On Mon, 2014-11-24 at 22:54 +0100, Niels Möller wrote:
And then one could write trivial wrappers like gcm_aes128_encrypt_message just passing in the right aead object.
It looks reasonable.
That should be almost compatible with the ccm_*_message functions, except that ccm allows arbitrary nonce-size, and the nettle_aead interface uses a fixed nonce size. Which is an undesirable mismatch, not sure how to best deal with that.
GCM-AES also uses an arbitrary IV size so I think that expressing the nonce with the length in the generic interface makes sense. For modes that may not allow an arbitrary nonce the interface could still return an error code.
regards, Nikos