Open marsella opened 2 months ago
There's currently some weirdness in the endianness of AES-GMC-SIV that requires some functions from AES to be public when they should really be private. Ideally, in the course of addressing this issue, we'd be able to find a solution that lets us make the AES ExpandedKey
type and the keyExpansion
and encryptWithSchedule
functions private.
The documentation for AES-GCM-SIV references a preprint and a draft RFC. Since then, the spec has been formalized into an RFC by the IRTF (note that this is not a NIST or IETF standard -- it's probably the next best thing).
We should update the cryptol spec: