[PATCH 2/2] doc: match ChaCha-Poly1305 documentation to the implementation

Fri, 06 Mar 2020 08:41:44 -0800 

From: Daiki Ueno <du...@redhat.com>

While the documentation said the nonce size is 16 octets, the
implementation actually assumed 12 octets following RFC 7539.

Signed-off-by: Daiki Ueno <du...@redhat.com>
---
 nettle.texinfo | 17 +++++------------
 1 file changed, 5 insertions(+), 12 deletions(-)

diff --git a/nettle.texinfo b/nettle.texinfo
index 0b339f51..7d5e1780 100644
--- a/nettle.texinfo
+++ b/nettle.texinfo
@@ -3292,17 +3292,10 @@ except that @var{cipher} and @var{f} are replaced with 
a context structure.
 ChaCha-Poly1305 is a combination of the ChaCha stream cipher and the
 poly1305 message authentication code (@pxref{Poly1305}). It originates
 from the NaCl cryptographic library by D. J. Bernstein et al, which
-defines a similar construction but with Salsa20 instead of ChaCha. 
-
-Nettle's implementation ChaCha-Poly1305 should be considered
-@strong{experimental}. At the time of this writing, there is no
-authoritative specification for ChaCha-Poly1305, and a couple of
-different incompatible variants. Nettle implements it using the original
-definition of ChaCha, with 64 bits (8 octets) each for the nonce and the
-block counter. Some protocols prefer to use nonces of 12 bytes, and it's
-a small change to ChaCha to use the upper 32 bits of the block counter
-as a nonce, instead limiting message size to @math{2^32} blocks or 256
-GBytes, but that variant is currently not supported.
+defines a similar construction but with Salsa20 instead of ChaCha.
+
+Nettle's implementation of ChaCha-Poly1305 follows @cite{RFC 7539}.
+Unlike the original definition of ChaCha, the nonces are of 12 bytes.
 
 For ChaCha-Poly1305, the ChaCha cipher is initialized with a key, of 256
 bits, and a per-message nonce. The first block of the key stream
@@ -3331,7 +3324,7 @@ ChaCha-Poly1305 key size, 32.
 @end defvr
 
 @defvr Constant CHACHA_POLY1305_NONCE_SIZE
-Same as the ChaCha nonce size, 16.
+ChaCha-Poly1305 nonce size, 12.
 @end defvr
 
 @defvr Constant CHACHA_POLY1305_DIGEST_SIZE
-- 
2.24.1

_______________________________________________
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs

Reply via email to