diff options
author | Niels Möller <nisse@lysator.liu.se> | 2020-03-09 22:15:21 +0100 |
---|---|---|
committer | Niels Möller <nisse@lysator.liu.se> | 2020-03-09 22:15:21 +0100 |
commit | dedba6ff09f78b96dbc5a2b3a13fb8825f438d3c (patch) | |
tree | c4e6e0fee1584c5512ed762ea82bfeb66e1c9a0d | |
parent | 85a2b7f27bce13683a3aade7e0005edee202e045 (diff) | |
download | nettle-dedba6ff09f78b96dbc5a2b3a13fb8825f438d3c.tar.gz |
Minor fixes for chacha comments and docs.
-rw-r--r-- | chacha-crypt.c | 2 | ||||
-rw-r--r-- | nettle.texinfo | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/chacha-crypt.c b/chacha-crypt.c index 0bb44ed9..1797bd02 100644 --- a/chacha-crypt.c +++ b/chacha-crypt.c @@ -103,7 +103,7 @@ chacha_crypt32(struct chacha_ctx *ctx, ++ctx->state[12]; - /* stopping at 2^70 length per nonce is user's responsibility */ + /* stopping at 2^38 length per nonce is user's responsibility */ if (length <= CHACHA_BLOCK_SIZE) { diff --git a/nettle.texinfo b/nettle.texinfo index 418f46d8..ff64889c 100644 --- a/nettle.texinfo +++ b/nettle.texinfo @@ -3328,7 +3328,7 @@ defines a similar construction but with Salsa20 instead of ChaCha. Nettle's implementation of ChaCha-Poly1305 follows @cite{RFC 8439}, where the ChaCha cipher is initialized with a 12-byte nonce and a 4-byte block counter. This allows up to 256 gigabytes of data to be encrypted -using the same key. +using the same key and nonce. For ChaCha-Poly1305, the ChaCha cipher is initialized with a key, of 256 bits, and a per-message nonce. The first block of the key stream |