From 979b5cdf039a2bbc8792f5be519e21d4fc7296bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sof=C3=ADa=20Celi?= Date: Sun, 2 Jun 2019 22:55:14 +0200 Subject: [PATCH] Remove 'since_last_dh' from other parts of the protocol' --- architecture-decisions/005-brace-keys.md | 9 ++++----- modes/otrv4-standalone-mode.md | 3 --- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/architecture-decisions/005-brace-keys.md b/architecture-decisions/005-brace-keys.md index 04d5c5d..e8e3fb1 100644 --- a/architecture-decisions/005-brace-keys.md +++ b/architecture-decisions/005-brace-keys.md @@ -183,11 +183,10 @@ A new DH ratchet happens every time you: 2. When you receive a data message that advertises a new ECDH public key from the other party. -The state variable `since_last_dh` exists to keep track of the last time a DH -key was generated. It is increased every time a DH ratchet happens and set to -zero when the DH keys are generated. +The state variable `i` exists to keep track of the last time a DH key was +generated. It is increased every time a DH ratchet happens. -If `since_last_dh == 3` +If `i % 3 == 0` * Compute the new brace key from a DH computation e.g. `brace_key_i = KDF(usage_third_brace_key || DH(our_DH.secret, their_DH.public), 32)`. @@ -207,7 +206,7 @@ the DH public key in case they arrive in an out-of-order way or they are dropped **Alice or Bob receive the first message in a ratchet** -If `since_last_dh == 3`: +If `i % 3 == 0`: * Check that a new DH public key is attached to the message. diff --git a/modes/otrv4-standalone-mode.md b/modes/otrv4-standalone-mode.md index 9a3ea45..48752cb 100644 --- a/modes/otrv4-standalone-mode.md +++ b/modes/otrv4-standalone-mode.md @@ -159,7 +159,6 @@ Alice will be initiating the DAKE with Bob. * Calculates the SSID from shared secret: the first 8 bytes of `HWC(usage_SSID || K, 64)`. 1. Initializes the double-ratchet: - * Sets `since_last_dh` as 0. * Sets `i`, `j`, `k` `pn` as 0. * Sets `max_remote_i_seen` as -1. * Interprets `K` as the first root key (`prev_root_key`) by: @@ -191,7 +190,6 @@ Alice will be initiating the DAKE with Bob. * Derives new set of keys: `curr_root_key, chain_key_s[j] = derive_ratchet_keys(sending, prev_root_key, K)`. * Securely deletes the previous root key (`prev_root_key`) and `K`. - * Increments `since_last_dh = since_last_dh + 1`. * Increments `i = i + 1`. 1. Sends Bob the Auth-I message (see [Auth-I message](#auth-i-message) section). @@ -217,7 +215,6 @@ Alice will be initiating the DAKE with Bob. [Auth-I Message](../otrv4.md#auth-i-message) section. If the verification fails, rejects the message and does not send anything further. 1. Initializes the double-ratchet algorithm: - * Sets `since_last_dh` as 0. * Sets `i`, `j`, `k` and `pn` as 0. * Sets `max_remote_i_seen` as -1. * Interprets `K` as the first root key (`prev_root_key`) by: