Jeffrey Walton <[email protected]> writes: > I hope I'm not crossing my wires, but doesn't ChaCha core require a > counter addition?
Sure, but nettle's _chacha_core function (what I've implemented so far for ppc) does a single block, and doesn't modify the counter. Variants like _chacha_3core (currently implemented for ARM Neon only) need to update the counter. > There are some fundamental differences between Bernstein's ChaCha and > the IETF's ChaCha used in TLS. Bernstein's ChaCha uses a 64-bit > counter. That's a bit messy, but nettle supports both variants. To use the ietf version, either use the the chacha_poly1305_* aead functions, or, for chacha only, the functions chacha_set_nonce96 and chacha_crypt32. And there are tests for 32-bit wraparound in both cases. Regards, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677. Internet email is subject to wholesale government surveillance. _______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
