Actualize how encryption is performed

diff --git a/doc/eblob.texi b/doc/eblob.texi
index ff637e4fd0f0854715be7ae12c7323a0447fc105..74e6661021ff879bbfa312684c6bde892f4d8d9f 100644 (file)
--- a/doc/eblob.texi
+++ b/doc/eblob.texi
@@ -56,9 +56,16 @@ Eblob is an @url{https://tools.ietf.org/html/rfc4506, XDR}-encoded structure:
     BLAKE2b-256 MAC of encrypted blob
 @end multitable
 
-Blob's encryption is done using @url{https://cr.yp.to/chacha.html,
-ChaCha20} algorithm. Data is splitted on 128 KiB blocks. Each block is
-encrypted with increasing nonce counter. @code{balloon(BLAKE2b-256, S,
-T, P, salt, password)} gives the main key, that is fed to
-@url{https://blake2.net/, BLAKE2Xb} XOF Actual encryption key for
-ChaCha20 and authentication key for MAC are derived from that XOF.
+@enumerate
+@item generate the main key using @code{balloon(BLAKE2b-256, S, T, P,
+salt, password)}
+@item initialize @url{https://blake2.net/, BLAKE2Xb} XOF with generated
+main key and 96-byte output length
+@item feed @verb{|N N C P B 0x00 0x00 0x02|} magic number to XOF
+@item read 32-bytes of blob encryption key
+@item read 64-bytes of blob authentication key
+@item encrypt the blob using @url{https://cr.yp.to/chacha.html,
+ChaCha20}. Blob is splitted on 128 KiB blocks. Each block is encrypted
+with increasing nonce counter
+@item authenticate ciphertext with MAC
+@end enumerate

diff --git a/doc/pkt.texi b/doc/pkt.texi
index f577506b9bd4a672350bf1e074c2cb19b47a0018..0f5d693e50b992128c8e4d0afff6e38320faf374 100644 (file)
--- a/doc/pkt.texi
+++ b/doc/pkt.texi
@@ -68,8 +68,8 @@ storages and that are synchronized between TCP daemons.
 Each encrypted packet has the following header:
 
 @verbatim
-  +------------ HEADER -------------+   +-------- ENCRYPTED --------+
- /                                   \ /                             \
+  +------------ HEADER --------------------+   +-------- ENCRYPTED --------+
+ /                                          \ /                             \
 +--------------------------------------------+------------+----...-----------+------+
 | MAGIC | NICE | SENDER | RCPT | EPUB | SIGN | SIZE | MAC | CIPHERTEXT | MAC | JUNK |
 +-------------------------------------/------\------------+----...-----------+------+
@@ -130,15 +130,16 @@ When node A want to send encrypted packet to node B, it:
 @item takes remote node's exchange public key and performs
     Diffie-Hellman computation on this remote static public key and
     private ephemeral one
-@item derived ephemeral key is used as a key input to
-    @url{https://blake2.net/, BLAKE2Xb} XOF
-@item derives five session keys using output from the XOF above:
+@item derive the keys:
     @enumerate
-    @item "Size" encryption (for ChaCha20) key
-    @item "Size" authentication (for BLAKE2b-MAC) key
-    @item Payload encryption key
-    @item Payload authentication key
-    @item Optional pad generation key (for ChaCha20)
+    @item initialize @url{https://blake2.net/, BLAKE2Xb} XOF with
+    derived ephemeral key and 224-byte output length
+    @item feed @verb{|N N C P E 0x00 0x00 0x03|} magic number to XOF
+    @item read 32-bytes of "size" encryption key (for ChaCha20)
+    @item read 64-bytes of "size" authentication key (for BLAKE2b-MAC)
+    @item read 32-bytes of payload encryption key
+    @item read 64-bytes of payload authentication key
+    @item optionally read 32-bytes pad generation key (for ChaCha20)
     @end enumerate
 @item encrypts size, appends its ciphertext to the header
 @item appends MAC tag over that ciphertext