From 9859bbf44f82d4220dfb095ab009d91a037d40824bd604e7d8becae1b69e0d57 Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Fri, 28 Feb 2025 15:08:43 +0300
Subject: [PATCH] Proper keys generation with HKDF-Expand

---
 spec/cm/dem-kuznechik-ctr-hmac-kr.texi | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/spec/cm/dem-kuznechik-ctr-hmac-kr.texi b/spec/cm/dem-kuznechik-ctr-hmac-kr.texi
index 508a6f4..3e81787 100644
--- a/spec/cm/dem-kuznechik-ctr-hmac-kr.texi
+++ b/spec/cm/dem-kuznechik-ctr-hmac-kr.texi
@@ -11,8 +11,12 @@ Data is split on 128 KiB chunks, each of which is encrypted the following way:
 @verbatim
 CK0 = CEK
 CKi = HKDF-Extract(Streebog-512, salt="", ikm=CK{i-1})
-Kenc || Kauth || KauthTail = HKDF-Expand(
-    Streebog-512, prk=CKi, info="cm/encrypted/kuznechik-ctr-hmac-kr")
+Kenc = HKDF-Expand(Streebog-512, prk=CKi,
+    info="cm/encrypted/kuznechik-ctr-hmac-kr/enc")
+Kauth || KauthTail = HKDF-Expand(Streebog-512, prk=CKi,
+    info="cm/encrypted/kuznechik-ctr-hmac-kr/auth")
+KauthTail = HKDF-Expand(Streebog-512, prk=CKi,
+    info="cm/encrypted/kuznechik-ctr-hmac-kr/authTail")
 CT = Kuznechik-CTR(key=Kenc, ctr=0x00, data=chunk)
 CT || HMAC(Streebog-256, key={Kauth|KauthTail}, data=CT)
 @end verbatim
-- 
2.48.1