Pass CEK through the whole HKDF

diff --git a/spec/cm/dem/kuznechik-ctr-hmac-kr b/spec/cm/dem/kuznechik-ctr-hmac-kr
index 97e57e247a6438aee973ffd6d717023ee72b70df689ede55c103cb815291edb6..ba002c98a3f0bfd6ee84cc16025e99f0f0b6aaf7a47e2891143e66916251c136 100644 (file)
--- a/spec/cm/dem/kuznechik-ctr-hmac-kr
+++ b/spec/cm/dem/kuznechik-ctr-hmac-kr
@@ -4,7 +4,7 @@ CEK is 64 bytes long.
 Data is split on 128 KiB chunks, each of which is encrypted the following way:
 
     H = Streebog-512
-    CK0 = CEK
+    CK{-1} = CEK
     CKi = HKDF-Expand(H,
         prk=HKDF-Extract(H, salt="", ikm=CK{i-1}),
         info="cm/encrypted/kuznechik-ctr-hmac-kr/kr")

diff --git a/spec/cm/dem/xchacha-krmr b/spec/cm/dem/xchacha-krmr
index 24ac07243a303477db1f526e2b234ee7fce8212e29ea8da3a1c7e1d11332af47..ed6f54a36b62bd1ec1788e0a4a8a90c6270a4859ea6c0ef19e2842fcb8a4dc5f 100644 (file)
--- a/spec/cm/dem/xchacha-krmr
+++ b/spec/cm/dem/xchacha-krmr
@@ -5,7 +5,7 @@ and 64 bytes long per-KEM/per-recipient random MAC key (prMACx).
 Data is split on 128 KiB chunks, each of which is encrypted the following way:
 
     H = BLAKE2b
-    CK0, prMACx0 = CEK || prMACx
+    CK{-1} || prMACx{-1} = CEK
     CKi = HKDF-Expand(H,
         prk=HKDF-Extract(H, salt="", ikm=CK{i-1}),
         info="cm/encrypted/xchacha-krmr/kr")

diff --git a/spec/cm/dem/xchapoly-krkc b/spec/cm/dem/xchapoly-krkc
index 7c0a58e51f1a6cfa799ed97905aea43ce6ec4741d69141777a9e222833320d44..8cde867940b85a75eb6c38388267b4ac660875b920e36428905de735e64df8e1 100644 (file)
--- a/spec/cm/dem/xchapoly-krkc
+++ b/spec/cm/dem/xchapoly-krkc
@@ -4,7 +4,7 @@ CEK is 64 bytes long.
 Data is split on 128 KiB chunks, each of which is encrypted the following way:
 
     H = BLAKE2b
-    CK0 = CEK
+    CK{-1} = CEK
     CKi = HKDF-Expand(H,
         prk=HKDF-Extract(H, salt="", ikm=CK{i-1}),
         info="cm/encrypted/xchapoly-krkc/kr")