tarcieri
commented
1 year ago It could potentially use a similar technique to the aes-gcm crate, which is generic around nonce sizes:
Open davidv1992 opened 1 year ago
tarcieri
commented
1 year ago It could potentially use a similar technique to the aes-gcm crate, which is generic around nonce sizes:
tarcieri
commented
1 year ago Re: RFC5116, it was the original design impetus for the aead crate
davidv1992
commented
1 year ago Hmm, that design is distinctly non-optimal for my usecase, as nonce length is really only known at runtime and is technically allowed to vary between 1 and infinity, and as such this would require a lot of instantiations of the types.
tarcieri
commented
1 year ago If you really need a nonce whose length varies at runtime, I’d suggest building on top of the core Siv type:
https://docs.rs/aes-siv/latest/aes_siv/siv/struct.Siv.html
See the SivAead type for how the AEAD construction is built on top of it.
You can open an issue on the upstream traits repo to discuss traits for runtime-variable nonce lengths, though it’s obscure enough of a usecase and effectively an antipattern to the point that I’m not sure the additional complexity is worth it.
tarcieri
commented
1 year ago Whoops, should probably leave this open to track potential support for type-level nonce size control
RFC 5297 specifies AES-CIV-CMAC as being able to accept any nonce size >= 1. However, the implementation here only supports 16 byte nonces. Would it be possible to support the other nonce sizes? I guess this would require a more general change to move closer to the aead interface specified in rfc 5116?
I am specifically asking for this as it would be required for me to support those different nonce sizes if I want to build a RFC-8915 compliant NTS server.