From a66c07009c06af465d978fb32c93e6a122c2c8b9 Mon Sep 17 00:00:00 2001
From: Mike Hunhoff <mike.hunhoff@gmail.com>
Date: Fri, 1 Mar 2024 16:16:39 -0700
Subject: [PATCH 1/3] fix encrypt-data-using-salsa20-or-chacha.yml

---
 nursery/encrypt-data-using-salsa20-or-chacha.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nursery/encrypt-data-using-salsa20-or-chacha.yml b/nursery/encrypt-data-using-salsa20-or-chacha.yml
index 09322591..89ce4221 100644
--- a/nursery/encrypt-data-using-salsa20-or-chacha.yml
+++ b/nursery/encrypt-data-using-salsa20-or-chacha.yml
@@ -15,8 +15,8 @@ rule:
     # The constant words spell "expand 32-byte k" in ASCII (i.e. the 4 words are "expa", "nd 3", "2-by", and "te k")
     - or:
       - description: part of key setup
-      - string: "expand 32-byte k = sigma"
-      - string: "expand 16-byte k = tau"
+      - string: "expand 32-byte k" = sigma
+      - string: "expand 16-byte k" = tau
       # if sigma and tau are in contiguous memory, may result in concatenated string
       - string: "expand 32-byte kexpand 16-byte k"
       - and:

From 01f44288db0731fbb244bf2e66a104bb2582506f Mon Sep 17 00:00:00 2001
From: Mike Hunhoff <mike.hunhoff@gmail.com>
Date: Fri, 1 Mar 2024 16:39:28 -0700
Subject: [PATCH 2/3] update description

---
 nursery/encrypt-data-using-salsa20-or-chacha.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/nursery/encrypt-data-using-salsa20-or-chacha.yml b/nursery/encrypt-data-using-salsa20-or-chacha.yml
index 89ce4221..a57b855a 100644
--- a/nursery/encrypt-data-using-salsa20-or-chacha.yml
+++ b/nursery/encrypt-data-using-salsa20-or-chacha.yml
@@ -15,8 +15,10 @@ rule:
     # The constant words spell "expand 32-byte k" in ASCII (i.e. the 4 words are "expa", "nd 3", "2-by", and "te k")
     - or:
       - description: part of key setup
-      - string: "expand 32-byte k" = sigma
-      - string: "expand 16-byte k" = tau
+      - string: "expand 32-byte k"
+        description: sigma
+      - string: "expand 16-byte k"
+        description: tau
       # if sigma and tau are in contiguous memory, may result in concatenated string
       - string: "expand 32-byte kexpand 16-byte k"
       - and:

From df7c6f3b2a3c87520ece7d10d1175739ea953560 Mon Sep 17 00:00:00 2001
From: Mike Hunhoff <mike.hunhoff@gmail.com>
Date: Fri, 1 Mar 2024 17:45:40 -0700
Subject: [PATCH 3/3] add additional bytes matches

---
 nursery/encrypt-data-using-salsa20-or-chacha.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nursery/encrypt-data-using-salsa20-or-chacha.yml b/nursery/encrypt-data-using-salsa20-or-chacha.yml
index a57b855a..5fc26d21 100644
--- a/nursery/encrypt-data-using-salsa20-or-chacha.yml
+++ b/nursery/encrypt-data-using-salsa20-or-chacha.yml
@@ -21,6 +21,8 @@ rule:
         description: tau
       # if sigma and tau are in contiguous memory, may result in concatenated string
       - string: "expand 32-byte kexpand 16-byte k"
+      - bytes: 65 78 70 61 6E 64 20 33 32 2D 62 79 74 65 20 6B = "expand 32-byte k"
+      - bytes: 65 78 70 61 6E 64 20 31 36 2D 62 79 74 65 20 6B = "expand 16-byte k"
       - and:
         - string: "expa"
         - string: "nd 3"