HMTFTP: HKDF-Derived TFTP with Optional AEAD Protection IUT R&T Béthune
France contact@c4tz.fr
Applications hmtftp tftp aead hkdf HMTFTP is a lightweight UDP file transfer protocol derived from TFTP that adds TLV-based negotiation and an optional AEAD protection mode for DATA payloads. This document requests IANA actions: assignment of a service name and UDP port, and creation of registries for TLV Types, OpCodes, and Ciphersuites.
HMTFTP extends TFTP () with TLV-based negotiation and optional AEAD protection. Cryptographic keys are derived using HKDF ().
HMTFTP reuses TFTP message types and semantics () and OACK ().
  • Dedicated UDP port assigned by IANA
  • TLV negotiation in RRQ/WRQ/OACK
  • Optional AEAD protection
HMTFTP runs over UDP. The port number is assigned by IANA. Implementations MUST allow configuration. Servers MAY respond from a different UDP port for the transfer.
TLVs MAY appear only in RRQ, WRQ, and OACK. TLVs MUST NOT appear in DATA, ACK, or ERROR. TLVs MUST be processed in the order received. Duplicate TLVs MUST cause rejection unless explicitly allowed. Unknown TLVs with Critical=1 MUST cause rejection. Unknown TLVs with Critical=0 MUST be ignored. TLVs MUST NOT influence cryptographic processing unless explicitly defined as such.
The AEAD algorithm used by this specification is AES-256-GCM, as defined in . IKM = PSK. salt = CNONCE || SNONCE. info = "hmtftp keys v1". OKM length = 44 octets.
nonce = iv_base[0..7] || uint32(n). The 64-bit prefix is derived via HKDF and unique per session. The 32-bit counter guarantees uniqueness within session, provided wrap is prevented. This construction ensures nonce uniqueness across sessions and within a session. Retransmissions MUST reuse identical nonce and ciphertext.
In AEAD mode, total UDP payload = 4-byte header + BLKSIZE + 16-byte tag. Implementations MUST ensure the datagram does not exceed path MTU. When unknown, total payload SHOULD NOT exceed 1200 bytes.
Block number wrap MUST NOT occur. Transfers MUST terminate before 65535 blocks.
IANA is requested to assign: This request follows the procedures in .
  • Service Name: hmtftp
  • Transport: udp
  • Port: TBD
IANA is requested to create registries for TLV Types, OpCodes, and Ciphersuites (Expert Review, ).
Without security mode, HMTFTP is vulnerable to spoofing and modification. Implementations SHOULD follow UDP usage guidance (). Downgrade attacks are possible if ENC_REQ is not marked Critical. Clients requiring AEAD MUST set Critical=1. Reflection and amplification attacks are possible. Implementations SHOULD limit response size prior to completing negotiation and SHOULD apply rate limiting. Nonce reuse in AES-GCM is catastrophic. Implementations MUST enforce uniqueness and block limits.
No interoperable public implementations are known. Provided in accordance with .