream</span> and with a
- byte string payload <var title="">raw message</var>, the user agent must
- run the following steps:</p>
+ byte string payload <var title="">raw message</var>, the user agent
+ must run the following steps:</p>
<ol>
@@ -83591,27 +83605,49 @@
encryption key for the <span>data UDP media stream</span> in its
media description, as defined above.</p></li>
- <li><p>Let <var title="">key</var> be the first 16 bytes of
- the HMAC-SHA1 of the concatenation of the 16 <var
- title="">nonce</var> bytes, the 16 <span>data UDP media stream
- salt</span> bytes, and the 16 <var title="">ice-key</var> bytes. <a
+ <li><p>Let <var title="">sending sequence number</var> be the
+ current <span>sending sequence number</span>.</p></li>
+
+ <li><p>Increment the <span>sending sequence number</span> by one
+ (1).</p></li>
+
+ <li><p>Let <var title="">mask-key</var> be the first 16 bytes of the
+ HMAC-SHA1 of the 16 <span>data UDP media stream masking salt</span>
+ bytes keyed with the 16 <var title="">ice-key</var> bytes. <a
href="#refsHMAC">[HMAC]</a> <a href="#refsSHA1">[SHA1]</a></p></li>
<li><p>Let <var title="">typed raw message</var> be the
- concatenation of three 0x00 bytes, a 0x01 byte, and <var
+ concatenation of the <var title="">sequence number</var> as a
+ big-endian 64 bit integer, three 0x00 bytes, a 0x01 byte, and <var
title="">raw message</var>.</p></li>
<li><p>Let <var title="">masked message</var> be the result of
encrypting <var title="">typed raw message</var> using AES-128-CTR
- keyed with <var title="">key</var>. <a
+ keyed with <var title="">mask-key</var> and using the 16 <var
+ title="">nonce</var> bytes as the initial counter value. <a
href="#refsAES128CTR">[AES128CTR]</a></p></li>
<li><p>Let <var title="">masked message with nonce</var> be the
concatenation of <var title="">nonce</var> and <var title="">masked
message</var>.</p></li>
- <li><p>Send <var title="">masked message with nonce</var> in a UDP
- packet to the destination that the relevant
+ <li><p>Let <var title="">hash-key</var> be the first 16 bytes of
+ the HMAC-SHA1 of the 16 <span>data UDP media stream hashing
+ salt</span> bytes keyed with the 16 <var title="">ice-key</var>
+ bytes. <a href="#refsHMAC">[HMAC]</a> <a
+ href="#refsSHA1">[SHA1]</a></p></li>
+
+ <li><p>Let <var title="">hash</var> be the first 16 bytes of the
+ HMAC-SHA1 of <var title="">masked message with nonce</var> keyed
+ with the 16 <var title="">hash-key</var> bytes. <a
+ href="#refsHMAC">[HMAC]</a> <a href="#refsSHA1">[SHA1]</a></p></li>
+
+ <li><p>Let <var title="">hashed masked message with nonce</var> be the
+ concatenation of <var title="">hash</var> and <var
+ title="">masked message with nonce</var>.</p></li>
+
+ <li><p>Send <var title="">hashed masked message with nonce</var> in
+ a UDP packet to the destination that the relevant
<span><code>PeerConnection</code> ICE Agent</span> has selected a
destination for the <span>data UDP media stream</span>.</p></li>
@@ -83623,41 +83659,71 @@
<ol>
- <li><p>Let <var title="">masked message with nonce</var> be the UDP
+ <li><p>Let <var title="">hashed masked message with nonce</var> be the UDP
packet's data.</p></li>
- <li><p>If <var title="">masked message with nonce</var> is shorter than 20
- bytes, then abort these steps.</p></li>
+ <li><p>If <var title="">hashed masked message with nonce</var> is
+ shorter than 32 bytes, then abort these steps.</p></li>
<li><p>Let <var title="">ice-key</var> be the 16 bytes given as the
encryption key for the <span>data UDP media stream</span> in the
media description for this media stream. <a
href="#refsSDP">[SDP]</a></p></li>
+ <li><p>Let <var title="">hash-key</var> be the first 16 bytes of
+ the HMAC-SHA1 of the 16 <span>data UDP media stream hashing
+ salt</span> bytes keyed with the 16 <var title="">ice-key</var>
+ bytes. <a href="#refsHMAC">[HMAC]</a> <a
+ href="#refsSHA1">[SHA1]</a></p></li>
+
+ <li><p>Let <var title="">hash</var> be the first 16 bytes of
+ the <var title="">hashed masked message with nonce</var>.</p></li>
+
+ <li><p>Let <var title="">masked message with nonce</var> be all but
+ the first 16 bytes of <var title="">hashed masked message with
+ nonce</var>.</p></li>
+
+ <li><p>If <var title="">hash</var> does not equal the first 16
+ bytes of the HMAC-SHA1 of <var title="">masked message with
+ nonce</var> keyed with the 16 <var title="">hash-key</var> bytes,
+ abort these steps. <a href="#refsHMAC">[HMAC]</a> <a
+ href="#refsSHA1">[SHA1]</a></p></li>
+
<li><p>Let <var title="">nonce</var> be the first 16 bytes of the
<var title="">masked message with nonce</var>.</p></li>
<li><p>Let <var title="">masked message</var> be all but the first
16 bytes of <var title="">masked message with nonce</var>.</p></li>
- <li><p>Let <var title="">key</var> be the first 16 bytes of
- the HMAC-SHA1 of the concatenation of the 16 <var
- title="">nonce</var> bytes, the 16 <span>data UDP media stream
- salt</span> bytes, and the 16 <var title="">ice-key</var> bytes. <a
+ <li><p>Let <var title="">mask-key</var> be the first 16 bytes of the
+ HMAC-SHA1 of the 16 <span>data UDP media stream masking salt</span>
+ bytes keyed with the 16 <var title="">ice-key</var> bytes. <a
href="#refsHMAC">[HMAC]</a> <a href="#refsSHA1">[SHA1]</a></p></li>
<li><p>Let <var title="">typed raw message</var> be the result of
decrypting <var title="">masked message</var> using AES-128-CTR
- keyed with <var title="">key</var>. <a
+ keyed with <var title="">mask-key</var> and using the 16 <var
+ title="">nonce</var> bytes as the initial counter value. <a
href="#refsAES128CTR">[AES128CTR]</a></p></li>
- <li><p>If the four bytes of <var title="">typed raw message</var>
- are not 0x00, 0x00, 0x00, and 0x01 respectively, then abort these
- steps.</p></li>
+ <li><p>Let <var title="">sequence number</var> be the result of
+ interpreting the first eight bytes of <var title="">typed raw
+ message</var> as a 64 bit big-endian integer.</p></li>
+ <li><p>If <var title="">sequence number</var> is less than the
+ <span>most recently received sequence number</span> then abort
+ these steps.</p></li>
+
+ <li><p>Let the <span>most recently received sequence number</span>
+ be <var title="">sequence number</var>.</p></li>
+
+ <li><p>If the ninth, tenth, eleventh, and twelfth bytes of <var
+ title="">typed raw message</var> are not 0x00, 0x00, 0x00, and 0x01
+ respectively, then abort these steps.</p></li>
+
<li><p>Let <var title="">raw message</var> be the byte string
- consisting of all but the first four characters of <var
- title="">typed raw message</var>.</p></li>
+ consisting of all but the first twelve bytes of <var title="">typed
+ raw message</var>.</p></li>
<li><p>Let <var title="">message</var> be <var title="">raw
message</var> <span>decoded as UTF-8, with error
@@ -83675,6 +83741,12 @@
</ol>
+ <p class="note">Though described above as being computed for each
+ packet, the <var title="">ice-key</var>, <var
+ title="">hash-key</var>, and <var title="">mask-key</var> values can
+ be precomputed as soon as the <span><code>PeerConnection</code> ICE
+ Agent</span> is started.</p>
+
<p>A <dfn>remotely-initiated data UDP media stream</dfn> is the
first "sendrecv" media stream in the initial offer whose media is
"<code title="">application</code>", whose transport protocol is
More information about the Commit-Watchers
mailing list