I've also filed an MR for easier reviews and updates:
https://git.lysator.liu.se/nettle/nettle/-/merge_requests/52
u...@gnu.org writes:
> From: Daiki Ueno
>
> This implements AES-GCM-SIV, described in RFC8452, on top of the
> existing AES-GCM primitives. In particular, its hash algorithm
>
From: Daiki Ueno
This implements AES-GCM-SIV, described in RFC8452, on top of the
existing AES-GCM primitives. In particular, its hash algorithm
POLYVAL is implemented using the GHASH with additional byte order
conversion according to RFC8452 Appendix A.
Signed-off-by: Daiki Ueno
---