From: Sage Weil <sage@redhat.com>
Date: Fri, 3 Jun 2016 13:03:48 +0000 (-0400)
Subject: doc/dev/msgr2: drop confounder on *every* message
X-Git-Tag: v11.0.0~137^2~3
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=45766fed1864733c5216a7b50f11cce256338170;p=ceph.git

doc/dev/msgr2: drop confounder on *every* message

I don't think this is necessary.  Our signature and cipher state
includes prior messages, so as long as we have a confounded
start (a confounder in MSG_AUTH_DONE, in this case) then we are
in good shape.

Signed-off-by: Sage Weil <sage@redhat.com>
---

diff --git a/doc/dev/msgr2.rst b/doc/dev/msgr2.rst
index beab050e21e9..06ab8c8a76c2 100644
--- a/doc/dev/msgr2.rst
+++ b/doc/dev/msgr2.rst
@@ -77,6 +77,7 @@ where the payload is determiend by the tag.
 
 * TAG_AUTH_DONE::
     
+    confounder (block_size bytes of random garbage)
     __le64 flags
       FLAG_ENCRYPTED  1
       FLAG_SIGNED     2
@@ -89,25 +90,35 @@ where the payload is determiend by the tag.
 Message frame format
 --------------------
 
-Each frame can take one of two forms.  If FLAG_SIGNED or
-FLAG_ENCRYPTED has been specified and we have passed the
-authentication phase (i.e., we have already sent TAG_AUTH_DONE)::
+Each frame can take one of three forms.
 
-  confounder (block_size bytes of random garbage)
-  __le32 length
-  tag byte
-  payload
-  signature (sig_size bytes)
-  more confounder padding (to pad data from start of __le32 length out to block size)
+* If neither FLAG_SIGNED or FLAG_ENCRYPTED is specified, things are simple::
 
-Note that the padding ensures that the total frame (with or without
-the leading confounder) is a multiple of the auth method's block_size.
-This is usually something like 16 bytes.
+    tag byte
+    payload
 
-If neither FLAG_SIGNED or FLAG_ENCRYPTED is specified, things are simple::
+* If FLAG_SIGNED has been specified::
+
+    tag byte
+    payload
+    padding (pad data from before tag byte out to block size)
+    signature (sig_size bytes)
+
+  Here the padding just makes life easier for the signature.  It can be
+  random data to add additional confounder.  Note also that the
+  signature input must include some state from the session key and the
+  previous message.
+
+* If FLAG_ENCRYPTED has been specified::
+
+    tag byte
+    payload
+    padding (pad data from before tag byte out to block size)
+
+  Note that the padding ensures that the total frame is a multiple of
+  the auth method's block_size so that the message can be sent out over
+  the wire without waiting for the next frame in the stream.
 
-  tag byte
-  payload
     
 Message flow handshake
 ----------------------