diff --git a/xep-0384.xml b/xep-0384.xml index 536a2448..8948c5fb 100644 --- a/xep-0384.xml +++ b/xep-0384.xml @@ -271,11 +271,11 @@

  1. Generate 16 bytes of cryptographically secure random data, called key in the remainder of this algorithm.
    2. -
  2. Encrypt this key using the Double Ratchet as specified above, once for each intended recipient. This yields one OMEMOKeyExchange or OMEMOAuthenticatedMessage per recipient device.
  3. Use HKDF-SHA-256 to generate 80 bytes of output from the key by providing the key as HKDF input, 256 zero-bits as HKDF salt and "OMEMO Payload" as HKDF info.
  4. Divide the HKDF output into a 32-byte encryption key, a 32-byte authentication key and a 16 byte IV.
  5. Encrypt the plaintext using AES-256-CBC with PKCS#7 padding, using the encryption key and IV derived in the previous step.
  6. Calculate the HMAC-SHA-256 using the authentication key and the ciphertext from the previous steps.
    7. +
  7. Concatenate the key and the HMAC, encrypt them using the Double Ratchet as specified above, once for each intended recipient. This yields one OMEMOKeyExchange or OMEMOAuthenticatedMessage per recipient device.
@@ -283,7 +283,7 @@ The contents are decrypted by reversing the encryption steps.

    -
  1. Decrypt the 16 bytes key from the OMEMOKeyExchange or OMEMOAuthenticatedMessage, encrypted using the Double Ratchet belonging to this device.
    2. +
  2. Decrypt the key and HMAC from the OMEMOKeyExchange or OMEMOAuthenticatedMessage, encrypted using the Double Ratchet belonging to this device.
  3. Use HKDF-SHA-256 to generate 80 bytes of output from the key by providing the key as HKDF input, 256 zero-bits as HKDF salt and "OMEMO Payload" as HKDF info.
  4. Divide the HKDF output into a 32-byte encryption key, a 32-byte authentication key and a 16 byte IV.
  5. Verify the HMAC-SHA-256 using the authentication key derived in the previous step and the ciphertext.