So we should use an enumeration, not an unordered list. Same applies to
encryption, decryption and key rotation algorithms.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit fixes an oversight within the spec that details the
encryption nonces as being encoded in a big-endian form rather an a
little-endian for as is intended.
Since our internal nonces are 64-bit in order to match with the Noise
spec, we encoded the 96-bit nonce as 32-bits of leading zeroes followed
by the 64-bit little-endian value.
Spell out the send/receive nonces for the normal message transport;
they're 0 except in one place where Act3 re-uses temp_k from Act2.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Header from folded patch 'typo-fixes.patch':
Typo fixes to squash.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
1. Note that we're using the IETF chachapoly variant, which has 96 bit nonces.
2. Note that we send over the serialization of the pubkey on the wire.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
1. More than three variables.
2. Make nonce encoding explicit (Big-endian, like everything else).
3. `e` is a keypair in this context; use `re` for their pubkey.
4. Explicitly note `re` and `le` notation.
5. Fix RFC reference.
6. Close `` around HKDF.
7. Use `ss` for the shared secret; `s` is already taken.
8. Use `re` for their pubkey.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Further separating the two specs by pointing to bolt08 for transport
details and deduplicating some of the information. Also fixed some
markup while I'm at it :-)
So far we had both the transport layer, with its initialization details,
and part of the base protocol, with some generic messages like `init`
and `error` in a single spec. I propose we split the spec into two, one
for the transport layer and one for the communication on top of that
layer. This should make the independence of the two layers even clearer.
This commit is the first step towards that goal and simply moves blocks
of text into the new spec file. It should not change any semantics.