Correct a couple of errors in the spec

* We only use 8-byte MACs
* The version byte is \x03, not \x01
This commit is contained in:
Richard van der Hoff 2016-05-18 18:16:46 +01:00
parent 2a09ccbd63
commit 9ac6ab0f1c

View file

@ -216,7 +216,7 @@ payload followed by a fixed length message authentication code.
| Version Byte | Payload Bytes | MAC Bytes | | Version Byte | Payload Bytes | MAC Bytes |
+--------------+------------------------------------+-----------+ +--------------+------------------------------------+-----------+
The version byte is ``"\x01"``. The version byte is ``"\x03"``.
The payload consists of key-value pairs where the keys are integers and the The payload consists of key-value pairs where the keys are integers and the
values are integers and strings. The keys are encoded as a variable length values are integers and strings. The keys are encoded as a variable length
@ -241,7 +241,7 @@ Cipher-Text 0x22 String The cipher-text, :math:`X_{i,j}`, of the message
=========== ===== ======== ================================================ =========== ===== ======== ================================================
The length of the MAC is determined by the authenticated encryption algorithm The length of the MAC is determined by the authenticated encryption algorithm
being used. (Olm version 1 uses HMAC-SHA-256, giving a MAC of 32 bytes). The being used. (Olm version 1 uses HMAC-SHA-256, truncated to 8 bytes). The
MAC protects all of the bytes preceding the MAC. MAC protects all of the bytes preceding the MAC.
Pre-Key Messages Pre-Key Messages
@ -256,7 +256,7 @@ length payload.
| Version Byte | Payload Bytes | | Version Byte | Payload Bytes |
+--------------+------------------------------------+ +--------------+------------------------------------+
The version byte is ``"\x01"``. The version byte is ``"\x03"``.
The payload uses the same key-value format as for normal messages. The payload uses the same key-value format as for normal messages.
@ -280,9 +280,10 @@ Version 1
~~~~~~~~~ ~~~~~~~~~
Version 1 of Olm uses AES-256_ in CBC_ mode with `PCKS#7`_ padding for Version 1 of Olm uses AES-256_ in CBC_ mode with `PCKS#7`_ padding for
encryption and HMAC-SHA-256_ for authentication. The 256 bit AES key, 256 bit encryption and HMAC-SHA-256_ (truncated to 64 bits) for authentication. The
HMAC key, and 128 bit AES IV are derived from the message key using 256 bit AES key, 256 bit HMAC key, and 128 bit AES IV are derived from the
HKDF-SHA-256_ using the default salt and an info of ``"OLM_KEYS"``. message key using HKDF-SHA-256_ using the default salt and an info of
``"OLM_KEYS"``.
.. math:: .. math::
@ -295,7 +296,7 @@ The plain-text is encrypted with AES-256, using the key :math:`AES\_KEY_{i,j}`
and the IV :math:`AES\_IV_{i,j}` to give the cipher-text, :math:`X_{i,j}`. and the IV :math:`AES\_IV_{i,j}` to give the cipher-text, :math:`X_{i,j}`.
Then the entire message (including the Version Byte and all Payload Bytes) are Then the entire message (including the Version Byte and all Payload Bytes) are
passed through HMAC-SHA-256, and the MAC is appended to the message. passed through HMAC-SHA-256. The first 8 bytes of the MAC are appended to the message.
IPR IPR
--- ---
@ -311,8 +312,8 @@ Acknowledgements
---------------- ----------------
The ratchet that Olm implements was designed by Trevor Perrin and Moxie The ratchet that Olm implements was designed by Trevor Perrin and Moxie
Marlinspike - details at https://github.com/trevp/axolotl/wiki. Olm is an Marlinspike - details at https://github.com/trevp/double_ratchet/wiki. Olm is
entirely new implementation written by the Matrix.org team. an entirely new implementation written by the Matrix.org team.
.. _`Curve25519`: http://cr.yp.to/ecdh.html .. _`Curve25519`: http://cr.yp.to/ecdh.html
.. _`Triple Diffie-Hellman`: https://whispersystems.org/blog/simplifying-otr-deniability/ .. _`Triple Diffie-Hellman`: https://whispersystems.org/blog/simplifying-otr-deniability/