xchapoly is more correct

diff --git a/go/cm/enc/chapoly/dem.go b/go/cm/enc/chapoly/dem.go
index 220693d7493b986a437af86fb230379ea0363731a1948c62770d06045891c226..1c04c5e3634ffeb6c7f90a109af6f3aea14218af9bd37acebc0a7e8af5ab105b 100644 (file)
--- a/go/cm/enc/chapoly/dem.go
+++ b/go/cm/enc/chapoly/dem.go
@@ -33,7 +33,7 @@ const (
        ChunkLen      = 128 * 1024
        CommitmentLen = 32
        CEKLen        = blake2b.Size
-       DEMAlgo       = "chapoly-krkc"
+       DEMAlgo       = "xchapoly-krkc"
 )
 
 type keymat struct {
@@ -76,13 +76,13 @@ func do(
                var errHKDF error
                for {
                        key, errHKDF = hkdf.Expand(
-                               blake2bHash, ck, "cm/encrypted/chapoly-krkc/key",
+                               blake2bHash, ck, "cm/encrypted/xchapoly-krkc/key",
                                chacha20poly1305.KeySize)
                        if errHKDF != nil {
                                panic(errHKDF)
                        }
                        iv, errHKDF = hkdf.Expand(
-                               blake2bHash, ck, "cm/encrypted/chapoly-krkc/iv",
+                               blake2bHash, ck, "cm/encrypted/xchapoly-krkc/iv",
                                chacha20poly1305.NonceSizeX)
                        if errHKDF != nil {
                                panic(errHKDF)

diff --git a/spec/cm/dem-chapoly-krkc.texi b/spec/cm/dem-xchapoly-krkc.texi
similarity index 82%
rename from spec/cm/dem-chapoly-krkc.texi
rename to spec/cm/dem-xchapoly-krkc.texi
index 171b32a74b1c13fb628dab6b9f3d79960ce4266347a8739a2e0d23cd1fa5073b..b0ecb553ae0339dffb4415a3d9312f041c5c25fcb1e618be4df6ce67f2a39227 100644 (file)
--- a/spec/cm/dem-chapoly-krkc.texi
+++ b/spec/cm/dem-xchapoly-krkc.texi
@@ -1,9 +1,9 @@
-@node dem-chapoly-krkc
-@cindex dem-chapoly-krkc
+@node dem-xchapoly-krkc
+@cindex dem-xchapoly-krkc
 @nodedescription XChaCha20-Poly1305 with key ratcheting and key commitment DEM
 @subsubsection XChaCha20-Poly1305 with key ratcheting and key commitment DEM
 
-@code{cm/encrypted}'s @code{/dem/a} equals to "chapoly-krkc".
+@code{cm/encrypted}'s @code{/dem/a} equals to "xchapoly-krkc".
 
 CEK is 64 bytes long.
 Data is split on 128 KiB chunks, each of which is encrypted the following way:
@@ -11,8 +11,8 @@ Data is split on 128 KiB chunks, each of which is encrypted the following way:
 @verbatim
 CK0 = CEK
 CKi = HKDF-Extract(BLAKE2b, salt="", ikm=CK{i-1})
-KEY = HKDF-Expand(BLAKE2b, prk=CKi, info="cm/encrypted/chapoly-krkc/key")
-IV = HKDF-Expand(BLAKE2b, prk=CKi, info="cm/encrypted/chapoly-krkc/iv", len=24)
+KEY = HKDF-Expand(BLAKE2b, prk=CKi, info="cm/encrypted/xchapoly-krkc/key")
+IV = HKDF-Expand(BLAKE2b, prk=CKi, info="cm/encrypted/xchapoly-krkc/iv", len=24)
 if last chunk { IV[23] |= 0x01 } else { IV[23] &= 0xFE }
 CIPHERTEXT || TAG = XChaCha20-Poly1305(key=KEY, ad="", nonce=IV, data=chunk)
 COMMITMENT = BLAKE2b-256(KEY || IV || TAG)

diff --git a/spec/cm/encrypted.texi b/spec/cm/encrypted.texi
index a43c3547cbe7be386e92716bd02ce86aa0791248d546d80cabec903e85727c0e..42a06825432a89ac2eec7457a407bbe4ec12c25708e946ed59ec6ec27f715004 100644 (file)
--- a/spec/cm/encrypted.texi
+++ b/spec/cm/encrypted.texi
@@ -64,7 +64,7 @@ in KDF.
 @nodedescription Data encapsulation mechanisms
 @subsection Data encapsulation mechanisms
 
-@include cm/dem-chapoly-krkc.texi
+@include cm/dem-xchapoly-krkc.texi
 @include cm/dem-kuznechik-ctr-hmac-kr.texi
 
 @node KEM

diff --git a/tcl/schemas/encrypted.tcl b/tcl/schemas/encrypted.tcl
index 43f054f051bb39d9eed24a5a02c2793359d107f98abade911ed28a26c0bcfc5d..7a9117122f0e1209153ca7ac86d8c2b05c91c7990b0140ff747b18a5073acd5a 100644 (file)
--- a/tcl/schemas/encrypted.tcl
+++ b/tcl/schemas/encrypted.tcl
@@ -7,7 +7,7 @@ encrypted {
 
 dem {
     {field . {map}}
-    {field a {str} >0} {# chapoly-krkc}
+    {field a {str} >0} {# xchapoly-krkc}
                        {# kuznechik-ctr-hmac-kr}
 }