- if _, err = mac.Write(sizeBuf); err != nil {
- return their, 0, err
- }
- tag := make([]byte, blake2b.Size256)
- if _, err = io.ReadFull(data, tag); err != nil {
- return their, 0, err
- }
- if subtle.ConstantTimeCompare(mac.Sum(nil), tag) != 1 {
- return their, 0, errors.New("Unauthenticated size")
- }
- chacha20.XORKeyStream(sizeBuf, sizeBuf, new([16]byte), keyEnc)
- size := int64(binary.BigEndian.Uint64(sizeBuf))
-
- if _, err = io.ReadFull(kdf, keyEnc[:]); err != nil {
- return their, size, err
- }
- if _, err = io.ReadFull(kdf, keyAuth); err != nil {
- return their, size, err
- }
- mac, err = blake2b.New256(keyAuth)
+ sizeBuf, err = aead.Open(sizeBuf[:0], nonce, sizeBuf, nil)