From bfa4851174833110ebf2af4823d0376e6544f86a Mon Sep 17 00:00:00 2001
From: Aaron Feickert <66188213+AaronFeickert@users.noreply.github.com>
Date: Tue, 19 Dec 2023 13:45:50 -0600
Subject: [PATCH] Add a warning about AEAD use

---
 src/libspark/aead.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/libspark/aead.cpp b/src/libspark/aead.cpp
index ada79bcc2c..6f31038da4 100644
--- a/src/libspark/aead.cpp
+++ b/src/libspark/aead.cpp
@@ -3,6 +3,8 @@
 namespace spark {
 
 // Perform authenticated encryption with ChaCha20-Poly1305 using key commitment
+// NOTE: This uses a fixed zero nonce, which is safe when used in Spark as directed
+// It is NOT safe in general to do this!
 AEADEncryptedData AEAD::encrypt(const GroupElement& prekey, const std::string additional_data, CDataStream& data) {
 	// Set up the result structure
 	AEADEncryptedData result;
@@ -43,6 +45,8 @@ AEADEncryptedData AEAD::encrypt(const GroupElement& prekey, const std::string ad
 }
 
 // Perform authenticated decryption with ChaCha20-Poly1305 using key commitment
+// NOTE: This uses a fixed zero nonce, which is safe when used in Spark as directed
+// It is NOT safe in general to do this!
 CDataStream AEAD::decrypt_and_verify(const GroupElement& prekey, const std::string additional_data, AEADEncryptedData& data) {
 	// Derive the key and commitment
 	std::vector<unsigned char> key = SparkUtils::kdf_aead(prekey);