commit 12b82dffcb8e21458fb16f37d907527ca756ab68 parent 628ea7b275bbfcb6879fd66caa6050a8ed14d97c Author: Martin Schanzenbach <mschanzenbach@posteo.de> Date: Sat, 1 May 2021 23:07:44 +0200 nonce length fix Diffstat:
| M | draft-schanzen-gns.xml | | | 13 | ++++--------- |
1 file changed, 4 insertions(+), 9 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml @@ -771,18 +771,13 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8) <xref target="RFC5869" />. Specifically, HMAC-SHA512 is used for the extraction phase and HMAC-SHA256 for the expansion phase. The output keying material is 32 octets (256 bits) for the symmetric - key and 4 octets (32 bits) for the NONCE. - The symmetric key "K" is a 256-bit ChaCha20 - <xref target="RFC7539" /> key. + key and 16 octets (128 bits) for the NONCE. + The symmetric key "K" is a 256-bit XSalsa20 + <xref target="XSalsa20" /> key. No additional authenticated data (AAD) is used. </t> <t> - The nonce is combined with a 64-bit initialization vector and a - 32-bit block counter. - The block counter begins with the value of 1, and it is incremented - to generate subsequent portions of the key stream. - The block counter is a 32-bit integer value treated as a 32-bit - little-endian integer. + The nonce is combined with an 8 octet initialization vector. The initialization vector is the expiration time of the resource record block in network byte order. The resulting counter ("IV") wire format is as follows: