mirror of
https://github.com/moparisthebest/xeps
synced 2024-11-24 18:22:24 -05:00
The HMAC has to be encrypted for each device using the Double Ratchet
This commit is contained in:
parent
f17f86418c
commit
98c541956a
@ -271,11 +271,11 @@
|
||||
</p>
|
||||
<ol>
|
||||
<li>Generate 16 bytes of cryptographically secure random data, called <tt>key</tt> in the remainder of this algorithm.</li>
|
||||
<li>Encrypt this key using the Double Ratchet as specified above, once for each intended recipient. This yields one OMEMOKeyExchange or OMEMOAuthenticatedMessage per recipient device.</li>
|
||||
<li>Use HKDF-SHA-256 to generate 80 bytes of output from the key by providing the key as HKDF input, 256 zero-bits as HKDF salt and "OMEMO Payload" as HKDF info.</li>
|
||||
<li>Divide the HKDF output into a 32-byte encryption key, a 32-byte authentication key and a 16 byte IV.</li>
|
||||
<li>Encrypt the plaintext using AES-256-CBC with PKCS#7 padding, using the encryption key and IV derived in the previous step.</li>
|
||||
<li>Calculate the HMAC-SHA-256 using the authentication key and the ciphertext from the previous steps.</li>
|
||||
<li>Concatenate the key and the HMAC, encrypt them using the Double Ratchet as specified above, once for each intended recipient. This yields one OMEMOKeyExchange or OMEMOAuthenticatedMessage per recipient device.</li>
|
||||
</ol>
|
||||
</section2>
|
||||
<section2 topic='Message Decryption' anchor='protocol-message_decryption'>
|
||||
@ -283,7 +283,7 @@
|
||||
The contents are decrypted by reversing the encryption steps.
|
||||
</p>
|
||||
<ol>
|
||||
<li>Decrypt the 16 bytes key from the OMEMOKeyExchange or OMEMOAuthenticatedMessage, encrypted using the Double Ratchet belonging to this device.</li>
|
||||
<li>Decrypt the key and HMAC from the OMEMOKeyExchange or OMEMOAuthenticatedMessage, encrypted using the Double Ratchet belonging to this device.</li>
|
||||
<li>Use HKDF-SHA-256 to generate 80 bytes of output from the key by providing the key as HKDF input, 256 zero-bits as HKDF salt and "OMEMO Payload" as HKDF info.</li>
|
||||
<li>Divide the HKDF output into a 32-byte encryption key, a 32-byte authentication key and a 16 byte IV.</li>
|
||||
<li>Verify the HMAC-SHA-256 using the authentication key derived in the previous step and the ciphertext.</li>
|
||||
|
Loading…
Reference in New Issue
Block a user