From 8f09b6f6b7fca3a0c05d1d0e1ea0e8323ac8b228 Mon Sep 17 00:00:00 2001
From: Jonathan Rudenberg <jonathan@titanous.com>
Date: Sun, 13 Jul 2014 23:43:55 -0700
Subject: [PATCH] Skip first block when rekeying

---
 box/box.go | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/box/box.go b/box/box.go
index 54e1aa5..9dcf974 100644
--- a/box/box.go
+++ b/box/box.go
@@ -228,7 +228,7 @@ func (noise255) NewCipher(cc []byte) CipherContext {
 
 type noise255ctx struct {
 	cc        []byte
-	keystream [104]byte
+	keystream [168]byte
 }
 
 func (n *noise255ctx) Reset(cc []byte) {
@@ -264,11 +264,12 @@ func (n *noise255ctx) rekey() {
 		panic(err)
 	}
 
-	n.cc = n.keystream[64:]
-	for i := range n.cc {
-		n.cc[i] = 0
+	ks := n.keystream[64:]
+	for i := range ks {
+		ks[i] = 0
 	}
-	c.XORKeyStream(n.cc, n.cc)
+	c.XORKeyStream(ks, ks)
+	n.cc = ks[64:]
 }
 
 func (n *noise255ctx) mac(keystream, ciphertext, authtext []byte) [16]byte {