Hi, I probably won't convince you anymore, so feel free to ignore this :) Anyway, I just wanted to say that
#define CHACHA128_KEY_SIZE 16 #define CHACHA256_KEY_SIZE 32 [...] void chacha128_set_key(struct chacha_ctx *ctx, const uint8_t *key); void chacha256_set_key(struct chacha_ctx *ctx, const uint8_t *key); looks horribly wrong to me. There is no "Chacha128" nor "Chacha256"; given that the standard naming scheme interprets a number after "Chacha" as number of rounds... well, this is just wrong. Forcing the AES naming onto other stuff is just not a good idea imho. My preference, if you want to have a fixed length in the name, is still "chacha_set_key128" and similar. Not sure about "chacha_128_set_key", "chacha20_128_set_key", ... As a side note: the paper for Chacha only mentions the 256-bit key variant, although the reference implementation also provides the 128-bit variant... So I'm not sure whether the 128-bit variant was actually intended being used at all. regards, Stefan _______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
