lsd0012

LSD0012: CORE Authenticated Key Exchange (CAKE)
Log | Files | Refs
commit e29c35a2691c0f9c50b28d702e7605e0d0d9e0a6
parent 14942d7ab3903d15be0cb101cebab1c6f3c08664
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date:   Tue, 12 Nov 2024 12:48:23 +0100

minor fixes

Diffstat:

Mdraft-schanzen-cake.xml | 14++++++--------


1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/draft-schanzen-cake.xml b/draft-schanzen-cake.xml
@@ -230,7 +230,7 @@ MS       |                                               |
           I sends to R:
         </t>
         <ol>
-          <li>ReceiverHello &lt;- (c<sub>R</sub>,r<sub>I</sub>)</li>
+          <li>InitiatorHello &lt;- (c<sub>R</sub>,r<sub>I</sub>)</li>
           <li>(pk<sub>I</sub>,ServicesInfo)*ETS.</li>
         </ol>
         <t>
@@ -252,7 +252,7 @@ MS       |                                               |
         </t>
         <ol>
           <li>ReceiverHello &lt;- (c<sub>e</sub>,r<sub>R</sub>)</li>
-          <li>ReceiverFinished &lt;- HMAC(fk<sub>I</sub>, InitiatorHello...ReceiverKemCiphertext)</li>
+          <li>Create ReceiverFinished as per <xref target="wire_formats"/>.</li>
           <li>(ServicesInfo, c<sub>I</sub>, ReceiverFinished)*RHTS.</li>
           <li>Optionally, R may already send application data encrypted with RATS.</li>
         </ol>
@@ -264,10 +264,8 @@ MS       |                                               |
           <li>ss<sub>e</sub> &lt;- Decaps(sk<sub>e</sub>,c<sub>e</sub>)</li>
           <li>Generate IHTS and RHTS from <xref target="key_schedule"/> and decrypt ServicesInfo, c<sub>I</sub> and ReceiverFinished.</li>
           <li>ss<sub>I</sub> &lt;- Decaps(sk<sub>I</sub>,c<sub>I</sub>).</li>
-          <li>fk<sub>R</sub> &lt;- HKDF-Expand(MS, "r finished", NULL)</li>
-          <li>assert HMAC(fk<sub>R</sub>, InitiatorHello...ReceiverKemCiphertext) == ReceiverFinished</li>
-          <li>fk<sub>I</sub> &lt;- HKDF-Expand(MS, "i finished", NULL)</li>
-          <li>IteratorFinished &lt;- HMAC(fk<sub>I</sub>, InitiatorHello...ReceiverFinished)</li>
+          <li>Create ReceiverFinished as per <xref target="wire_formats"/> and check against decrypted payload.</li>
+          <li>Create IteratorFinished as per <xref target="wire_formats"/>.</li>
         </ol>
         <t>
           I sends to R:
@@ -427,8 +425,8 @@ ss_I -> HKDF-Extract = Master Secret (MS)
         </t>
         <ol>
           <li>fk<sub>R</sub> &lt;- HKDF-Expand(MS, "r finished", NULL)</li>
-          <li>RF &lt;- HMAC(fk<sub>R</sub>, InitiatorHello...ReceiverKemCiphertext)</li>
-          <li>ReceiverFinished &lt;- Enc(RHTS, RF)</li>
+          <li>ReceiverFinished &lt;- HMAC(fk<sub>R</sub>, InitiatorHello...ReceiverKemCiphertext)</li>
+          <li>(ReceiverFinished)*RHTS</li>
         </ol>
         </section>
     </section>