@@ -97,6 +97,12 @@
/* IV starts with packet id to make the IV unique for packet */
if (use_epoch_data_format)
{
+ /* Note this does not check aead_usage_limit but can overstep it by
+ * a few extra blocks in one extra write. This is not affecting the
+ * security margin as these extra blocks are on a completely
+ * different order of magnitude than the security margin.
+ * The next iteration/call to epoch_check_send_iterate will
+ * iterate the epoch */
if (!packet_id_write_epoch(&opt->packet_id.send, ctx->epoch, &iv_buffer))
{
msg(D_CRYPT_ERRORS, "ENCRYPT ERROR: packet ID roll over");
@@ -298,7 +298,7 @@
/** last epoch_key used for generation of the current send data keys.
* As invariant, the epoch of epoch_key_send is always kept >= the epoch of
- * epoch_key_recv */
+ * key_ctx_bi.decrypt.epoch */
struct epoch_key epoch_key_send;
/** epoch_key used for the highest receive epoch keys */
@@ -309,7 +309,7 @@
/** The limit for AEAD cipher, this is the sum of packets + blocks
* that are allowed to be used. Will switch to a new epoch if this
- * limit is reached*/
+ * limit is reached. */
uint64_t aead_usage_limit;
/** Keeps the future epoch data keys for decryption. The current one