@ -244,8 +244,10 @@ namespace garlic
MixHash ( m_EphemeralKeys . GetPublicKey ( ) , 32 ) ; // h = SHA256(h || bepk)
uint8_t sharedSecret [ 32 ] ;
m_EphemeralKeys . Agree ( m_Aepk , sharedSecret ) ; // sharedSecret = x25519(besk, aepk)
i2p : : crypto : : HKDF ( m_CK , sharedSecret , 32 , " " , m_CK , 32 ) ; // chainKey = HKDF(chainKey, sharedSecret, "", 32)
m_EphemeralKeys . Agree ( m_RemoteStaticKey , sharedSecret ) ; // sharedSecret = x25519(besk, apk)
i2p : : crypto : : HKDF ( m_CK , sharedSecret , 32 , " " , m_CK ) ; // [chainKey, key] = HKDF(chainKey, sharedSecret, "", 64)
uint8_t nonce [ 12 ] ;
uint8_t nonce [ 12 ] ;
memset ( nonce , 0 , 12 ) ; // n = 0
// calulate hash for zero length
if ( ! i2p : : crypto : : AEADChaCha20Poly1305 ( sharedSecret /* can be anything */ , 0 , m_H , 32 , m_CK + 32 , nonce , out + offset , 16 , true ) ) // encrypt, ciphertext = ENCRYPT(k, n, ZEROLEN, ad)
@ -290,8 +292,10 @@ namespace garlic
MixHash ( bepk , 32 ) ; // h = SHA256(h || bepk)
uint8_t sharedSecret [ 32 ] ;
m_EphemeralKeys . Agree ( bepk , sharedSecret ) ; // sharedSecret = x25519(aesk, bepk)
i2p : : crypto : : HKDF ( m_CK , sharedSecret , 32 , " " , m_CK ) ; // [chainKey, key] = HKDF(chainKey, sharedSecret, "", 64)
uint8_t nonce [ 12 ] ;
i2p : : crypto : : HKDF ( m_CK , sharedSecret , 32 , " " , m_CK , 32 ) ; // chainKey = HKDF(chainKey, sharedSecret, "", 32)
GetOwner ( ) - > Decrypt ( bepk , sharedSecret , nullptr ) ; // x25519 (ask, bepk)
i2p : : crypto : : HKDF ( m_CK , sharedSecret , 32 , " " , m_CK ) ; // [chainKey, key] = HKDF(chainKey, sharedSecret, "", 64)
uint8_t nonce [ 12 ] ;
memset ( nonce , 0 , 12 ) ; // n = 0
// calulate hash for zero length
if ( ! i2p : : crypto : : AEADChaCha20Poly1305 ( buf , 0 , m_H , 32 , m_CK + 32 , nonce , sharedSecret /* can be anyting */ , 0 , false ) ) // decrypt, DECRYPT(k, n, ZEROLEN, ad) verification only
orignal
4 years ago