Better encrypt/decrypt diagram

sframe-wg · Dec 5, 2023 · 1e49e47 · 1e49e47
1 parent ff2be4a
commit 1e49e47
Showing 1 changed file with 76 additions and 33 deletions.
diff --git a/draft-ietf-sframe-enc.md b/draft-ietf-sframe-enc.md
@@ -488,39 +488,42 @@ before packetizing it, the necessary media metadata will be moved out of the
 encoded frame buffer, to be sent in some channel visible to the SFU (e.g., an
 RTP header extension).
 
-~~~ aasvg
-
-   +----------------+  +---------------+
-   |    metadata    |  |               |
-   +-------+--------+  |               |
-           |           |   plaintext   |
-           |           |               |
-           |           |               |
-           |           +-------+-------+
-           |                   |
-header ----+------------------>| AAD
-+-----+                        |
-|  S  |                        |
-+-----+                        |
-| KID +--+--> sframe_key ----->| Key
-|     |  |                     |
-|     |  +--> sframe_salt --+  |
-+-----+                     |  |
-| CTR +---------------------+->| Nonce
-|     |                        |
-|     |                        |
-+-----+                        |
-   |                       AEAD.Encrypt
-   |                           |
-   |     +---------------+     |
-   +---->| SFrame Header |     |
-         +---------------+     |
-         |               |     |
-         |               |<----+
-         |   ciphertext  |
-         |               |
-         |               |
-         +---------------+
+~~~~~ aasvg
+                                  +---------------+
+                                  |               |
+                                  |               |
+                                  |   plaintext   |
+                                  |               |
+                                  |               |
+                                  +-------+-------+
+                                          |
+        .- +-----+                        |
+       |   |     +--+--> sframe_key ----->| Key
+Header |   | KID |  |                     |
+       |   |     |  +--> sframe_salt --+  |
+    +--+   +-----+                     |  |
+    |  |   |     +---------------------+->| Nonce
+    |  |   | CTR |                        |
+    |  |   |     |                        |
+    |   '- +-----+                        |
+    |                                     |
+    |          +----------------+         |
+    |          |    metadata    |         |
+    |          +-------+--------+         |
+    |                  |                  |
+    +------------------+----------------->| AAD
+    |                                     |
+    |                                AEAD.Encrypt
+    |                                     |
+    |               +---------------+     |
+    +-------------->| SFrame Header |     |
+                    +---------------+     |
+                    |               |     |
+                    |               |<----+
+                    |   ciphertext  |
+                    |               |
+                    |               |
+                    +---------------+
 ~~~~~
 {: title="Encryption flow" }
 
@@ -558,6 +561,46 @@ other reason, the client MUST discard the ciphertext. Invalid ciphertexts SHOULD
 discarded in a way that is indistinguishable (to an external observer) from having
 processed a valid ciphertext.
 
+~~~~~ aasvg
+                    +---------------+
+    +---------------| SFrame Header |
+    |               +---------------+
+    |               |               |
+    |               |               |-----+
+    |               |   ciphertext  |     |
+    |               |               |     |
+    |               |               |     |
+    |               +---------------+     |
+    |                                     |
+    |   .- +-----+                        |
+    |  |   |     +--+--> sframe_key ----->| Key
+    |  |   | KID |  |                     |
+    |  |   |     |  +--> sframe_salt --+  |
+    +->+   +-----+                     |  |
+    |  |   |     +---------------------+->| Nonce
+    |  |   | CTR |                        |
+    |  |   |     |                        |
+    |   '- +-----+                        |
+    |                                     |
+    |          +----------------+         |
+    |          |    metadata    |         |
+    |          +-------+--------+         |
+    |                  |                  |
+    +------------------+----------------->| AAD
+                                          |
+                                     AEAD.Decrypt
+                                          |
+                                          V
+                                  +---------------+
+                                  |               |
+                                  |               |
+                                  |   plaintext   |
+                                  |               |
+                                  |               |
+                                  +---------------+
+~~~~~
+{: title="Decryption flow" }
+
 ## Cipher Suites
 
 Each SFrame session uses a single cipher suite that specifies the following