On Tue, Apr 2, 2013 at 10:16 PM, Nikos Mavrogiannopoulos < n.mavrogiannopoulos@gmail.com> wrote:
If you do that please don't make it the default. There are several cases in DTLS where the nonce isn't simply incrementing (e.g. when receiving packets out-of-order).
I was thinking of _init setting it to zero, and have _digest do post increment. So then you could chose between
Looks ok but I don't like that cycles are wasted in the case one doesn't use it. They are not much but I wouldn't expect that from a low-level library.
I may be wrong here. I'd expect the library to do similarly to what it does in CBC mode encryption. If it updates the IV there, then it would be natural to expect that it will update the nonce in that interface as well.
regards, Nikos