Merge pull request #946 from jiftechnify/patch-nip44

Fix typos of NIP-44
This commit is contained in:
Vitor Pamplona 2023-12-29 17:40:47 -05:00 committed by GitHub
commit 98d7f1cd9c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

10
44.md
View File

@ -80,7 +80,7 @@ NIP-44 version 2 has the following design characteristics:
but won't leak the long-term key
3. Calculate message keys
- The keys are generated from `conversation_key` and `nonce`. Validate that both are 32 bytes long
- Use HKDF-expand, with sha256, `OKM=conversation_key`, `info=nonce` and `L=76`
- Use HKDF-expand, with sha256, `PRK=conversation_key`, `info=nonce` and `L=76`
- Slice 76-byte HKDF output into: `chacha_key` (bytes 0..32), `chacha_nonce` (bytes 32..44), `hmac_key` (bytes 44..76)
4. Add padding
- Content must be encoded from UTF-8 into byte array
@ -115,9 +115,9 @@ validation rules, refer to BIP-340.
- Validate length of base64 message to prevent DoS on base64 decoder: it can be in range from 132 to 87472 chars
- Validate length of decoded message to verify output of the decoder: it can be in range from 99 to 65603 bytes
3. Calculate conversation key
- See step 1 of (encryption)[#Encryption]
- See step 1 of [encryption](#Encryption)
4. Calculate message keys
- See step 3 of (encryption)[#Encryption]
- See step 3 of [encryption](#Encryption)
5. Calculate MAC (message authentication code) with AAD and compare
- Stop and throw an error if MAC doesn't match the decoded one from step 2
- Use constant-time comparison algorithm
@ -126,7 +126,7 @@ validation rules, refer to BIP-340.
7. Remove padding
- Read the first two BE bytes of plaintext that correspond to plaintext length
- Verify that the length of sliced plaintext matches the value of the two BE bytes
- Verify that calculated padding from step 3 of the (encryption)[#Encryption] process matches the actual padding
- Verify that calculated padding from step 3 of the [encryption](#Encryption) process matches the actual padding
### Details
@ -291,5 +291,5 @@ The file also contains intermediate values. A quick guidance with regards to its
- `valid.encrypt_decrypt`: emulate real conversation. Calculate pub2 from sec2, verify conversation_key from (sec1, pub2), encrypt, verify payload, then calculate pub1 from sec1, verify conversation_key from (sec2, pub1), decrypt, verify plaintext.
- `valid.encrypt_decrypt_long_msg`: same as previous step, but instead of a full plaintext and payload, their checksum is provided.
- `invalid.encrypt_msg_lengths`
- `invalid.get_conversation_key`: calculating converastion_key must throw an error
- `invalid.get_conversation_key`: calculating conversation_key must throw an error
- `invalid.decrypt`: decrypting message content must throw an error