[PATCH cryptodev] crypto: lib/chacha20poly1305 - allow users to specify 96bit nonce

Antonio Quartulli a at unstable.cc
Tue Nov 17 10:41:10 CET 2020


On 17/11/2020 09:30, Jason A. Donenfeld wrote:
> Nack.
> This API is meant to take simple integers, so that programmers can use
> atomic64_t with it and have safe nonces. I'm also interested in
> preserving the API's ability to safely encrypt more than 4 gigs of
> data at once. Passing a buffer also encourages people to use
> randomized nonces, which isn't really safe. Finally, there are no
> in-tree users of 96bit nonces for this interface. If you're after a
> cornucopia of compatibility primitives, the ipsec stuff might be more
> to your fitting. Or, add a new simple function/api. But adding
> complexity to users of the existing one and confusing future users of
> it is a non-starter. It's supposed to be deliberately non-awful to
> use.

Thanks for explaining the ratio behind this API.

At first I thought this API wanted to take over the existing one, hence
my attempt of making it more generic and re-use it.
But I understand now this was not the goal.

I will stick to the classic crypto API then.

Best Regards,

p.s. I am curious about any use case you may have in mind for encrypting
more than 4GB in one go, as there are no users doing that right now.

Antonio Quartulli

More information about the WireGuard mailing list