u...@gnu.org writes: > From: Daiki Ueno <du...@redhat.com> > > This implements AES-GCM-SIV, described in RFC8452, on top of the > existing AES-GCM primitives. In particular, its hash algorithm > POLYVAL is implemented using the GHASH with additional byte order > conversion according to RFC8452 Appendix A.
Thanks, I added a few comments on the MR. In particular, I think it's undesirable to duplicate much of the ghash logic. I've had a quick look at the RFC, and it seems the intention is that polyval can be implemented as a rather simple wrapper around ghash? Regards, /Niels -- Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677. Internet email is subject to wholesale government surveillance. _______________________________________________ nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se To unsubscribe send an email to nettle-bugs-le...@lists.lysator.liu.se
