Whiteflag API Protocol Implementation
The Whiteflag protocol is implemented with a series of interdependent modules
that can be found under lib/protocol. These modules are:
| File | Purpose |
|---|---|
config.js |
Whiteflag protocol configuration parameters |
state.js |
Whiteflag protocol state management |
transmit.js |
Message transmit events chain functions |
receive.js |
Message receive events chain functions |
retrieve.js |
Message retrieval from datastores and blockchains |
codec.js |
Message encoding and decoding functions |
crypto.js |
Whiteflag cryptographic functions |
validation.js |
Message format, reference and originator verification functions |
authentication.js |
Whiteflag originator authentication functions |
management.js |
Whiteflag protocol management message handler functions |
Protocol specific configuration parameters are in whiteflag.toml which can be
found in the config/ directory. Static protocol data, such as json schemas
can be found under lib/protocol/static.
Message Format
The format of Whiteflag messages is verified against the protocol specification
by the validation.js module. To do this, the module uses the external
jsonschema library and the Whiteflag message schema provided with the
protocol. If the message format is valid, the parameter formatValid in the
metaheader is set to true, and otherwise to false.
Test Messages
Test message are supported. When testing on a main blockchain network, the
testMessagesOnly in the [tx] section of the whiteflag.toml configuration
file should be set to true to prevent the accidental transmission of real
messages.
Message References
The references of Whiteflag messages are verified against the protocol
specification by the validation.js module. To do this, the module first tries
to retrieve the referenced message using the retrieval.js module, and then
checks the refrenence against the Whiteflag message schema provided with the
protocol. If the message reference is valid, the parameter referenceValid in
the metaheader is set to true, and otherwise to false.
The verification of references may be skipped for all incoming and/or outgoing
messages by setting the rx.verifyReference and/or tx.verifyReference
configuration parameters to false, respectively. This should not be done for
operational use.
The reference of certain message types cannot be verified, and reference verification of those message is therefore always skipped:
K11andK12messages referencing encrypted messages- automatically generated outgoing messages
Message Originators
The originator of a Whiteflag message is verified against the list of known
originators in the state by the validation.js module. It checks if the
blockchain address of incoming messages is known and related to an
authenticated originator. If the message originator is valid, the parameter
originatorValid in the metaheader is set to true, and otherwise to false.
If the originator cannot be verified and the authentication.strict
configuration parameter is set to true, the message is dropped.
The verification of the originator may be skipped for all incoming messages by
setting the rx.verifyOriginator configuration parameter to false. This
should not be done for operational use.
The originator of certain message types cannot be verified, and originator verification of those message is therefore always skipped:
A1andA2messages, which are self-authenticing
Handling of Management Messages
The handling of management messages is done by management.js. This includes:
- further handling of authentication and cryptographic messages as required by the protocol specification after they have been processed in the rx event chain;
- automatic generation and transmission of messages as required by the protocol specification.
Specifically, this inludes:
- authentication of originators upon reception of authentication messages
- automatically sending ECDH public keys after an own authentication message
- processing received ECDH public keys to compute shared secret
- automatically sending initialisation vectors with encrypted messages
- processing received initialisation vectors
Authentication
The authenticity of an originator is validated with the information from
authentication messages. Incoming authentication messages are automatically
processed by the management.js module, which passes the authentication
information to the authentication.js module for validation.
The API has an endpoint to provide pre-shared secret authentication tokens for authentication method 2.
Validated originators are stored in the Whiteflag protocol state, through
the state.js module.
Encryption
The codec.js module always passes outgoing and incoming message to the
crypto.js module for encryption and decryption. If no encryption or
decrytpion is required, i.e. when the EncryptionIndicator in the message
header is set to 0, the crypto.js just passes the message to the
callback.
If the encyrption indicator is set to a valid value, the crypto module encrypts
or decrypts the message. The recipientAddress in the MetaHeader is used to
determine which encryption secret is to be used as input key material:
- for encryption method
1(negotiated key), the ECDH shared secret is used - for encryption method
2(pre-shared key), a pre-shared secret is used
The management.js module automatically sends ECDH public keys to negotiate
a shared secret when an authentication message is sent, except when the
authentication message is encrypted or sent under duress. The module also
handles incoming ECDH public keys.
The API has an endpoint to provide a pre-shared secret key for each originator.
Instead of specifing the recipient in the metaheader, the pre-shared key for
method 2 may also be provided with the encryptionKeyInput in the metaheader,
or otherwise the default key in config/whiteflag.toml is used.
The management.js module automatically sends initialisation vectors with
encrypted messages and also manages incoming initialisation vectors.