They consider the use of ECDH to derive a shared secret, which is then used to generate transmission encoding parameters for each side. These include Session AES-128 key, Session HMAC key, and IV for AES. When encrypting packets, all data transmitted is covered by an SHA256 HMAC, with totlen referring to the size of the unencrypted serialized protobuf message. The comment on this aspect is somewhat misleading, as totlen does not define encrypted message boundaries. However, it is necessary for determining how much padding to ignore. Rusty also notes that he chose to encode the length on 64 bits to avoid wrapping.