aead: support variable-length nonces #65
Labels
aead
Authenticated Encryption with Associated Data (AEAD) crate
Comments
|
Variable-length nonces would be nice for AES-SIV. Miscreant supported them. |
tarcieri
added
the
aead
tarcieri
changed the title
|
Per RustCrypto/AEADs#126 it seems like the best solution to this is to make implementations of algorithms which support multiple different nonce sizes generic over |
dns2utf8
pushed a commit
to dns2utf8/traits
that referenced
this issue
Jan 24, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, the AEAD-trait only supports fixed-length nonces. However, there are some AEAD algorithms, which allow variable length nonces to be used. I think this is important not only for interoperability with other implementations, but also to not restrict the input of AEAD algorithms arbitrarily. Some cases have already been discussed in RustCrypto/AEADs#62 and https://github.com/RustCrypto/traits/pull/40/files/a5db8f2d8e07593883e7e6aba27eb4e9d54b9460#r307931303.
I could imagine, for type-safety, adding a new trait like
AeadVarlenNonce, which is only implemented for algorithms supporting it, or adding a method to the existingAeadtrait, which takes a&[u8]as nonce, but may return anErr(orNoneor panic) if the algorithm doesn't support varlen nonces./cc @tarcieri
The text was updated successfully, but these errors were encountered: