From f98203e74447a839b7f3522ec5b7a6c2db5ccd9b Mon Sep 17 00:00:00 2001 From: Loup Vaillant Date: Sun, 5 Nov 2017 18:09:29 +0100 Subject: [PATCH] Manual review: applying CuleX's advice --- doc/man/man3/crypto_lock_init.3monocypher | 11 +++++------ doc/man/man3/crypto_sign.3monocypher | 17 ++++++++--------- 2 files changed, 13 insertions(+), 15 deletions(-) diff --git a/doc/man/man3/crypto_lock_init.3monocypher b/doc/man/man3/crypto_lock_init.3monocypher index e9fef4d..2dde8c6 100644 --- a/doc/man/man3/crypto_lock_init.3monocypher +++ b/doc/man/man3/crypto_lock_init.3monocypher @@ -75,13 +75,12 @@ This interface uses four steps: .It Initialisation with .Fn crypto_lock_init . -This sets up a context for encryption or decryption (the same function -is used for both). +This sets up a context for encryption or decryption. +The same function is used for both. .It Authentication with .Fn crypto_lock_auth . This authenticates (or verifies) additional data, if any. -This step is optional. .It Update, with .Fn crypto_lock_update @@ -111,7 +110,7 @@ It is meant as a building block. Used with .Fn crypto_lock_auth , it enables various AEAD constructions. -Most users don't need it. +Most users do not need it. Prefer .Fn crypto_lock_update and @@ -133,7 +132,7 @@ The function returns 0 on success or -1 if the message was corrupted. Corruption can happen because of transmission errors, programmer error, or attacker interference. -.Em Always check the return value. +.Em Always check the return value . .Sh EXAMPLES Encryption: .Bd -literal -offset indent @@ -197,7 +196,7 @@ if (crypto_unlock_final(&ctx, mac)) { } .Ed .Pp -In place Encryption (without additional data for clarity): +In-place Encryption (without additional data for clarity): .Bd -literal -offset indent const uint8_t key [ 32]; /* session key */ const uint8_t nonce [ 32]; /* unique per session key */ diff --git a/doc/man/man3/crypto_sign.3monocypher b/doc/man/man3/crypto_sign.3monocypher index ba5e62c..e7562d6 100644 --- a/doc/man/man3/crypto_sign.3monocypher +++ b/doc/man/man3/crypto_sign.3monocypher @@ -9,11 +9,11 @@ .Sh SYNOPSIS .In monocypher.h .Ft void -.Ft void .Fo crypto_sign_public_key .Fa "uint8_t public_key[32]" .Fa "const uint8_t secret_key[32]" .Fc +.Ft void .Fo crypto_sign .Fa "uint8_t signature[64]" .Fa "const uint8_t secret_key[32]" @@ -44,20 +44,19 @@ the same as those used for .Xr crypto_key_exchange 3monocypher . Do not use the same private key for both purposes. .Pp -The .Fn crypto_sign -function signs a message with +signs a message with .Fa secret_key . The public key is optional, and will be recomputed if not provided. -This doubles execution time. +This recomputation doubles the execution time. .Pp -The .Fn crypto_check -function checks that a given signature is genuine. +checks that a given signature is genuine. Meaning, only someone who had the private key could have signed the message. .Pp -It does +.Fn crypto_check +does .Em not run in constant time. It does not have to in most threat models, because nothing is secret: @@ -120,7 +119,7 @@ crypto_check(signature, pk, message, 500); .Xr crypto_lock 3monocypher , .Xr intro 3monocypher .Sh STANDARDS -These functions implement EdDSA with curve25519 and Blake2b. +These functions implement EdDSA with Curve25519 and Blake2b. This is the same as Ed25519, with Blake2b instead of SHA-512. Ed25519 is described in RFC 7748. .Sh SECURITY CONSIDERATIONS @@ -130,6 +129,6 @@ This requires hardware access. If attackers are expected to have such access and the relevant equipment, use .Fn crypto_check -to verify the signature. +to verify the signature before sending it away. This verification reduces the speed of the whole operation by a factor of 3, and only provides an incomplete protection. -- 2.47.3