From 7012dfc56139de765139f5e493373a5109c36cde Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Sat, 13 Jun 2020 16:48:50 +0100 Subject: [PATCH] server/bulkcrypto.c: Fix description comment for AEAD schemes. While it's true that actual encryption doesn't require AAD processing, the challenge handling /does/. --- server/bulkcrypto.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/server/bulkcrypto.c b/server/bulkcrypto.c index 4c6be323..92e67c05 100644 --- a/server/bulkcrypto.c +++ b/server/bulkcrypto.c @@ -816,17 +816,18 @@ static int iiv_decrypt(bulkctx *bbc, unsigned ty, /*----- The AEAD transform ------------------------------------------------* * - * This transform uses a general authenticated encryption scheme (the - * additional data isn't necessary). Good options include - * `chacha20-poly1305' or `rijndael-ocb3'. + * This transform uses a general authenticated encryption scheme. Processing + * additional authenticated data isn't needed for encrypting messages, but it + * is required for challenge generation. Good options include `chacha20- + * poly1305' or `rijndael-ocb3'; alas, `salsa20-naclbox' isn't acceptable. * * To be acceptable, the scheme must accept at least a 40-bit nonce. (All of - * Catacomb's current AEAD schemes are suitable.) The low 32 bits are the - * sequence number. The type is written to the next 8--32 bytes: if the - * nonce size is 64 bits or more (preferred, for compatibility reasons) then - * the type is written as 32 bits, and the remaining space is padded with - * zero bytes; otherwise, the type is right-aligned in the remaining space. - * Both fields are big-endian. + * Catacomb's current AEAD schemes are suitable in this respect.) The low 32 + * bits are the sequence number. The type is written to the next 8--32 + * bytes: if the nonce size is 64 bits or more (preferred, for compatibility + * reasons) then the type is written as 32 bits, and the remaining space is + * padded with zero bytes; otherwise, the type is right-aligned in the + * remaining space. Both fields are big-endian. * * +--------+--+ * | seq |ty| -- 2.11.0