[PATCH cryptodev] crypto: lib/chacha20poly1305 - allow users to specify 96bit nonce
Jason A. Donenfeld
Jason at zx2c4.com
Tue Nov 17 09:30:35 CET 2020
Nack.
This API is meant to take simple integers, so that programmers can use
atomic64_t with it and have safe nonces. I'm also interested in
preserving the API's ability to safely encrypt more than 4 gigs of
data at once. Passing a buffer also encourages people to use
randomized nonces, which isn't really safe. Finally, there are no
in-tree users of 96bit nonces for this interface. If you're after a
cornucopia of compatibility primitives, the ipsec stuff might be more
to your fitting. Or, add a new simple function/api. But adding
complexity to users of the existing one and confusing future users of
it is a non-starter. It's supposed to be deliberately non-awful to
use.
More information about the WireGuard
mailing list