
HiïŒ usernameïŒ ïŒ
ãã®äžçã®ãã¹ãŠããã©ãŠã¶ãäžå¿ã«å±éããŠããããã§ã¯ãªããTLSãåé·ã§ãããããŸã£ããé©çšã§ããªãç¶æ³ããããŸãã åžžã«èšŒææžãå¿ èŠãªããã§ã¯ãããŸãããéåžžã«å€ãã®å Žåãååãªéåžžã®å ¬ééµããããåãSSHã䜿çšããŸãã
ãããŠãIoTããããŸããããã§ã¯ãTLSãå šäœãšããŠããã·ã¥ããããšã¯äžè¬ã«ãæ°ã®åŒ±ã人ã«ãšã£ãŠã¯ã¿ã¹ã¯ã§ã¯ãããŸããã ãããŠããã©ã³ãµãŒã®åŸã®å šå¡ãéåžžã®HTTPãä»ããŠäºãã«éä¿¡ããããã¯ãšã³ãã ãããŠãP2Pãªã©ããŸããŸã...
å°ãåãŸã§ã Noise Protocol Frameworkä»æ§ããããã¯ãŒã¯ã«ç»å ŽããŸããã ããã¯åºæ¬çã«ãå®å šãªããŒã¿è»¢éã®ããã®ãããã³ã«èšèšè ã§ããããã³ãã·ã§ãŒã¯ã®æ®µéãšãã®åŸã®åäœãç°¡åãªèšèªã§èª¬æããŠããŸãã èè ã¯ãSignalã¡ãã»ã³ãžã£ãŒã®äž»èŠãªéçºè ã§ããTrevor Perrinã§ããããã€ãºèªäœã¯WhatsAppã§äœ¿çšãããŠããŸãã ãã®ããããã®ãããã³ã«ãã¬ãŒã ã¯ãŒã¯ã詳ãã調ã¹ã倧ããªçç±ããããŸããã
ãã®ã·ã³ãã«ããšç°¡æœãã®ãããã§ãç§ãã¡ã¯éåžžã«æ°ã«å ¥ã£ãŠãããã»ãã¥ãªãã£ãTLSãããå£ããªãããäœããã®ç¹ã§åãããŸã£ããæ°ãããããã¯ãŒã¯å±€ãããã³ã«ãšåããããã®ã£ãã·ã³ã°ããããšã«åºã¥ããŠæ±ºå®ããŸããã DEF CON 25ã§çºè¡šãããšãŠãæž©ããè¿ããããŸããã 圌ãšç§ãã¡ã«ã€ããŠè©±ãæãæ¥ãŸããã
ãŸããNoiseSocketèªäœã®ã³ã¢ã«ã€ããŠå°ã説æããŸãã
ãã€ãºãããã³ã«ãã¬ãŒã ã¯ãŒã¯
å®éãNoise Frameworkã§èª¬æãããŠãããããã³ã«ã¯ãéä¿¡ãããå ¬éããŒãšãããã«å¯ŸããŠå®è¡ãããDiffie-Hellmanæäœã®ã·ãŒã±ã³ã¹ã§ãã
ãã€ãºãããã³ã«ãã¬ãŒã ã¯ãŒã¯ã®äž»ãªèãæ¹ã¯ããã³ãã·ã§ã€ã¯äžã®ãã¹ãŠã®ã¢ã¯ã·ã§ã³ããããã³ã«ã®ç¶æ ã«ããããã£ãŠçµæãšããŠçããã»ãã·ã§ã³ããŒã«çµ¶å¯Ÿçã«åœ±é¿ãããšããããšã§ãã DHãã€ãŸããã³ãã·ã§ã€ã¯äžã«éä¿¡ãŸãã¯èæ ®ããããã¹ãŠã®è¿œå ããŒã¿ã¯ãããã·ã¥ã䜿çšããŠäžè¬çãªç¶æ ãšæ··åããããã®çµæãå ±éã®å¯Ÿç§°ããŒã圢æãããŸãã
ãããã¯ãã¹ãŠã3ã€ã®éšåã§æ§æãããåçŽãªç¶æ ã·ã¹ãã å ã§çºçããŸãã

ã¡ãªã¿ã«ãããããã»ãŠã©ã³ãããã§ã©ã®ããã«æ©èœãããã«ã€ããŠããªãç°¡åã«èªã£ãŠããè±èªã®ãããªããããŸãã
HandshakeStateã¯ãããŒã¯ã³ãšã¡ãã»ãŒãžã®åŠçãæ åœããŸãã
SymmetricStateã¯DHã®çµæãã察称ããŒãçæããæ°ããDHããšã«æŽæ°ããŸãã ãããã£ãŠãæåã®DHã®çŽåŸã«ãåŸç¶ã®ããŒã¿ïŒéçããŒããã€ããŒãïŒã¯ãäœããã®çš®é¡ã®å¯Ÿç§°ããŒã§æ¢ã«æå·åãããŠããŸãã
SymmetricState㯠ãããŒèªäœããªãã·ã§ã³ã®ããããŒã° ããããã³ã«åãªã©ã®è¿œå ããŒã¿ãããã·ã¥ããŸãã ããã«ããããããã³ã«ã¯å šäœçã§ãããããŒã¿è»¢éã®ãã¹ãŠã®æ®µéã§å€éšå¹²æžããä¿è·ãããŸãã
CipherStateã¯ãåçŽãªå¯Ÿç§°AEADæå·+ãã³ã¹ïŒã«ãŠã³ã¿ãŒïŒã§ãããäœããã®çš®é¡ã®ããŒã§åæåãããŸããããã¯ãæå·åé¢æ°ã®åŒã³åºãããšã«å¢å ããŸãã
ãã€ãºã®ãããã³ã«ã¯ããã¿ãŒã³ãã¡ãã»ãŒãžãããã³ããŒã¯ã³ã§æ§æãããç¹å¥ãªèšèªã§èšè¿°ãããŸãã

ããšãã°ãããã»ã¹ã®ãµãŒããŒãšã¯ã©ã€ã¢ã³ãã®éçããŒã亀æããããšã§å®å šãªæ¥ç¶ã確ç«ã§ãããããã³ã«ã®1ã€ãNoise_XXãèããŠã¿ãŸãããã
Noise_XX(s, rs):
-> e
<- e, ee, s, es
-> s, se
Noise_XXã¯ãã¿ãŒã³ã§ãã ã¡ãã»ãŒãžã®ã·ãŒã±ã³ã¹ãšãã®å 容ã«ã€ããŠèª¬æããŸãã
ïŒsãrsïŒã¯ãã¯ã©ã€ã¢ã³ããšãµãŒããŒãéçïŒ s ïŒããŒãã¢ã§åæåãããããšãæå³ããŸãã ãããã¯äžåºŠçæããããã®ã§ãã rã¯ãªã¢ãŒããè¡šããŸãã
ã芧ã®ãšãããç¢å°ã®ä»ãã3æ¬ã®ç·ããããŸãã 1è¡-1ã¡ãã»ãŒãžã ç¢å°ã¯ã誰ã誰ã«éä¿¡ããããæå³ããŸãã å³åŽã®å Žåã¯ãã¯ã©ã€ã¢ã³ãã¯ãµãŒããŒã«ãããã§ãªãå Žåã¯ãã®éã§ãã
åè¡ã¯ããŒã¯ã³ã§æ§æãããŸãã ãããã¯ãã³ã³ãã§åºåããã1ã€ãŸãã¯2ã€ã®æååŒã§ãã 1æåã®ããŒã¯ã³ã¯eãšsã®ã¿ã§ãããããããäžæå ¬éããŒãšéçå ¬éããŒãæå³ããŸãã ãšãã§ã¡ã©ã«ã¯æ¥ç¶ããšã«1åçæãããéçã«åå©çšå¯èœã§ãã
äžè¬ã«ããã€ãºã§ã¯ããã¹ãŠã®ãããã³ã«ã¯äžæããŒã®éä¿¡ããå§ãŸããŸãã ãããã£ãŠãPerfect Forward Secrecyãå®çŸããŸãã äžæçã§ãªãæå·ã¹ã€ãŒãããã¹ãŠãã£ã³ã»ã«ããããšãã«ãTLS 1.3ã§ã»ãŒåãããšãçºæãããŸããã
2æåã®ããŒã¯ã³ã¯ãã¯ã©ã€ã¢ã³ãããŒãšãµãŒããŒããŒã®ããããã®éã®Diffie-Hellmanãæå³ããŸãã ãæ³åã®ãšããã4ã€ã®ã¿ã€ãããããŸãã
ee ã es ã se ã ss ã DHãäœæãããããŒã«å¿ããŠãããŸããŸãªæ©èœãå®è¡ããŸãã ããšãã°ã eeã¯ããã©ã³ã¹ããŒãã»ãã·ã§ã³ã®æçµããŒãã©ã³ãã åããããã«å¿ èŠã§ãããéçããŒã®åå ã䌎ãDHã¯çžäºèªèšŒãæ åœããŸãã
ã芧ã®ãšããããã¿ãŒã³XXã§ã¯ãã¯ã©ã€ã¢ã³ãã®éçããŒããµãŒããŒã«æž¡ãããŸããéãåæ§ã§ãã ãããã£ãŠãããã§ã¯3ã€ã®ã¡ãã»ãŒãžã䜿çšãããŸãã ã¯ã©ã€ã¢ã³ããéçãµãŒããŒããŒãæã£ãŠãããšä»®å®ããŠïŒããšãã°ãXXãæåã«äœæãããšãïŒãã¡ãã»ãŒãžã®æ°ã2ã€ã«æžãããã¿ãŒã³ããããŸãã ããã«ã0-RTTãšåŒã°ããæåã®ã¡ãã»ãŒãžã§æå·åãããããŒã¿ãããã«éä¿¡ããããšãå¯èœã«ãªãããµãŒããŒããã®å¿çæéãççž®ãããŸãã

ãã€ããŒããåãã³ãã·ã§ã€ã¯ã¡ãã»ãŒãžã«è¿œå ã§ããŸãã ãããã¬ãã«ã®ãããã³ã«èšå®ãåã蚌ææžãããžã¿ã«çœ²åã®ã¿ãäžè¬çã«ã¯64kãã€ã以å ã§ããã°äœã§ãããŸããŸããã ãã¹ãŠã®ãã€ãºããã±ãŒãžã¯ãã®ãµã€ãºã«å¶éãããŠããŸãã ãã®ããã«è§£æãç°¡çŽ åãããé·ãã¯åžžã«2ãã€ãã«é 眮ãããã¡ã¢ãªãæäœãããããªããŸãã

ãã³ãã·ã§ã€ã¯ã®çµæãå®éã«ã¯ã以åã«çºçãããã¹ãŠã®DHã®çµæã§ãã察称ããŒã¯2ã€ãããããŸããã 1ã€ã¯ã¡ãã»ãŒãžã®éä¿¡çšããã1ã€ã¯åä¿¡çšã§ãã ãã¹ãŠããã®åŸãæå·åããããã±ãããéä¿¡ã§ããéä¿¡åŸã«æ¯åãã³ã¹ãã€ã³ã¯ãªã¡ã³ãããŸãã
ãã€ãºãããã³ã«ãã¿ãŒã³ã«å ããŠãåã±ãŒã¹ã§äœ¿çšããã¢ã«ãŽãªãºã ãç¹åŸŽã§ãã ä»æ§ã«ã¯ãDHãAEADãããã³ããã·ã¥ã®ã¢ã«ãŽãªãºã ããªã¹ããããŠããŸãã ããå€ãã®ãã€ãºã¯äœãå¿ èŠãšããŸããã
DHïŒCurve25519ãCurve448ã
AEADïŒAES-GCMãCchachaPoly1305ã
ããã·ã¥ïŒBlake2ãSHA2
ãã¹ãŠã®ããªããã£ãã¯éåžžã«é«éã§ãRSAããã®ä»ã®ãã¬ãŒããžã£ã³ã¯ã¯ãããŸããã ãã¡ãããå¿ èŠã«å¿ããŠãèªåã§ãããè¡ãããšãã§ããŸããã誰ãçŠæ¢ããŠããŸããã
ãã€ãºãœã±ãã
ãã®ãã¹ãŠã®çŸãããèŠãŠãããã次äžä»£ã®ãã©ã³ã¹ããŒããããã³ã«ã®åœ¹å²ã®çæ³çãªåè£ã§ããããšã«æ°ä»ããŸããã çµå±ã®ãšãããç®±ããåºããŠããã«ãå¿ èŠãªãã¹ãŠã®ã»ãã¥ãªãã£æ©èœãããã©ãŒãã³ã¹ãèªèšŒã¡ã«ããºã ãå°ç¡ãã«ããæ©èœããããŸãã ãŸããäºæž¬ãããã³ãŒããµã€ãºã«ãããæå°ã®ããã€ã¹ããã§ãéåžžã®å®å šãªæ¥ç¶ãäœæã§ããŸãã ãããŠåœŒãã¯èãå§ããŸããã
ç§ãGoã§æžããæåã®PoCã¯ãæ°ãã2017幎é ã®ã©ããã§ãã å ã®ãã€ãºã«ã¯ã»ãšãã©äœãè¿œå ãããããã±ããã®é·ãã®ã¿ãè¿œå ãããŸããã ç§ã¯ãããã¿ããªã«èŠããŠã Noise Mailing Listã«æžããŠã6ææ«ãŸã§ã«ãããå€ãã®ãã©ãããã©ãŒã ã«å®è£ ã§ããå ±éç¹ã«ãã£ãšå°éããŸããã
ããã§ããã€ãºã«äœãè¿œå ããããšã«ãªããŸãããïŒ é·ãäŒè©±ãšæ°åã®ãªãã·ã§ã³ã®åŸãæ¬è³ªçã«æ®ã£ãŠããããšã3ã€ã ããããŸããã
- 亀æžããŒã¿
- ããã£ã³ã°
- åŠçã«ãŒã«
亀æžããŒã¿
ããã¯ãå¿ èŠãªãã®ãäœã§ãå ¥ããããšãã§ãããã€ãã®ã»ããã§ãã ã¯ã©ã€ã¢ã³ããšãµãŒããŒéã®ã¢ã«ãŽãªãºã ãšãã¿ãŒã³ã調æŽããããã«å¿ èŠã§ãã ãã®ããŒãžã§ã³ã§ã¯ã次ã®ããã«ãªããŸãã

ããã6ãã€ãã§ããããµãŒããŒãåä¿¡ãããã€ãºã¡ãã»ãŒãžã®åŠçæ¹æ³ãç解ããã«ã¯ããã§ååã§ãã
ããã£ã³ã°
圌ãæçµä»æ§ã«ããããšããšãŠãå¬ããæããŸãããããªããšã誰ããèªåã§çºæããªããã°ãªããŸããã ããã¯ããã±ãŒãžã®é 眮ã§ããããã«ãããå®éã®ãµã€ãºãé ãã埩å·åãè¡ããªããŠãå 容ãæšæž¬ãããã®ãé²ãããšãã§ããŸãã ããã¯ãå®éã®ãã±ãããµã€ãºã瀺ãè¿œå ã®2ãã€ãã®åææå·åããŒã¿ãšããŠå®è£ ãããŸãã ããšã¯ãŽããæšãŠãã ãã§ãã

åŠçã«ãŒã«
ãããã¯ããµãŒããŒãã¯ã©ã€ã¢ã³ãããã¡ãã»ãŒãžãåä¿¡ããå ŽåããŸãã¯ãã®éã®å Žåã«ãµãŒããŒãã¯ã©ã€ã¢ã³ãã«ã©ã®ããã«å¿çãããããç解ãããå¥ã®ãããã³ã«ã«åãæ¿ããããã瀺ãç°¡åãªã«ãŒã«ã§ãã
ãªãã§ïŒ
Virgilã«ã¯ç¬èªã®PKIãããã蚌ææžã䜿çšããã«å ¬éããŒã䜿çšããŠããã«å®å šãªæ¥ç¶ã確ç«ããäžããå床æ€èšŒããæ©èœãæ¬åœã«äžè¶³ããŠããŸããã ãããŠä»ã NGINXã¢ãžã¥ãŒã«ãäœæãã NoiseSocketãä»ããŠããã¯ãšã³ãå šäœã«ãµãŒãã¹ãæäŸããéçããŒã®ããžã¿ã«çœ²åãè¿œå ã§ããŸãã
NoiseSocketã«åãæ¿ããã«ã¯ããã¹ãŠãå€æŽããå¿ èŠããããšæãããŸããïŒ ããããéããŸãã
Goã§èšè¿°ãããã§ã«HTTPãµãŒãã¹ãããå Žåã¯ãã¯ã©ã€ã¢ã³ãã®DialTLSã¡ãœããã眮ãæãããµãŒããŒããªãã¹ã³ããã ãã§ãä»ã®ãã¹ãŠã¯TLSã§æ©èœãããšèããã§ãããã ããã¯ããã¹ãŠå®è£ ããGoã©ã€ãã©ãªã®ãããã§ãã

ãã¡ãããã³ãŒããšä»æ§ã«ã¯ãŸã å€ãã®äœæ¥ããããŸãããå°çãTLSã«ä»£ãããã®ããããŸãïŒ
ãããªãã¯ããŒã®ã¿ã䜿çšããŠ2ã€ã®ããŒãéã«å®å šãªãªã³ã¯ãæ§ç¯ããå Žåãç¬èªã®äœããäœæããå¿ èŠã¯ãããŸããã ããŒããå ¬éããŒã«ãã£ãŠèå¥ãããããšãå€ãTorãi2pããããã³ã€ã³ã¯ãæ·»å ç©ãªãã§ããã«NoiseSocketã䜿çšã§ããŸãã
SSHãVPNãããããçš®é¡ã®ãã³ãã«ã¯ãéçããŒã®ããžã¿ã«çœ²åãè¿œå ããopensslãèªåèªèº«ã«ãã©ãã°ããããšãªããæå°éã®ãªãŒããŒãããã§æ¬æ Œçãªå®å šãªãªã³ã¯ãååŸã§ããŸããLibsodiumãŸãã¯Naclãå®è¡ããããšãã§ããŸãã
ãã¡ãããã³ã³ãã€ã«ãããæå·ããªããã£ãã®æŠç®ãµã€ãºã¯ã¢ãŒããã¯ãã£ã«ãã£ãŠç°ãªããŸãããNoiseSocketã®æå°éã®å®è£ ã§30ãããã€ããŸãã¯20ãããã€ãã«ãåãŸãããšãæåŸ ãããŸãã ç§å¯éµãããŒããŠã§ã¢ã§é ç·ãããŠããããã€ã¹ã§ã¯ããã®ãœãªã¥ãŒã·ã§ã³ã«ã¯ç¹å¥ãªä»£æ¿æ段ããããŸããã
ãããã«
TLS 1.3ã«ã¯å€§ããªæåŸ ããããŸãããããã¯ããã€ãºã®ããã«ããã³ãã·ã§ã€ã¯ã©ãŠã³ãããªããã8-9ãã3ã«åæžããã25519ãè¿œå ãããããã§ãã
第äžã«ã圌ãã¯èšŒææžãªãã§ãåã«ããŒã«ãã£ãŠæ©èœããæ©èœãè¿œå ããªãããšã«æ±ºããŸãããããã®ãããªææ¡ããããŸããã
第äºã«ãed25519蚌ææžã¯ãã€è¡šç€ºããããäžæã§ãããNoiseã§ã¯ä»æ¥25519眲åã䜿çšã§ããŸãã
ããã«ããã€ãºã®ãã¿ãŒã³ã®1ã€ã§ããIKïŒ0-RTTïŒã¯ãWireGuard VPNã®äœæè ããæ£åŒãªæ£åœæ§ã®èšŒæ ãåãåããæ£ããéžæãžã®èªä¿¡ã匷ããŸããã
NoiseSocketã®ä»æ§ã«æ £ããŠããããšããå§ãããŸããäžéšã®ãããžã§ã¯ãã§ã¯ãTLSãããé©ããŠãããšç¢ºä¿¡ããŠããŸãã ãã®éãç§ãã¡ã¯ããªãã®ã³ã¡ã³ããåŸ ã£ãŠããŸãã
åç §è³æ
ãã€ãºãœã±ããä»æ§
Github
ãã€ãºãããã³ã«ãã¬ãŒã ã¯ãŒã¯ã®ä»æ§