| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHmME9q8k26a9rn72KTfcJw0kJ0iMdob6BBsAsyYBzvfYjRtQQ@mail.gmail.com>
Date: Tue, 17 Nov 2020 09:30:35 +0100
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: Antonio Quartulli <a@...table.cc>
Cc: Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
WireGuard mailing list <wireguard@...ts.zx2c4.com>,
Netdev <netdev@...r.kernel.org>, keyrings@...r.kernel.org,
linux-security-module <linux-security-module@...r.kernel.org>,
Antonio Quartulli <antonio@...nvpn.net>,
Herbert Xu <herbert@...dor.apana.org.au>,
David Howells <dhowells@...hat.com>,
Jarkko Sakkinen <jarkko@...nel.org>,
Jakub Kicinski <kuba@...nel.org>
Subject: Re: [PATCH cryptodev] crypto: lib/chacha20poly1305 - allow users to
specify 96bit nonce
Nack.
This API is meant to take simple integers, so that programmers can use
atomic64_t with it and have safe nonces. I'm also interested in
preserving the API's ability to safely encrypt more than 4 gigs of
data at once. Passing a buffer also encourages people to use
randomized nonces, which isn't really safe. Finally, there are no
in-tree users of 96bit nonces for this interface. If you're after a
cornucopia of compatibility primitives, the ipsec stuff might be more
to your fitting. Or, add a new simple function/api. But adding
complexity to users of the existing one and confusing future users of
it is a non-starter. It's supposed to be deliberately non-awful to
use.
Powered by blists - more mailing lists