diff --git a/liblsl/include/lsl_security.h b/liblsl/include/lsl_security.h index 7d88073..8fe9f9d 100644 --- a/liblsl/include/lsl_security.h +++ b/liblsl/include/lsl_security.h @@ -11,7 +11,7 @@ * * Security Model: * - Ed25519 for device identity and signatures - * - X25519 + HKDF for session key derivation + * - X25519 + BLAKE2b for session key derivation * - ChaCha20-Poly1305 for authenticated encryption * - Unified security: all-secure or all-insecure network * diff --git a/liblsl/src/lsl_security.h b/liblsl/src/lsl_security.h index 34096c5..a18987f 100644 --- a/liblsl/src/lsl_security.h +++ b/liblsl/src/lsl_security.h @@ -19,10 +19,7 @@ namespace lsl { namespace security { // Internal constants -constexpr size_t HKDF_CONTEXT_SIZE = 8; -constexpr char HKDF_CONTEXT[] = "lsl-sess"; -// Domain-separation context for the ephemeral-exchange session key, kept -// distinct from HKDF_CONTEXT so the two derivations can never collide. +// Domain-separation context for the ephemeral-exchange session key. constexpr char EPH_CONTEXT[] = "lsl-esk1"; constexpr uint64_t SESSION_KEY_SUBKEY_ID = 1;