From: Sergey Matveev <stargrave@stargrave.org>
Date: Fri, 28 Feb 2025 12:08:43 +0000 (+0300)
Subject: Proper keys generation with HKDF-Expand
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=9859bbf44f82d4220dfb095ab009d91a037d40824bd604e7d8becae1b69e0d57;p=keks.git

Proper keys generation with HKDF-Expand
---

diff --git a/spec/cm/dem-kuznechik-ctr-hmac-kr.texi b/spec/cm/dem-kuznechik-ctr-hmac-kr.texi
index 508a6f4..3e81787 100644
--- a/spec/cm/dem-kuznechik-ctr-hmac-kr.texi
+++ b/spec/cm/dem-kuznechik-ctr-hmac-kr.texi
@@ -11,8 +11,12 @@ Data is split on 128 KiB chunks, each of which is encrypted the following way:
 @verbatim
 CK0 = CEK
 CKi = HKDF-Extract(Streebog-512, salt="", ikm=CK{i-1})
-Kenc || Kauth || KauthTail = HKDF-Expand(
-    Streebog-512, prk=CKi, info="cm/encrypted/kuznechik-ctr-hmac-kr")
+Kenc = HKDF-Expand(Streebog-512, prk=CKi,
+    info="cm/encrypted/kuznechik-ctr-hmac-kr/enc")
+Kauth || KauthTail = HKDF-Expand(Streebog-512, prk=CKi,
+    info="cm/encrypted/kuznechik-ctr-hmac-kr/auth")
+KauthTail = HKDF-Expand(Streebog-512, prk=CKi,
+    info="cm/encrypted/kuznechik-ctr-hmac-kr/authTail")
 CT = Kuznechik-CTR(key=Kenc, ctr=0x00, data=chunk)
 CT || HMAC(Streebog-256, key={Kauth|KauthTail}, data=CT)
 @end verbatim