diff options
authorvanitasvitae <vanitasvitae@fsfe.org>2017-10-07 14:11:10 +0200
committervanitasvitae <vanitasvitae@fsfe.org>2017-10-07 14:11:10 +0200
commit990ee6c5d20d8a14a41679b7a878c31cb347a8cc (patch)
parent47c51bdce3cffc3d807b96fac7d90bd3d3438366 (diff)
Initial version of jet-omemo
1 files changed, 133 insertions, 0 deletions
diff --git a/inbox/jet-omemo.xml b/inbox/jet-omemo.xml
new file mode 100644
index 0000000..bd53b25
--- /dev/null
+++ b/inbox/jet-omemo.xml
@@ -0,0 +1,133 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE xep SYSTEM 'xep.dtd' [
+ <!ENTITY secret "&lt;secret/&gt;">
+ <!ENTITY % ents SYSTEM 'xep.ent'>
+<?xml-stylesheet type='text/xsl' href='xep.xsl'?>
+ <title>Jingle Encrypted Transports - OMEMO</title>
+ <abstract>Extension for JET introducing OMEMO End-to-End Encrypted Jingle Transports.</abstract>
+ <number>XXXX</number>
+ <status>ProtoXEP</status>
+ <type>Standards Track</type>
+ <sig>Standards</sig>
+ <approver>Council</approver>
+ <dependencies>
+ <spec>XEP-0391</spec>
+ <spec>XEP-0234</spec>
+ <spec>XEP-0384</spec>
+ </dependencies>
+ <supersedes/>
+ <supersededby/>
+ <shortname>jet-omemo</shortname>
+ <schemaloc>
+ <ns>jingle</ns>
+ <url>http://xmpp.org/schemas/jingle.xsd</url>
+ </schemaloc>
+ <schemaloc>
+ <ns>jingle:errors</ns>
+ <url>http://xmpp.org/schemas/jingle-errors.xsd</url>
+ </schemaloc>
+ <registry/>
+ <discuss>jingle</discuss>
+ <author>
+ <firstname>Paul</firstname>
+ <surname>Schaub</surname>
+ <email>vanitasvitae@riseup.net</email>
+ <jid>vanitasvitae@jabberhead.tk</jid>
+ </author>
+ <revision>
+ <version>0.0.1</version>
+ <date>2017-10-06</date>
+ <initials>vv</initials>
+ <remark><p>First draft</p></remark>
+ </revision>
+<section1 topic='Introduction' anchor='intro'>
+ <p>&xep0391; can be used to utilize different end-to-end encryption methods to secure Jingle Transports, eg. in the context of &xep0234;. This document aims to extend &xep0391; to allow the use of OMEMO encryption with Jingle transports. To achieve this goal, this protocol extension makes use of OMEMOs <link url='https://xmpp.org/extensions/xep-0384.html#usecases-keysend'>KeyTransportElements</link>.</p>
+<section1 topic='Mappings' anchor='mappings'>
+ <p>Conveniently the OMEMO protocol already provides a way to transport key material to another entity. So called KeyTransportElements are basically normal OMEMO MessageElements, but without a payload, so the contained key can be used for something else (See Section 4.6 of <cite>XEP-0384</cite>). This extension uses the key encrypted in the KeyTransportMessages &lt;key&gt; attribute and initialization vector from the &lt;iv&gt; attribute to secure Jingle Transports. The key corresponds to the <cite>Transport Key</cite> of <cite>XEP-0391</cite>, while the iv corresponds to the <cite>Initialization Vector</cite>. The KeyTransportMessage is the equivalent to the <cite>Envelope Element</cite>. Note that within the Envelope Element, the Transport Key is encrypted with the OMEMO ratchet.</p>
+<section1 topic='Limitaions' anchor='limitations'>
+ <p>Unfortunately &xep0384; determines the type of the transported key to be AES-128-GCM-NoPadding, so no other configuration can be used in the context of this extension.</p>
+ <p>Since OMEMO deviceIds are not bound to XMPP resources, the initiator MUST encrypt the Transport Key for every device of the recipient.</p>
+<section1 topic='Key Transport' anchor='transport'>
+ <p>In order to transport a key to the responder, the initiator creates a fresh AES-128-GCM-NoPadding Transport Key and Initialization Vector and generates an OMEMO KeyTransportElement from it as described in <cite>XEP-0384</cite>. This is then added as a child of the JET &lt;security&gt; element. The 'cipher' attribute MUST be set to 'aes-128-gcm-nopadding:0' (see the <link url='https://xmpp.org/extensions/xep-0391.html#ciphers'>ciphers</link> section of <cite>XEP-0391</cite>). The value of the 'type' attribute must be set to the namespace of the used version of <cite>XEP-0384</cite> &VNOTE;.</p>
+ <p></p>
+ <example caption="Romeo initiates an OMEMO encrypted file offer"><![CDATA[
+<iq from='romeo@montague.example/dr4hcr0st3lup4c'
+ id='nzu25s8'
+ to='juliet@capulet.example/yn0cl4bnw0yr3vym'
+ type='set'>
+ <jingle xmlns='urn:xmpp:jingle:1'
+ action='session-initiate'
+ initiator='romeo@montague.example/dr4hcr0st3lup4c'
+ sid='851ba2'>
+ <content creator='initiator' name='a-file-offer' senders='initiator'>
+ <description xmlns='urn:xmpp:jingle:apps:file-transfer:5'>
+ <file>
+ <date>1969-07-21T02:56:15Z</date>
+ <desc>This is a test. If this were a real file...</desc>
+ <media-type>text/plain</media-type>
+ <name>test.txt</name>
+ <range/>
+ <size>6144</size>
+ <hash xmlns='urn:xmpp:hashes:2'
+ algo='sha-1'>w0mcJylzCn+AfvuGdqkty2+KP48=</hash>
+ </file>
+ </description>
+ <transport xmlns='urn:xmpp:jingle:transports:s5b:1'
+ mode='tcp'
+ sid='vj3hs98y'>
+ <candidate cid='hft54dqy'
+ host=''
+ jid='romeo@montague.example/dr4hcr0st3lup4c'
+ port='5086'
+ priority='8257636'
+ type='direct'/>
+ </transport>
+ <security xmlns='urn:xmpp:jingle:jet:0'
+ name='a-file-offer'
+ cipher='urn:xmpp:ciphers:aes-128-gcm-nopadding'
+ type='eu.siacs.conversations.axolotl'>
+ <encrypted xmlns='eu.siacs.conversations.axolotl'>
+ <header sid='27183'>
+ <key rid='31415'>BASE64ENCODED...</key>
+ <key prekey="true" rid='12321'>BASE64ENCODED...</key>
+ <!-- ... -->
+ <iv>BASE64ENCODED...</iv>
+ </header>
+ </encrypted>
+ </security>
+ </content>
+ </jingle>
+ <p>The recipient decrypts the OMEMO KeyTransportElement to retrieve the Transport Secret. Transport Key and Initialization Vector are later used to encrypt/decrypt data as described in &xep0391;.</p>
+<section1 topic='Determining Support' anchor='support'>
+ <p>To advertise its support for JET-OMEMO, when replying to service discovery information ("disco#info") requests an entity MUST return URNs for any version of this extension, as well as of the JET extension that the entity supports -- e.g., "urn:xmpp:jingle:jet-omemo:0" for this version, or "urn:xmpp:jingle:jet:0" for &xep0391; &VNOTE;.</p>
+ <example caption="Service discovery information request"><![CDATA[
+<iq from='romeo@montague.example/dr4hcr0st3lup4c'
+ id='uw72g176'
+ to='juliet@capulet.example/yn0cl4bnw0yr3vym'
+ type='get'>
+ <query xmlns='http://jabber.org/protocol/disco#info'/>
+ <example caption="Service discovery information response"><![CDATA[
+<iq from='juliet@capulet.example/yn0cl4bnw0yr3vym'
+ id='uw72g176'
+ to='romeo@montague.example/dr4hcr0st3lup4c'
+ type='result'>
+ <query xmlns='http://jabber.org/protocol/disco#info'>
+ <feature var='urn:xmpp:jingle:jet:0'/>
+ <feature var='urn:xmpp:jingle:jet-omemo:0'/>
+ </query>
+ <p>In order for an application to determine whether an entity supports this protocol, where possible it SHOULD use the dynamic, presence-based profile of service discovery defined in &xep0115;. However, if an application has not received entity capabilities information from an entity, it SHOULD use explicit service discovery instead.</p>