Simon Josefsson simon@josefsson.org writes:
/* FIXME: Should use const for the cipher context. Then needs const for nettle_crypt_func, which also rules out using that abstraction for arcfour. */
However GCM (like CCM) is only specified for block ciphers, and further, only for 128-bit block ciphers. Thus I wonder if avoiding use of const just to let the abstraction support a stream cipher is wise?
This nettle_Crypt_func is not gcm-specific. It is used primarily for the nettle_cipher class in nettle-meta.h:
struct nettle_cipher { const char *name;
unsigned context_size;
/* Zero for stream ciphers */ unsigned block_size;
/* Suggested key size; other sizes are sometimes possible. */ unsigned key_size;
nettle_set_key_func *set_encrypt_key; nettle_set_key_func *set_decrypt_key;
nettle_crypt_func *encrypt; nettle_crypt_func *decrypt; };
This currently is used to represent both block and stream ciphers,
[...] extern const struct nettle_cipher nettle_aes256;
extern const struct nettle_cipher nettle_arcfour128;
extern const struct nettle_cipher nettle_camellia128; [...]
Currently, arcfour is the only supported stream cipher (they seem to be out of fashion, are thare any other stream ciphers in use? A5 maybe?)
So the question is, should we decide that nettle_cipher is för block ciphers only (where the encrypt and decrypt functions don't change any state )? Fitting arcfour and block ciphers into the same abstraction doesn't make much sense anyway, since they should be used very differently. Then we can make the context argument const for nettle_crypt_func, but we'd also have to delete
extern const struct nettle_cipher nettle_arcfour128;
or replace it with something else, which is an incompatible interface change. As long as it's the only supported stream cipher, it doesn't make much sense to me create a new general stream cipher construction.
Regards, /Niels