From ba487ab50ad5e8245585c88fa2a7492bf12f9859 Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Wed, 23 Aug 2017 00:07:16 +0100 Subject: [PATCH] server/keyset.c, server/tripe.h: Fix commentary for `ks_gen'. Part of the point of this interface is that we no longer assume that there are distinct secrecy and integrity keys. And, indeed, the `iiv' transform also has the IV-derivation blockcipher to deal with. --- server/keyset.c | 5 ++--- server/tripe.h | 5 ++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/server/keyset.c b/server/keyset.c index 2f2b550a..881cdd22 100644 --- a/server/keyset.c +++ b/server/keyset.c @@ -238,9 +238,8 @@ void ks_derivekey(octet *k, size_t ksz, const struct rawkey *rk, * the key material; between @k + x@ and @k + y@ is `your' * contribution; and between @k + y@ and @k + z@ is a shared * value we made together. These are used to construct two - * pairs of symmetric keys. Each pair consists of an encryption - * key and a message authentication key. One pair is used for - * outgoing messages, the other for incoming messages. + * collections of symmetric keys: one for outgoing messages, the + * other for incoming messages. * * The new key is marked so that it won't be selected for output * by @ksl_encrypt@. You can still encrypt data with it by diff --git a/server/tripe.h b/server/tripe.h index 6978bf28..d07823b8 100644 --- a/server/tripe.h +++ b/server/tripe.h @@ -975,9 +975,8 @@ extern void ks_derivekey(octet */*k*/, size_t /*ksz*/, * the key material; between @k + x@ and @k + y@ is `your' * contribution; and between @k + y@ and @k + z@ is a shared * value we made together. These are used to construct two - * pairs of symmetric keys. Each pair consists of an encryption - * key and a message authentication key. One pair is used for - * outgoing messages, the other for incoming messages. + * collections of symmetric keys: one for outgoing messages, the + * other for incoming messages. * * The new key is marked so that it won't be selected for output * by @ksl_encrypt@. You can still encrypt data with it by -- 2.11.0