commit d69bd374691ad3e9d3438002cbf189e7dfb63d97
parent 2eca74793c79c0ff6f861d18c535b1221a96bc5b
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Wed, 23 Oct 2024 15:16:28 +0200
formatting
Diffstat:
1 file changed, 53 insertions(+), 53 deletions(-)
diff --git a/developers/apis/cong.rst b/developers/apis/cong.rst
@@ -78,10 +78,10 @@ We assume that the initiator knows pk\ :sub:`R` (pre-distributed through HELLO,
``I`` calculates:
-* (pk\ :sub:`e`,sk\ :sub:`e`) <- ``KeyGen``\ ()
-* (ss\ :sub:`R`,c\ :sub:`R`) <- ``Encaps``\ (pk\ :sub:`R`)
-* ``ES`` <- *HKDF-Extract*\ (ss\ :sub:`R`, 0)
-* ``ETS`` <- *HKDF-Expand*\ (``ES``, ``"early data"``, ``InitiatorHello``)
+* (pk\ :sub:`e`,sk\ :sub:`e`) <- *KeyGen*\ ()
+* (ss\ :sub:`R`,c\ :sub:`R`) <- *Encaps*\ (pk\ :sub:`R`)
+* **ES** <- *HKDF-Extract*\ (ss\ :sub:`R`, 0)
+* **ETS** <- *HKDF-Expand*\ (**ES**, ``"early data"``, ``InitiatorHello``)
``I`` sends to ``R`` (0.5 RTT):
@@ -99,28 +99,28 @@ We assume that the initiator knows pk\ :sub:`R` (pre-distributed through HELLO,
* ``InitiatorCert``:
- * *Enc*\ (``ETS``, cert [pk\ :sub:`I`])
+ * *Enc*\ (**ETS**, cert [pk\ :sub:`I`])
.. note:: We may encode capabilities/supported class in the *cert*
``R`` calculates:
* (ss\ :sub:`R`) <- Decaps(sk\ :sub:`R`, c\ :sub:`R`)
-* ``ES`` <- *HKDF-Extract*\ (ss\ :sub:`R`, 0)
-* ``ETS`` <- *HKDF-Expand*\ (``ES``, "early data", ``InitiatorHello``)
-* ``dES`` <- *HKDF-Expand*\ (``ES``, "derived", ``NULL``)
-* (ss\ :sub:`e`,c\ :sub:`e`) <- ``Encaps``\ (pk\ :sub:`e`)
-* ``HS`` <- *HKDF-Extract*\ (ss\ :sub:`e`, ``dES``)
-* ``IHTS`` <- *HKDF-Expand*\ (``HS``, "i hs traffic", ``InitiatorHello...ReceiverHello``)
-* ``RHTS`` <- *HKDF-Expand*\ (``HS``, "r hs traffic", ``InitiatorHello...ReceiverHello``)
-* ``dHS`` <- *HKDF-Expand*\ (``HS``, "derived", ``NULL``)
-* cert [pk\ :sub:`I`] <- *Dec*\ (``ETS``, ``InitiatorCert``)
+* **ES** <- *HKDF-Extract*\ (ss\ :sub:`R`, 0)
+* **ETS** <- *HKDF-Expand*\ (**ES**, "early data", ``InitiatorHello``)
+* **dES** <- *HKDF-Expand*\ (**ES**, "derived", ``NULL``)
+* (ss\ :sub:`e`,c\ :sub:`e`) <- *Encaps*\ (pk\ :sub:`e`)
+* **HS** <- *HKDF-Extract*\ (ss\ :sub:`e`, **dES**)
+* **IHTS** <- *HKDF-Expand*\ (**HS**, "i hs traffic", ``InitiatorHello...ReceiverHello``)
+* **RHTS** <- *HKDF-Expand*\ (**HS**, "r hs traffic", ``InitiatorHello...ReceiverHello``)
+* **dHS** <- *HKDF-Expand*\ (**HS**, "derived", ``NULL``)
+* cert [pk\ :sub:`I`] <- *Dec*\ (**ETS**, ``InitiatorCert``)
* (ss\ :sub:`I`,c\ :sub:`I`) <- ``Encaps``\ (pk\ :sub:`I`)
-* ``MS`` <- *HKDF-Extract*\ (ss\ :sub:`I`, ``dHS``)
-* fk\ :sub:`I` <- *HKDF-Expand*\ (``MS``, "i finished", ``NULL``)
-* fk\ :sub:`R` <- *HKDF-Expand*\ (``MS``, "r finished", ``NULL``)
-* ``RF`` <- ``HMAC``\ (fk\ :sub:`R`, ``InitiatorHello...ReceiverKemCiphertext``)
-* ``RATS`` <- *HKDF-Expand*\ (``MS``, "r ap traffic", ``InitiatorHello...ReceiverFinished``)
-* ``IF`` <- ``HMAC``\ (fk\ :sub:`I`, ``InitiatorHello...ReceiverFinished``)
+* **MS** <- *HKDF-Extract*\ (ss\ :sub:`I`, **dHS**)
+* fk\ :sub:`I` <- *HKDF-Expand*\ (**MS**, "i finished", ``NULL``)
+* fk\ :sub:`R` <- *HKDF-Expand*\ (**MS**, "r finished", ``NULL``)
+* ``RF`` <- *HMAC*\ (fk\ :sub:`R`, ``InitiatorHello...ReceiverKemCiphertext``)
+* **RATS** <- *HKDF-Expand*\ (**MS**, "r ap traffic", ``InitiatorHello...ReceiverFinished``)
+* ``IF`` <- *HMAC*\ (fk\ :sub:`I`, ``InitiatorHello...ReceiverFinished``)
``R`` sends to ``I`` (0.5 RTT):
@@ -131,69 +131,69 @@ We assume that the initiator knows pk\ :sub:`R` (pre-distributed through HELLO,
* Selected algs here?
* EncryptedExtensions
- * AEAD(SHTS, SupportedAlgs/Services?)
+ * *Enc*\ (**SHTS**, SupportedAlgs/Services?)
* ``ReceiverKemCiphertext``
- * AEAD(SHTS, c\ :sub:`I`)
+ * *Enc*\ (**SHTS**, c\ :sub:`I`)
* ``ReceiverFinished``
- * *Enc*\ (``RHTS``, ``RF``) (TLS1.3-style explicit authentication of receiver after 1RTT!)
+ * *Enc*\ (**RHTS**, ``RF``) (TLS1.3-style explicit authentication of receiver after 1RTT!)
* Payload:
- * Payload can be sent encrypted using ``RATS``.
+ * Payload can be sent encrypted using **RATS**.
``I`` computes:
* (ss\ :sub:`e`) <- *Decaps*\ (sk\ :sub:`e`, c\ :sub:`e`)
-* ``dES`` <- *HKDF-Expand*\ (``ES``, ``"derived"``, ``NULL``)
-* ``HS`` <- *HKDF-Extract*\ (ss\ :sub:`e`, dES)
-* ``IHTS`` <- *HKDF-Expand*\ (``HS``, "i hs traffic", ``InitiatorHello...ReceiverHello``)
-* ``RHTS`` <- *HKDF-Expand*\ (``HS``, "r hs traffic", ``InitiatorHello...ReceiverHello``)
-* ``dHS`` <- *HKDF-Expand*\ (``HS``, "derived", ``NULL``)
+* **dES** <- *HKDF-Expand*\ (**ES**, ``"derived"``, ``NULL``)
+* **HS** <- *HKDF-Extract*\ (ss\ :sub:`e`, dES)
+* **IHTS** <- *HKDF-Expand*\ (**HS**, "i hs traffic", ``InitiatorHello...ReceiverHello``)
+* **RHTS** <- *HKDF-Expand*\ (**HS**, "r hs traffic", ``InitiatorHello...ReceiverHello``)
+* **dHS** <- *HKDF-Expand*\ (**HS**, "derived", ``NULL``)
* (ss\ :sub:`I`) <- *Decaps*\ (sk\ :sub:`I`, c\ :sub:`I`)
-* ``MS`` <- *HKDF-Extract*\ (ss\ :sub:`I`, ``dHS``)
-* fk\ :sub:`I` <- *HKDF-Expand*\ (``MS``, "i finished", NULL)
-* fk\ :sub:`R` <- *HKDF-Expand*\ (``MS``, "r finished", NULL)
-* ``RF`` <- ``Dec``\ (RHTS, ``ReceiverFinished``)
-* assert *HMAC*\ (fk\ :sub:`R`, ``InitiatorHello...ReceiverKemCiphertext``) == RF
-* RATS <- *HKDF-Expand*\ (``MS``, "r ap traffic", ``InitiatorHello...ReceiverFinished``)
-* IF <- *HMAC*\ (fk\ :sub:`I`, ``InitiatorHello...ReceiverFinished``)
-* IATS <- *HKDF-Expand*\ (``MS``, "i ap traffic", ``InitiatorHello...InitiatorFinished``)
+* **MS** <- *HKDF-Extract*\ (ss\ :sub:`I`, **dHS**)
+* fk\ :sub:`I` <- *HKDF-Expand*\ (**MS**, "i finished", NULL)
+* fk\ :sub:`R` <- *HKDF-Expand*\ (**MS**, "r finished", NULL)
+* ``RF`` <- *Dec*\ (RHTS, ``ReceiverFinished``)
+* assert *HMAC*\ (fk\ :sub:`R`, ``InitiatorHello...ReceiverKemCiphertext``) == ``RF``
+* **RATS** <- *HKDF-Expand*\ (**MS**, "r ap traffic", ``InitiatorHello...ReceiverFinished``)
+* ``IF`` <- *HMAC*\ (fk\ :sub:`I`, ``InitiatorHello...ReceiverFinished``)
+* **IATS** <- *HKDF-Expand*\ (**MS**, "i ap traffic", ``InitiatorHello...InitiatorFinished``)
``I`` sends to ``R`` (1.5 RTT):
* ``InitiatorFinished``
- * AEAD(IHTS, IF)
+ * *Enc*\ (**IHTS**, ``IF``)
* Payload
- * Payload can be sent encrypted using ``IATS``.
- * Received payload can be decrypted using ``RATS``.
+ * Payload can be sent encrypted using **IATS**.
+ * Received payload can be decrypted using **RATS**.
``R`` computes:
-* IATS <- *HKDF-Expand*\ (``MS``, "i ap traffic", ``InitiatorHello...InitiatorFinished``)
+* IATS <- *HKDF-Expand*\ (**MS**, "i ap traffic", ``InitiatorHello...InitiatorFinished``)
* Payload
- * Received payload can be decrypted using ``IATS``.
+ * Received payload can be decrypted using **IATS**.
Glossary:
- * ``IATS``: Initiator Application Traffic Secret Key
- * ``RATS``: Receiver Application Traffic Secret Key
- * ``dES``: Derived Early Secret Key
- * ``dHS``: Derived Handshake Key
- * ``ES``: Early Secret Key
- * ``ETS``: Early Traffic Secret Key
- * ``HS``: Handshake Secret Key
- * ``MS``: Main Secret Key
- * ``ES``: Early Secret Key
- * ``IHTS``: Initiator Handshake Secret Key
- * ``RHTS``: Receiver Handshake Secret Key
+ * **IATS**: Initiator Application Traffic Secret Key
+ * **RATS**: Receiver Application Traffic Secret Key
+ * **dES**: Derived Early Secret Key
+ * **dHS**: Derived Handshake Key
+ * **ES**: Early Secret Key
+ * **ETS**: Early Traffic Secret Key
+ * **HS**: Handshake Secret Key
+ * **MS**: Main Secret Key
+ * **ES**: Early Secret Key
+ * **IHTS**: Initiator Handshake Secret Key
+ * **RHTS**: Receiver Handshake Secret Key
* ``Foo...Bar`` means the transcript of received/send messages from ``Foo`` until ``Bar``
