Add a comment about remote side authentication

xaionaro-go · Feb 9, 2020 · 4f7827a · 4f7827a
1 parent 2affe83
commit 4f7827a
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 15 deletions.
diff --git a/README.md b/README.md
@@ -114,17 +114,20 @@ BenchmarkSessionWriteMessageAsyncRead1300_max1400-8   	  117862	     10277 ns/op
 
 ### Key exchange
 
-Key exchange is performed via ED25519. [Also if a PSK is set, then
+Key exchange is performed via ECDH with X25519. [Also if a PSK is set, then
 the PSK is concatenated with a constant salt-value, hashed with
-`sha3.Sum256`. And this value is XOR-ed with the key received
-via ED25519](https://github.com/xaionaro-go/secureio/blob/ccd4d864545620b5483c88df91491817e4f0a442/key_exchanger.go#L111).
-If PSK is not set then just a key received via ED25519 is used
+`sha3.Sum256`. And this value is XOR-ed with the key (received
+via ECDH with X25519)](https://github.com/xaionaro-go/secureio/blob/ccd4d864545620b5483c88df91491817e4f0a442/key_exchanger.go#L111).
+If PSK is not set then just a key received via ECDH is used
 (without any modifications).
 
+The remote side is authenticated by a ED25519 signature (of the
+temporary ECDH pubkey).
+
 The resulting value is used as the encryption key for ChaCha20.
 This key is called `cipherKey` within the code.
 
-The key received via ED25510 is updated [every minute](https://github.com/xaionaro-go/secureio/blob/ccd4d864545620b5483c88df91491817e4f0a442/key_exchanger.go#L18).
+The key received via ECDH is updated [every minute](https://github.com/xaionaro-go/secureio/blob/ccd4d864545620b5483c88df91491817e4f0a442/key_exchanger.go#L18).
 So in turn the `cipherKey` is updated every minute as well.
 
 ### Encryption

diff --git a/identity.go b/identity.go
@@ -58,7 +58,6 @@ type Identity struct {
 //
 // * Parses ED25519 keys from directory `keysDir` if they exists
 // and creates a new instance of `*Identity`.
-// 
 // * Creates ED25510 keys and saves them to the directory `keysDir` if they
 // does not exist there and creates a new instance of `*Identity`.
 //

diff --git a/key_seed_update_message.go b/key_seed_update_message.go
@@ -1,14 +1,6 @@
 package secureio
 
-import (
-	"unsafe"
-)
-
 type keySeedUpdateMessage struct {
-	PublicKey [PublicKeySize]byte
+	PublicKey [curve25519PublicKeySize]byte
 	Signature [keySignatureSize]byte
 }
-
-var (
-	keySeedUpdateMessageSize = int64(unsafe.Sizeof(keySeedUpdateMessage{}))
-)