From 941c8fb244c7bdab224df2ad321c7db92714e12b Mon Sep 17 00:00:00 2001 From: Seyed Yahya Shirazi Date: Tue, 23 Jun 2026 05:51:28 -0700 Subject: [PATCH] Correct KDF naming: BLAKE2b, drop dead HKDF_CONTEXT --- liblsl/include/lsl_security.h | 2 +- liblsl/src/lsl_security.h | 5 +---- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/liblsl/include/lsl_security.h b/liblsl/include/lsl_security.h index 7d88073..8fe9f9d 100644 --- a/liblsl/include/lsl_security.h +++ b/liblsl/include/lsl_security.h @@ -11,7 +11,7 @@ * * Security Model: * - Ed25519 for device identity and signatures - * - X25519 + HKDF for session key derivation + * - X25519 + BLAKE2b for session key derivation * - ChaCha20-Poly1305 for authenticated encryption * - Unified security: all-secure or all-insecure network * diff --git a/liblsl/src/lsl_security.h b/liblsl/src/lsl_security.h index 34096c5..a18987f 100644 --- a/liblsl/src/lsl_security.h +++ b/liblsl/src/lsl_security.h @@ -19,10 +19,7 @@ namespace lsl { namespace security { // Internal constants -constexpr size_t HKDF_CONTEXT_SIZE = 8; -constexpr char HKDF_CONTEXT[] = "lsl-sess"; -// Domain-separation context for the ephemeral-exchange session key, kept -// distinct from HKDF_CONTEXT so the two derivations can never collide. +// Domain-separation context for the ephemeral-exchange session key. constexpr char EPH_CONTEXT[] = "lsl-esk1"; constexpr uint64_t SESSION_KEY_SUBKEY_ID = 1;