Lucas Gabriel Vuotto
2f31fe73e5
Explain why it's fine to skip clamping while doing t4 t3 t2 t1 t0 + 5. |
||
---|---|---|
lib | ||
wycheproof | ||
.gitignore | ||
aead_chacha20_poly1305.c | ||
aead.c | ||
auth_hmac.c | ||
auth_poly1305.c | ||
auth.c | ||
cipher_chacha20.c | ||
cipher.c | ||
ct.c | ||
hash_sha224_sha256.c | ||
hash_sha384_sha512.c | ||
hash.c | ||
impl_chacha20.c | ||
impl_poly1305.c | ||
impl_sha256.c | ||
impl_sha512.c | ||
internal.h | ||
kdf_hkdf.c | ||
kdf.c | ||
lilcrypto.h | ||
Makefile | ||
Makefile.inc | ||
README | ||
util.c | ||
util.h | ||
wycheproof_aead.c | ||
wycheproof_hkdf.c | ||
wycheproof_mac.c |
lilcrypto ========= > They see me rollin', they hatin'. Experiment on rolling my own crypto. Kinda. I'm not creating any new protocol, but implementing known algorithms and constructions. The main focus is to understand how to implement the math behind the algorithms, and to get to know the constructions better. Algorithms ========== Utilities --------- - Constant-time operations - [x] compare - [x] mask32: return a 1s mask if any bit is set, 0 otherwise - Hexdump Hash ---- - [x] SHA-224 - [x] SHA-256 - [x] SHA-384 - [x] SHA-512 - [x] SHA-512/224 & SHA-512/256 Authentication -------------- - [x] HMAC - [x] Poly1305 Ciphers ------- - [x] ChaCha20 - [x] XChaCha20 AEAD ---- - [x] ChaCha20-Poly1305 - [x] XChaCha20-Poly1305 ECC --- - Curve25519 - [ ] Ed25519 (EdDSA) - [ ] X25519 (ECDH) KDF --- - [x] HKDF Nice-to-haves ============= Utilities --------- - [ ] Portable Makefile - [ ] NaCl interface - [ ] signify interface Hash ---- Authentication -------------- - [ ] GMAC Ciphers ------- - [ ] AES - [ ] Camellia - [ ] Salsa20 (no Wycheproof test vector suite) - [ ] XSalsa20 (no Wycheproof test vector suite) AEAD ---- - [ ] AES-GCM - [ ] Camellia-GCM - [ ] Salsa20-Poly1305 (no Wycheproof test vector suite) - [ ] XSalsa20-Poly1305 (no Wycheproof test vector suite)