As @karel-m pointed out in https://github.com/libtom/libtomcrypt/pull/211/files#r115594690 we have a possible issue in chacha20poly1305
Now when I am looking at the implementation the max length of our chacha20poly1305 is 2^64 bytes; however, in theory chacha20poly1305 has max length limit 2^70 bytes. The potentioal trouble might occur due to the fact that we do not check for reaching 2^64.
We should verify the existing implementations regarding such limitations.
The following encauth implementations exist, they should be marked as resolved after their implementation has been verified and/or fixed
Should this list contain further elements, e.g. MAC's?
As @karel-m pointed out in https://github.com/libtom/libtomcrypt/pull/211/files#r115594690 we have a possible issue in
chacha20poly1305We should verify the existing implementations regarding such limitations.
The following encauth implementations exist, they should be marked as resolved after their implementation has been verified and/or fixed
ccmchacha20poly1305eaxgcmfixed in GCM counter incrementation isn't stopped at 2^32 blocks, which breaks GCM #129ocbocb3Should this list contain further elements, e.g. MAC's?