Access to field `a' of StreamEncryptor for creating a Nonce
stefanberger opened this issue · comments
I would like to be able to call GenerateNonce
on a StreamEncryptor
:
func GenerateNonce(c cipher.AEAD) []byte
I believe what is missing is a method to access field a
of the StreamEncryptor
after having called NewStreamEncryptor()
:
type StreamEncryptor struct {
// cipher.AEAD instance underlying this STREAM
a cipher.AEAD
// Nonce encoder instance which computes per-message nonces
n *nonceEncoder32
}
It sounds like you want to access or modify the nonce after NewStreamEncryptor
has been called?
STREAM's one job is to compute per-message nonces for a sequence of AEAD messages, as it is a nonce-based Online Authenticated Encryption (nOAE) construction. It's not designed or intended to allow modification of the nonce after initialization.
One feature that would be interesting though is "seekable encryption", which STREAM supports (and its sister construction CHAIN explicitly does not by design). This would allow you to specify a particular message in the sequence when performing encryption/decryption.
Right... :-)
Should one call NewAEAD()
before calling NewStreamEncryptor()
just to be able to create a Nonce using GenerateNonce()
with the temporary cipher.AEAD
one would create with it? Or maybe NewStreamEncryptor()
could create a nonce if nil is passed in? Even if not, we can of course always start up the rng and read bytes from it.
The latter is the only way for now, however it'd probably make sense to have an analogous function, e.g. func GenerateStreamNonce(c cipher.AEAD) []byte
which can account for the portion of the AEAD's underlying nonce consumed by the STREAM construction itself.