Skip to content

Instantly share code, notes, and snippets.

@rustyrussell
Created December 13, 2016 05:37
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save rustyrussell/cba542949737494ed08ced3b724ef172 to your computer and use it in GitHub Desktop.
diff --git a/08-transport.md b/08-transport.md
index d8edcf6..72fb64a 100644
--- a/08-transport.md
+++ b/08-transport.md
@@ -130,7 +130,7 @@ The following functions will also be referenced:
* The returned value is the raw big-endian byte serialization of
`x-coordinate` (using affine coordinates) of the generated point.
- * `HKDF`: a function is defined in [5](#reference-5), evaluated with a
+ * `HKDF(salt,ikm)`: a function is defined in [5](#reference-5), evaluated with a
zero-length `info` field.
* All invocations of the `HKDF` implicitly return `64-bytes` of
cryptographic randomness using the extract-and-expand component of the
@@ -414,9 +414,8 @@ construction, and `16 bytes` for a final authenticating tag.
* where `zero` is a zero-length plaintext
- * `sk, rk = HKDF(ck, zero)`
- * where `zero` is a zero-length plaintext,
-
+ * `sk, rk = HKDF(ck, zero32)`
+ * where `zero32` is 32 zero bytes,
`sk` is the key to be used by the initiator to encrypt messages to the
responder,
@@ -465,9 +464,8 @@ construction, and `16 bytes` for a final authenticating tag.
terminate the connection without any further messages.
- * `rk, sk = HKDF(ck, zero)`
- * where `zero` is a zero-length plaintext,
-
+ * `rk, sk = HKDF(ck, zero32)`
+ * where `zero32` is 32 zero bytes,
`rk` is the key to be used by the responder to decrypt the messages sent
by the initiator,
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment