From 114e540b15d57618f9ebf624264298f80bbd8c77 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 5 Dec 2013 10:22:57 +1100 Subject: [PATCH] - djm@cvs.openbsd.org 2013/12/02 02:50:27 [PROTOCOL.chacha20poly1305] typo; from Jon Cave --- ChangeLog | 3 +++ PROTOCOL.chacha20poly1305 | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 336cb2afe..1aa9e80e1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,9 @@ - djm@cvs.openbsd.org 2013/12/01 23:19:05 [PROTOCOL] mention curve25519-sha256@libssh.org key exchange algorithm + - djm@cvs.openbsd.org 2013/12/02 02:50:27 + [PROTOCOL.chacha20poly1305] + typo; from Jon Cave 20131121 - (djm) OpenBSD CVS Sync diff --git a/PROTOCOL.chacha20poly1305 b/PROTOCOL.chacha20poly1305 index c4b723aff..9cf73a926 100644 --- a/PROTOCOL.chacha20poly1305 +++ b/PROTOCOL.chacha20poly1305 @@ -47,7 +47,7 @@ cipher by decrypting and using the packet length prior to checking the MAC. By using an independently-keyed cipher instance to encrypt the length, an active attacker seeking to exploit the packet input handling as a decryption oracle can learn nothing about the payload contents or -its MAC (assuming key derivation, ChaCha20 and Poly1306 are secure). +its MAC (assuming key derivation, ChaCha20 and Poly1305 are secure). The AEAD is constructed as follows: for each packet, generate a Poly1305 key by taking the first 256 bits of ChaCha20 stream output generated @@ -101,5 +101,5 @@ References [3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 -$OpenBSD: PROTOCOL.chacha20poly1305,v 1.1 2013/11/21 00:45:43 djm Exp $ +$OpenBSD: PROTOCOL.chacha20poly1305,v 1.2 2013/12/02 02:50:27 djm Exp $ -- 2.47.3