From 08bc5ba0a87918d5e76f1475f19f078cc575ddfd Mon Sep 17 00:00:00 2001
From: Christopher Jeffrey <chjjeffrey@gmail.com>
Date: Tue, 26 Jul 2016 21:49:49 -0700
Subject: [PATCH] bip151: use plaintext packet size as aad (openssh
 conformance).

---
 lib/bcoin/bip151.js | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/lib/bcoin/bip151.js b/lib/bcoin/bip151.js
index b3fa995c..f9226c73 100644
--- a/lib/bcoin/bip151.js
+++ b/lib/bcoin/bip151.js
@@ -110,7 +110,6 @@ BIP151Stream.prototype.init = function init(publicKey) {
 
   this.chacha.init(this.k1, this.iv());
   this.aead.init(this.k2, this.iv());
-  this.aead.aad(this.sid);
 
   this.lastRekey = utils.now();
 };
@@ -150,7 +149,6 @@ BIP151Stream.prototype.rekey = function rekey() {
 
   this.chacha.init(this.k1, this.iv());
   this.aead.init(this.k2, this.iv());
-  this.aead.aad(this.sid);
 };
 
 /**
@@ -171,7 +169,6 @@ BIP151Stream.prototype.sequence = function sequence() {
   // unaltered aside from the iv.
   this.chacha.init(null, this.iv());
   this.aead.init(null, this.iv());
-  this.aead.aad(this.sid);
 };
 
 /**
@@ -205,6 +202,7 @@ BIP151Stream.prototype.getPublicKey = function getPublicKey() {
 BIP151Stream.prototype.encryptSize = function encryptSize(size) {
   var data = new Buffer(4);
   data.writeUInt32LE(size, 0, true);
+  this.aead.aad(data);
   return this.chacha.encrypt(data);
 };
 
@@ -217,6 +215,7 @@ BIP151Stream.prototype.encryptSize = function encryptSize(size) {
 BIP151Stream.prototype.decryptSize = function decryptSize(data) {
   data = data.slice(0, 4);
   this.chacha.encrypt(data);
+  this.aead.aad(data);
   return data.readUInt32LE(0, true);
 };