| IP |
|---|
| TCP |
| TLS |
| Qwitrum |
%% Well, there's nothing special in these layers. You may think, why wouldn't build a protocol on UDP to increase efficiency but there's several reasons:
- These days, TLS encryption is hardware accelerated
- TLS adds a Message Authentication Code (MAC) that protects messages from message corruption and in case if it fails to deliver correct packet - it terminates connection, so it's very unlikely that there's going to be corrupt data, so also there's no need So... Power and bandwidth savings would be insignificant%%
Upon TLS connection, client should calculate SHA-224 hash and compare it to the TXT DNS record linked to the domain client is connecting
Now our connection with server is established, lets begin the communication Client should be registered by the server administrator by adding their relation UID-public key (For MVP P256 ECDSA signatures are going to be used)
Client connects to server and server sends service information:
| Magic number | Protocol version | Random number (required for challenge-response) |
Time |
|---|---|---|---|
4 bytes 0xfe110ca5 |
1 byte | 4 bytes | 4 bytes |
If time differs more than 30 seconds, recommend user to correct time or contact server administrator and terminate connection from client side.
Client solves challenge:
| P256 ECDSA-Signed (Random number || Time) | UID |
|---|---|
| 64 bytes | 3 bytes |
Then server should give auth response
0x00AUTH_SUCCESS0x01AUTH_PK_VERIFY_FAILED0x02AUTH_USER_NOT_EXIST0x03AUTH_ACCOUNT_DISABLEDIn case ofAUTH_SUCCESS, connection state should be Authenticated and now it kind of normal mode, now you can invoke Client methods. Else it should be terminated or left intact.
Authorization procedure TTL is 10 seconds. If client or server doesn't manage to setup connection within such timespan or someone sends more data than it was planned (unless successful auth and switching to default mode), connection should be terminated or left intact.
All connection procedure takes RX (4+1+4+4)+(1)=14 bytes and TX (64+3)=67 bytes, 67+14=81 bytes in total, in a such flow its TCP RTT (1)+TLS 1.3 RTT (1)+Qwitrum Auth (1 RTT) = 3 RTTs so potentially, auth should be complete in 300ms with 100ms net ping.