From ef568e44d19ca2fbad6447f7327061d7deb12ed0 Mon Sep 17 00:00:00 2001 From: Loup Vaillant Date: Sun, 24 Feb 2019 09:33:35 +0100 Subject: [PATCH] More RFC number corrections RFC 7539 has been obsoleted by RFC 8439. Incremental EdDSA didn't change to RFC 8032. --- doc/man/man3/crypto_chacha20_encrypt.3monocypher | 4 ++-- doc/man/man3/crypto_lock.3monocypher | 2 +- doc/man/man3/crypto_lock_init.3monocypher | 2 +- doc/man/man3/crypto_poly1305.3monocypher | 2 +- doc/man/man3/crypto_sign_init_first_pass.3monocypher | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/doc/man/man3/crypto_chacha20_encrypt.3monocypher b/doc/man/man3/crypto_chacha20_encrypt.3monocypher index e75d024..18db662 100644 --- a/doc/man/man3/crypto_chacha20_encrypt.3monocypher +++ b/doc/man/man3/crypto_chacha20_encrypt.3monocypher @@ -176,7 +176,7 @@ Resuming the encryption will use the stream at the block .Ql ctr \(mu 64 ) . This can be used to encrypt (or decrypt) part of a long message, or to implement some AEAD constructions such as the one described in RFC -7539. +8439. Be careful when using this not to accidentally reuse parts of the random stream as that would destroy confidentiality. .Sh RETURN VALUES @@ -278,7 +278,7 @@ crypto_wipe(plain_text, 500); .Xr intro 3monocypher .Sh STANDARDS These functions implement Chacha20 and XChacha20. -Chacha20 is described in RFC 7539. +Chacha20 is described in RFC 8439. XChacha20 derives from Chacha20 the same way XSalsa20 derives from Salsa20, and benefits from the same security reduction (proven secure as long as Chacha20 itself is secure). diff --git a/doc/man/man3/crypto_lock.3monocypher b/doc/man/man3/crypto_lock.3monocypher index 559fd56..858218e 100644 --- a/doc/man/man3/crypto_lock.3monocypher +++ b/doc/man/man3/crypto_lock.3monocypher @@ -245,7 +245,7 @@ crypto_wipe(key, 32); .Xr crypto_wipe 3monocypher , .Xr intro 3monocypher .Sh STANDARDS -These functions implement RFC 7539, with XChacha20 instead of Chacha20. +These functions implement RFC 8439, with XChacha20 instead of Chacha20. XChacha20 derives from Chacha20 the same way XSalsa20 derives from Salsa20, and benefits from the same security reduction (proven secure as long as Chacha20 itself is secure). diff --git a/doc/man/man3/crypto_lock_init.3monocypher b/doc/man/man3/crypto_lock_init.3monocypher index 8f0aa4c..d8c6802 100644 --- a/doc/man/man3/crypto_lock_init.3monocypher +++ b/doc/man/man3/crypto_lock_init.3monocypher @@ -269,7 +269,7 @@ crypto_lock_final(&ctx, mac); .Xr crypto_wipe 3monocypher , .Xr intro 3monocypher .Sh STANDARDS -These functions implement RFC 7539, with XChacha20 instead of Chacha20. +These functions implement RFC 8439, with XChacha20 instead of Chacha20. XChacha20 derives from Chacha20 the same way XSalsa20 derives from Salsa20, and benefits from the same security reduction (proven secure as long as Chacha20 itself is secure). diff --git a/doc/man/man3/crypto_poly1305.3monocypher b/doc/man/man3/crypto_poly1305.3monocypher index 8e85e5b..bf8dd76 100644 --- a/doc/man/man3/crypto_poly1305.3monocypher +++ b/doc/man/man3/crypto_poly1305.3monocypher @@ -134,7 +134,7 @@ crypto_poly1305_final(&ctx, mac); .Xr crypto_verify16 3monocypher , .Xr intro 3monocypher .Sh STANDARDS -These functions implement Poly1305, described in RFC 7539. +These functions implement Poly1305, described in RFC 8439. .Sh SECURITY CONSIDERATIONS Poly1305 is difficult to use correctly. Do not use it unless you are absolutely sure what you are doing. diff --git a/doc/man/man3/crypto_sign_init_first_pass.3monocypher b/doc/man/man3/crypto_sign_init_first_pass.3monocypher index 6a8a7b1..59bc2b8 100644 --- a/doc/man/man3/crypto_sign_init_first_pass.3monocypher +++ b/doc/man/man3/crypto_sign_init_first_pass.3monocypher @@ -161,9 +161,9 @@ if (crypto_check_final(&ctx)) { .Xr crypto_wipe 3monocypher , .Xr intro 3monocypher .Sh STANDARDS -These functions implement EdDSA with Curve25519 and Blake2b. +These functions implement PureEdDSA with Curve25519 and Blake2b, as +described in RFC 8032. This is the same as Ed25519, with Blake2b instead of SHA-512. -Ed25519 is described in RFC 7748. .Sh SECURITY CONSIDERATIONS Messages are not verified until the call to .Fn crypto_check_final . -- 2.47.3