On Fri, Feb 7, 2014 at 1:01 PM, Niels Möller nisse@lysator.liu.se wrote:
Next, AEAD (authenticated encryption with associated data).
Some questions on a general abstraction for this, and my tentative answers: Q: Should it expose the block size? A: Yes. The caller must pass data in chunks which are an integral number of blocks. Motivation: (i) Byte-by-byte processing seems to be an obscure usecase, in particular for AEAD where you're not supposed to use the decrypted data for anything until the authentication is properly checked. (ii) This is how related nettle functions already work.
I'd say no because the whole purpose of AEAD (or at least my understanding of rfc5116) is to simplify the process of encryption. If the details need to be known another interface than AEAD can be used.
I agree with the rest of the points.
regards, Nikos