Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix identation and remove some vestigial stuff from the key schedule. #310

Merged
merged 1 commit into from Mar 3, 2020
Merged

Fix identation and remove some vestigial stuff from the key schedule. #310

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
37 changes: 18 additions & 19 deletions draft-ietf-mls-protocol.md
View file
Open in desktop
Expand Up @@ -261,9 +261,7 @@ capitals, as shown here.
Client:
: An agent that uses this protocol to establish shared cryptographic
state with other clients. A client is defined by the
cryptographic keys it holds. An application or user may use one client
per device (keeping keys local to each device) or sync keys among
a user's devices so that each user appears as a single client.
cryptographic keys it holds.

Group:
: A collection of clients with shared cryptographic state.
Expand Down Expand Up @@ -1215,25 +1213,25 @@ The following general rules apply:

~~~~~
struct {
opaque group_id<0..255>;
uint64 epoch;
Sender sender;
ContentType content_type = commit;
Commit commit;
opaque group_id<0..255>;
uint64 epoch;
Sender sender;
ContentType content_type = commit;
Commit commit;
} MLSPlaintextCommitContent;

struct {
opaque confirmation<0..255>;
opaque signature<0..2^16-1>;
opaque confirmation<0..255>;
opaque signature<0..2^16-1>;
} MLSPlaintextCommitAuthData;

confirmed_transcript_hash_[n] =
Hash(interim_transcript_hash_[n-1] ||
MLSPlaintextCommitContent_[n]);
MLSPlaintextCommitContent_[n]);

interim_transcript_hash_[n] =
Hash(confirmed_transcript_hash_[n] ||
MLSPlaintextCommitAuthData_[n]);
MLSPlaintextCommitAuthData_[n]);
~~~~~

Thus the `confirmed_transcript_hash` field in a GroupContext object represents a
Expand Down Expand Up @@ -1306,10 +1304,10 @@ HKDF-Expand-Label(Secret, Label, Context, Length) =
Where HKDFLabel is specified as:

struct {
opaque group_context<0..255> = Hash(GroupContext_[n]);
uint16 length = Length;
opaque label<7..255> = "mls10 " + Label;
opaque context<0..2^32-1> = Context;
opaque group_context<0..255> = Hash(GroupContext_[n]);
uint16 length = Length;
opaque label<7..255> = "mls10 " + Label;
opaque context<0..2^32-1> = Context;
} HKDFLabel;

Derive-Secret(Secret, Label) =
Expand All @@ -1335,9 +1333,6 @@ proceeds as shown in the following diagram:

~~~~~
init_secret_[n-1] (or 0)
|
+--> Derive-Secret(. "group info", "")
| = group_info_secret
|
V
PSK (or 0) -> HKDF-Extract = early_secret
Expand Down Expand Up @@ -2678,6 +2673,10 @@ this RFC. ]]
MIT \\
kwonal@mit.edu

* Brendan McMillion \\
Cloudflare \\
brendan@cloudflare.com

* Eric Rescorla \\
Mozilla \\
ekr@rtfm.com
Expand Down