From fd3fa57e79de3e693d68bf8eb618b8fbab998ad7 Mon Sep 17 00:00:00 2001
From: Wade Simmons <wsimmons@slack-corp.com>
Date: Fri, 25 Jul 2025 14:42:54 -0400
Subject: [PATCH] comments

---
 noiseutil/fips140.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/noiseutil/fips140.go b/noiseutil/fips140.go
index 3f4507d..a5259fa 100644
--- a/noiseutil/fips140.go
+++ b/noiseutil/fips140.go
@@ -37,6 +37,7 @@ func (c cipherFn) CipherName() string             { return c.name }
 // CipherAESGCM is the AES256-GCM AEAD cipher (using aeadAESGCM when fips140 is enabled)
 var CipherAESGCM noise.CipherFunc = cipherFn{cipherAESGCM, "AESGCM"}
 
+// tls.aeadAESGCM uses a 4 byte static prefix and an 8 byte nonce
 var emptyPrefix = []byte{0, 0, 0, 0}
 
 func cipherAESGCM(k [32]byte) noise.Cipher {
@@ -44,6 +45,7 @@ func cipherAESGCM(k [32]byte) noise.Cipher {
 	return aeadCipher{
 		gcm,
 		func(n uint64) []byte {
+			// tls.aeadAESGCM uses a 4 byte static prefix and an 8 byte nonce
 			var nonce [8]byte
 			binary.BigEndian.PutUint64(nonce[:], n)
 			return nonce[:]