diff options
author | Thien-Thi Nguyen <ttn@gnuvola.org> | 2020-12-04 04:49:32 -0500 |
---|---|---|
committer | Thien-Thi Nguyen <ttn@gnuvola.org> | 2020-12-04 04:49:32 -0500 |
commit | 3cb2fdecfaa3193c42ca3648fb73df66810ce860 (patch) | |
tree | 2de6700a7ea73dce2bd77734b210554faad72bc1 /anastasis.rst | |
parent | 97b8feb3e1ffd8839fc3b01015b7684a199bb17b (diff) | |
download | docs-3cb2fdecfaa3193c42ca3648fb73df66810ce860.tar.gz docs-3cb2fdecfaa3193c42ca3648fb73df66810ce860.tar.bz2 docs-3cb2fdecfaa3193c42ca3648fb73df66810ce860.zip |
use ‘.. code-block:: none’ (22 instances)
Diffstat (limited to 'anastasis.rst')
-rw-r--r-- | anastasis.rst | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/anastasis.rst b/anastasis.rst index 1d34acd4..9773e959 100644 --- a/anastasis.rst +++ b/anastasis.rst @@ -145,7 +145,7 @@ determined by an adversary performing a targeted attack, as a user's likely also be available to other actors. -:: +.. code-block:: none kdf_id := Argon2( identifier, server_salt, keysize ) @@ -173,7 +173,7 @@ generate the corresponding public key. Here, "ver" is used as a salt for the HKDF to ensure that the result differs from other cases where we hash **kdf_id**. -:: +.. code-block:: none ver_secret := HKDF(kdf_id, "ver", keysize) eddsa_priv := eddsa_d_to_a(ver_secret) @@ -190,7 +190,7 @@ HKDF to ensure that the result differs from other cases where we hash **eddsa_d_to_a()**: Function which converts the ver_key to a valid EdDSA private key. Specifically, assuming the value eddsa_priv is in a 32-byte array "digest", the function clears and sets certain bits as follows: -:: +.. code-block:: none digest[0] = (digest[0] & 0x7f) | 0x40; digest[31] &= 0xf8; @@ -208,7 +208,7 @@ symmetric key and an initialization vector (IV). To ensure that the symmetric key changes for each encryption operation, we compute the key material using an HKDF over a nonce and the kdf_id. -:: +.. code-block:: none (iv,key) := HKDF(kdf_id, nonce, keysize + ivsize) @@ -248,7 +248,7 @@ the **key_share**. To ensure that the key derivation for the encryption of the **recovery document** differs fundamentally from that of an individual **key share**, we use different salts ("erd" and "eks" respectively). -:: +.. code-block:: none (iv0, key0) = HKDF(key_id, nonce0, "erd", keysize + ivsize) (encrypted_recovery_document, aes_gcm_tag) = AES256_GCM(recovery_document, key0, iv0) @@ -277,7 +277,7 @@ The EdDSA keys are used to sign the data sent from the client to the server. Everything the client sends to server is signed. The following algorithm is equivalent for **Anastasis-Policy-Signature**. -:: +.. code-block:: none (anastasis-account-signature) = eddsa_sign(h_body, eddsa_priv) ver_res = eddsa_verifiy(h_body, anastasis-account-signature, eddsa_pub) @@ -291,7 +291,7 @@ algorithm is equivalent for **Anastasis-Policy-Signature**. When requesting policy downloads, the client must also provide a signature: -:: +.. code-block:: none (anastasis-account-signature) = eddsa_sign(version, eddsa_priv) ver_res = eddsa_verifiy(version, anastasis-account-signature, eddsa_pub) |