[PATCH cryptodev] crypto: lib/chacha20poly1305 - allow users to specify 96bit nonce

Jason A. Donenfeld Jason at zx2c4.com
Tue Nov 17 09:30:35 CET 2020


Nack.

This API is meant to take simple integers, so that programmers can use
atomic64_t with it and have safe nonces. I'm also interested in
preserving the API's ability to safely encrypt more than 4 gigs of
data at once. Passing a buffer also encourages people to use
randomized nonces, which isn't really safe. Finally, there are no
in-tree users of 96bit nonces for this interface. If you're after a
cornucopia of compatibility primitives, the ipsec stuff might be more
to your fitting. Or, add a new simple function/api. But adding
complexity to users of the existing one and confusing future users of
it is a non-starter. It's supposed to be deliberately non-awful to
use.


More information about the WireGuard mailing list