2 files changed, 15 insertions, 3 deletions

diff --git a/src/ref/lilliput-ae-utils.h b/src/ref/lilliput-ae-utils.h
index 6b60adc..d78d9ff 100644
--- a/src/ref/lilliput-ae-utils.h
+++ b/src/ref/lilliput-ae-utils.h
@@ -68,7 +68,7 @@ static inline void pad10(size_t X_len, const uint8_t X[X_len], uint8_t padded[BL
 {
     /* pad10*(X) = X || 1 || 0^{n-|X|-1} */
 
-    /* Assume that len<BLOCK_BYTES. */
+    /* Assume that X_len<BLOCK_BYTES. */
 
     size_t pad_len = BLOCK_BYTES-X_len;
 
@@ -101,7 +101,7 @@ static inline void fill_index_tweak(
         tweak[i] = block_index >> 8*i & 0xff;
     }
 
-    /* Assume padding bytes have already been memset to 0. */
+    /* Assume padding bytes have already been set to 0. */
 
     tweak[TWEAK_BYTES-1] |= prefix << 4;
 }
diff --git a/src/ref/lilliput-ii.c b/src/ref/lilliput-ii.c
index 8238b08..7c02bce 100644
--- a/src/ref/lilliput-ii.c
+++ b/src/ref/lilliput-ii.c
@@ -32,6 +32,8 @@ static void _init_msg_tweak(const uint8_t tag[TAG_BYTES], uint8_t tweak[TWEAK_BY
      *        [  1,  64]: tag[ 1.. 64] XOR block index
      *        [ 65, t-1]: tag[65..t-1]
      * - bit t: 1
+     *
+     * This function sets bits 65 to t once and for all.
      */
 
     memcpy(tweak+sizeof(uint64_t), tag+sizeof(uint64_t), TAG_BYTES-sizeof(uint64_t));
@@ -40,7 +42,17 @@ static void _init_msg_tweak(const uint8_t tag[TAG_BYTES], uint8_t tweak[TWEAK_BY
 
 static void _fill_msg_tweak(const uint8_t tag[TAG_BYTES], uint64_t block_index, uint8_t tweak[TWEAK_BYTES])
 {
-    /* Assume bits 65 to t-1 are set. */
+    /* The t-bit tweak is filled as follows:
+     *
+     * - bits [  1, t-1]: tag + block index
+     *        [  1,  64]: tag[ 1.. 64] XOR block index
+     *        [ 65, t-1]: tag[65..t-1]
+     * - bit t: 1
+     *
+     * This function assumes bits 65 to t have already been set, and
+     * only sets bits 1 to 64.
+     */
+
     for (size_t i=0; i<sizeof(block_index); i++)
     {
         uint8_t index_i = block_index >> i*8 & 0xff;