From 22ff031a0c6a6250ad8993d8e1cc8743cfb001861dbc19420f47b0b3b90a5db1 Mon Sep 17 00:00:00 2001 From: Sergey Matveev Date: Sun, 21 Sep 2025 19:34:50 +0300 Subject: [PATCH] Pass CEK through the whole HKDF --- spec/cm/dem/kuznechik-ctr-hmac-kr | 2 +- spec/cm/dem/xchacha-krmr | 2 +- spec/cm/dem/xchapoly-krkc | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/spec/cm/dem/kuznechik-ctr-hmac-kr b/spec/cm/dem/kuznechik-ctr-hmac-kr index 97e57e2..ba002c9 100644 --- a/spec/cm/dem/kuznechik-ctr-hmac-kr +++ b/spec/cm/dem/kuznechik-ctr-hmac-kr @@ -4,7 +4,7 @@ CEK is 64 bytes long. Data is split on 128 KiB chunks, each of which is encrypted the following way: H = Streebog-512 - CK0 = CEK + CK{-1} = CEK CKi = HKDF-Expand(H, prk=HKDF-Extract(H, salt="", ikm=CK{i-1}), info="cm/encrypted/kuznechik-ctr-hmac-kr/kr") diff --git a/spec/cm/dem/xchacha-krmr b/spec/cm/dem/xchacha-krmr index 24ac072..ed6f54a 100644 --- a/spec/cm/dem/xchacha-krmr +++ b/spec/cm/dem/xchacha-krmr @@ -5,7 +5,7 @@ and 64 bytes long per-KEM/per-recipient random MAC key (prMACx). Data is split on 128 KiB chunks, each of which is encrypted the following way: H = BLAKE2b - CK0, prMACx0 = CEK || prMACx + CK{-1} || prMACx{-1} = CEK CKi = HKDF-Expand(H, prk=HKDF-Extract(H, salt="", ikm=CK{i-1}), info="cm/encrypted/xchacha-krmr/kr") diff --git a/spec/cm/dem/xchapoly-krkc b/spec/cm/dem/xchapoly-krkc index 7c0a58e..8cde867 100644 --- a/spec/cm/dem/xchapoly-krkc +++ b/spec/cm/dem/xchapoly-krkc @@ -4,7 +4,7 @@ CEK is 64 bytes long. Data is split on 128 KiB chunks, each of which is encrypted the following way: H = BLAKE2b - CK0 = CEK + CK{-1} = CEK CKi = HKDF-Expand(H, prk=HKDF-Extract(H, salt="", ikm=CK{i-1}), info="cm/encrypted/xchapoly-krkc/kr") -- 2.51.0