From dedba6ff09f78b96dbc5a2b3a13fb8825f438d3c Mon Sep 17 00:00:00 2001 From: =?utf8?q?Niels=20M=C3=B6ller?= Date: Mon, 9 Mar 2020 22:15:21 +0100 Subject: [PATCH] Minor fixes for chacha comments and docs. --- chacha-crypt.c | 2 +- nettle.texinfo | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chacha-crypt.c b/chacha-crypt.c index 0bb44ed9..1797bd02 100644 --- a/chacha-crypt.c +++ b/chacha-crypt.c @@ -103,7 +103,7 @@ chacha_crypt32(struct chacha_ctx *ctx, ++ctx->state[12]; - /* stopping at 2^70 length per nonce is user's responsibility */ + /* stopping at 2^38 length per nonce is user's responsibility */ if (length <= CHACHA_BLOCK_SIZE) { diff --git a/nettle.texinfo b/nettle.texinfo index 418f46d8..ff64889c 100644 --- a/nettle.texinfo +++ b/nettle.texinfo @@ -3328,7 +3328,7 @@ defines a similar construction but with Salsa20 instead of ChaCha. Nettle's implementation of ChaCha-Poly1305 follows @cite{RFC 8439}, where the ChaCha cipher is initialized with a 12-byte nonce and a 4-byte block counter. This allows up to 256 gigabytes of data to be encrypted -using the same key. +using the same key and nonce. For ChaCha-Poly1305, the ChaCha cipher is initialized with a key, of 256 bits, and a per-message nonce. The first block of the key stream -- 2.47.2