nisse@lysator.liu.se (Niels Möller) writes:
Camellia uses fewer subkeys for 128 bit keys than for 192 or 256 bit keys. So this is a bit similar to AES, and I think an analogous reorg would make sense.
I tried this out now. New header file below.
Now merged in the master branch. Unlike the aes reorg there's *no* backwards compatible camellia_ctx. Is that ok?
My thinking on backwards compatibility is:
1. ABI compatibility (i.e., ability to link applications with the new version of the library, without recompilation) is broken anyway, so that's not an issue at the moment.
2. When it's trivial to implement a backwards compatible API (i.e., the ability to recompile applications with no changes to their source code), do it.
3. For features that are widely used, e.g., AES, implement backwards compatible interfaces also when that requires a bit more effort.
For (3), I think Camellia is borderline. It's been implemented in Nettle for a couple of releases, but I expect few applications use it. And I should also add that applications using nettle_camellia* from nettle-meta.h (and do so in the documented way) are unaffected by this change.
Regards, /Niels