]> Cypherpunks repositories - keks.git/commitdiff
projects / keks.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fd28400)
Proper keys generation with HKDF-Expand
authorSergey Matveev <stargrave@stargrave.org>
Fri, 28 Feb 2025 12:08:43 +0000 (15:08 +0300)
committerSergey Matveev <stargrave@stargrave.org>
Fri, 28 Feb 2025 13:54:25 +0000 (16:54 +0300)
spec/cm/dem-kuznechik-ctr-hmac-kr.texi patch | blob | history

diff --git a/spec/cm/dem-kuznechik-ctr-hmac-kr.texi b/spec/cm/dem-kuznechik-ctr-hmac-kr.texi
index 508a6f404405d91eba991d41ed1dd7df0ddf7085f45942af71736440b7e6664c..3e817875ed5bd4042581664c2b2fdffc5b6659dc8f84da00711a703ecf7b377d 100644 (file)
--- a/spec/cm/dem-kuznechik-ctr-hmac-kr.texi
+++ b/spec/cm/dem-kuznechik-ctr-hmac-kr.texi
@@ -11,8 +11,12 @@ Data is split on 128 KiB chunks, each of which is encrypted the following way:
 @verbatim
 CK0 = CEK
 CKi = HKDF-Extract(Streebog-512, salt="", ikm=CK{i-1})
-Kenc || Kauth || KauthTail = HKDF-Expand(
-    Streebog-512, prk=CKi, info="cm/encrypted/kuznechik-ctr-hmac-kr")
+Kenc = HKDF-Expand(Streebog-512, prk=CKi,
+    info="cm/encrypted/kuznechik-ctr-hmac-kr/enc")
+Kauth || KauthTail = HKDF-Expand(Streebog-512, prk=CKi,
+    info="cm/encrypted/kuznechik-ctr-hmac-kr/auth")
+KauthTail = HKDF-Expand(Streebog-512, prk=CKi,
+    info="cm/encrypted/kuznechik-ctr-hmac-kr/authTail")
 CT = Kuznechik-CTR(key=Kenc, ctr=0x00, data=chunk)
 CT || HMAC(Streebog-256, key={Kauth|KauthTail}, data=CT)
 @end verbatim
KEKS codec