[Libre-soc-bugs] [Bug 770] Discussion and Finalisation of Which Cryptographic Primitives to Implement

bugzilla-daemon at libre-soc.org bugzilla-daemon at libre-soc.org
Thu Oct 13 16:17:02 BST 2022


--- Comment #5 from Jacob Lifshay <programmerjake at gmail.com> ---
imho we should implement chacha20-poly1305 -- a very commonly used AEAD, used
by Wireguard and ssh and tls and more. imho we should implement the wireguard


poly1305 is quite simple:
clamp(r): r &= 0x0ffffffc0ffffffc0ffffffc0fffffff
poly1305_mac(msg, key):
    r = (le_bytes_to_num(key[0..15])
    s = le_num(key[16..31])
    accumulator = 0
    p = (1<<130)-5
    for i=1 upto ceil(msg length in bytes / 16)
        n = le_bytes_to_num(msg[((i-1)*16)..(i*16)] | [0x01])
        a += n
        a = (r * a) % p
    a += s
    return num_to_16_le_bytes(a)

the remainder op can be done using shifting and add and sub iirc, so isn't
super slow

You are receiving this mail because:
You are on the CC list for the bug.

More information about the libre-soc-bugs mailing list