lilcrypto
=========

> They see me rollin', they hatin'.

Experiment on rolling my own crypto. Kinda. I'm not creating any new
protocol, but implementing known algorithms and constructions. The main
focus is to understand how to implement the math behind the algorithms,
and to get to know the constructions better.

Algorithms
==========

Utilities
---------

- Constant-time operations
  - [x] compare
  - [x] mask32: return a 1s mask if any bit is set, 0 otherwise
- Hexdump

Hash
----

- [x] SHA-224
- [x] SHA-256
- [x] SHA-384
- [x] SHA-512
- [x] SHA-512/224 & SHA-512/256

Authentication
--------------

- [x] HMAC
- [x] Poly1305

Ciphers
-------

- [x] ChaCha20
- [x] XChaCha20

AEAD
----

- [x] ChaCha20-Poly1305
- [x] XChaCha20-Poly1305

ECC
---

- Curve25519
  - [ ] Ed25519 (EdDSA)
  - [ ] X25519 (ECDH)

KDF
---

- [x] HKDF


Nice-to-haves
=============

Utilities
---------

- [ ] Portable Makefile
- [ ] NaCl interface
- [ ] signify interface

Hash
----

Authentication
--------------

- [ ] GMAC

Ciphers
-------

- [ ] AES
- [ ] Camellia
- [ ] Salsa20 (no Wycheproof test vector suite)
- [ ] XSalsa20 (no Wycheproof test vector suite)

AEAD
----

- [ ] AES-GCM
- [ ] Camellia-GCM
- [ ] Salsa20-Poly1305 (no Wycheproof test vector suite)
- [ ] XSalsa20-Poly1305 (no Wycheproof test vector suite)