potto216
commented
2 weeks ago kdf_ck_v2 has the modification. Eventually replace kdf_ck with kdf_ck_v2.
Closed potto216 closed 2 weeks ago
potto216
commented
2 weeks ago kdf_ck_v2 has the modification. Eventually replace kdf_ck with kdf_ck_v2.
The Signal protocol page says for the kdf_ck function
KDF_CK(ck): HMAC [2] with SHA-256 or SHA-512 [8] is recommended, using ck as the HMAC key and using separate constants as input (e.g. a single byte 0x01 as input to produce the message key, and a single byte 0x02 as input to produce the next chain key). KDF_CK(ck): Returns a pair (32-byte chain key, 32-byte message key) as the output of applying a KDF keyed by a 32-byte chain key ck to some constant.
So modify the function so a single byte 0x01 as input to produce the message key, and a single byte 0x02 as input to produce the next chain key.