server/bulkcrypto.c: Fix description comment for AEAD schemes.

While it's true that actual encryption doesn't require AAD processing,
the challenge handling /does/.

diff --git a/server/bulkcrypto.c b/server/bulkcrypto.c
index 4c6be32..92e67c0 100644 (file)
--- a/server/bulkcrypto.c
+++ b/server/bulkcrypto.c
@@ -816,17 +816,18 @@ static int iiv_decrypt(bulkctx *bbc, unsigned ty,
 
 /*----- The AEAD transform ------------------------------------------------*
  *
- * This transform uses a general authenticated encryption scheme (the
- * additional data isn't necessary).  Good options include
- * `chacha20-poly1305' or `rijndael-ocb3'.
+ * This transform uses a general authenticated encryption scheme.  Processing
+ * additional authenticated data isn't needed for encrypting messages, but it
+ * is required for challenge generation.  Good options include `chacha20-
+ * poly1305' or `rijndael-ocb3'; alas, `salsa20-naclbox' isn't acceptable.
  *
  * To be acceptable, the scheme must accept at least a 40-bit nonce.  (All of
- * Catacomb's current AEAD schemes are suitable.)  The low 32 bits are the
- * sequence number.  The type is written to the next 8--32 bytes: if the
- * nonce size is 64 bits or more (preferred, for compatibility reasons) then
- * the type is written as 32 bits, and the remaining space is padded with
- * zero bytes; otherwise, the type is right-aligned in the remaining space.
- * Both fields are big-endian.
+ * Catacomb's current AEAD schemes are suitable in this respect.)  The low 32
+ * bits are the sequence number.  The type is written to the next 8--32
+ * bytes: if the nonce size is 64 bits or more (preferred, for compatibility
+ * reasons) then the type is written as 32 bits, and the remaining space is
+ * padded with zero bytes; otherwise, the type is right-aligned in the
+ * remaining space.  Both fields are big-endian.
  *
  *             +--------+--+
  *             |  seq   |ty|