Manual: hash shared secret *and* public keys

diff --git a/doc/man/man3/crypto_x25519.3monocypher b/doc/man/man3/crypto_x25519.3monocypher
index ab4d29ac1063f55c45000b73e2b2a97a53e29be8..f80b815a98356e8a9bcbc166a8012bc38da13386 100644 (file)
--- a/doc/man/man3/crypto_x25519.3monocypher
+++ b/doc/man/man3/crypto_x25519.3monocypher
@@ -8,7 +8,7 @@
 .\"
 .\" ----------------------------------------------------------------------------
 .\"
-.\" Copyright (c) 2017-2021 Loup Vaillant
+.\" Copyright (c) 2017-2021, 2022 Loup Vaillant
 .\" Copyright (c) 2017-2018 Michael Savage
 .\" Copyright (c) 2017, 2019-2020, 2022 Fabio Scotoni
 .\" Copyright (c) 2020 Richard Walmsley
@@ -52,7 +52,7 @@
 .\" with this software.  If not, see
 .\" <https://creativecommons.org/publicdomain/zero/1.0/>
 .\"
-.Dd February 13, 2022
+.Dd February 14, 2022
 .Dt CRYPTO_X25519 3MONOCYPHER
 .Os
 .Sh NAME
@@ -157,14 +157,21 @@ key
 .Bd -literal -offset indent
 const uint8_t their_pk     [32]; /* Their public key          */
 uint8_t       your_sk      [32]; /* Your secret key           */
+uint8_t       your_pk      [32]; /* Your public key           */
 uint8_t       shared_secret[32]; /* Shared secret (NOT a key) */
 arc4random_buf(your_sk, 32);
+crypto_x25512(your_pk, your_sk);
 crypto_x25519(shared_secret, your_sk, their_pk);
 /* Wipe secrets if they are no longer needed */
 crypto_wipe(your_sk, 32);
 
 uint8_t shared_keys[64]; /* Two shared session keys */
-crypto_blake2b(shared_keys, shared_secret, 32);
+crypto_blake2b_ctx ctx;
+crypto_blake2b_init  (&ctx);
+crypto_blake2b_update(&ctx, shared_secret, 32);
+crypto_blake2b_update(&ctx, your_pk      , 32);
+crypto_blake2b_update(&ctx, their_pk     , 32);
+crypto_blake2b_final (&ctx, shared_keys);
 const uint8_t *key_1 = shared_keys;      /* Shared key 1 */
 const uint8_t *key_2 = shared_keys + 32; /* Shared key 2 */
 /* Wipe secrets if they are no longer needed */