[Libre-soc-bugs] [Bug 770] Discussion and Finalisation of Which Cryptographic Primitives to Implement
bugzilla-daemon at libre-soc.org
bugzilla-daemon at libre-soc.org
Thu Oct 13 16:17:02 BST 2022
https://bugs.libre-soc.org/show_bug.cgi?id=770
--- Comment #5 from Jacob Lifshay <programmerjake at gmail.com> ---
imho we should implement chacha20-poly1305 -- a very commonly used AEAD, used
by Wireguard and ssh and tls and more. imho we should implement the wireguard
variant.
https://www.rfc-editor.org/rfc/rfc7539
poly1305 is quite simple:
clamp(r): r &= 0x0ffffffc0ffffffc0ffffffc0fffffff
poly1305_mac(msg, key):
r = (le_bytes_to_num(key[0..15])
clamp(r)
s = le_num(key[16..31])
accumulator = 0
p = (1<<130)-5
for i=1 upto ceil(msg length in bytes / 16)
n = le_bytes_to_num(msg[((i-1)*16)..(i*16)] | [0x01])
a += n
a = (r * a) % p
end
a += s
return num_to_16_le_bytes(a)
end
the remainder op can be done using shifting and add and sub iirc, so isn't
super slow
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the libre-soc-bugs
mailing list