[noise] Wrong arguments for KDF in PSK mode
Jason A. Donenfeld
Jason at zx2c4.com
Thu Apr 21 09:58:12 PDT 2016
Hi Trevor,
In PSK mode, for NoiseIK (and similar), the first two calculations
wind up being:
ck, temp = KDF("NoisePSK_IK_blablabla", psk)
h = HASH(HASH(HASH("NoisePSK_IK_blablabla" || prologue) || temp) || static_pub)
The first line is somewhat problematic, because psk -- a key value --
is used as the input parameter, and not as the key parameter. These
arguments should be reversed:
ck, temp = KDF(psk, "NoisePSK_IK_blablabla")
That way, the psk is the key value. Some KDFs have issues when the key
parameter is made public.
Thanks,
Jason
More information about the Noise
mailing list