Update AES-GCM-SIV to literate version of RFC

GaloisInc / cryptol-specs

A central repository for specifications of cryptographic algorithms in Cryptol

BSD 3-Clause "New" or "Revised" License

30 stars 6 forks source link

Update AES-GCM-SIV to literate version of RFC #82

Open marsella opened 2 months ago

marsella commented 2 months ago

The documentation for AES-GCM-SIV references a preprint and a draft RFC. Since then, the spec has been formalized into an RFC by the IRTF (note that this is not a NIST or IETF standard -- it's probably the next best thing).

We should update the cryptol spec:

[ ] Make the cryptol spec literate, using the latest version of the RFC
[ ] Identify and incorporate any changes made between the draft and the final version
[ ] Add test vectors to make sure it works as expected, and that all the endianness is aligned with the spec

marsella commented 1 month ago

There's currently some weirdness in the endianness of AES-GMC-SIV that requires some functions from AES to be public when they should really be private. Ideally, in the course of addressing this issue, we'd be able to find a solution that lets us make the AES ExpandedKey type and the keyExpansion and encryptWithSchedule functions private.