I'm puzzled why crypto/cipher type AEAD has the comment
dst and additionalData may not overlap.
Just as it is idiomatic to provide a dst that already contains a nonce
prefix,
I find it useful to include an additionalData prefix. This seems to work
and does not trigger a warning even after the fixes from issue #21624.
For concreteness, consider
dst := make([]byte, 0, len(ad)+len(nonce)+len(plaintext)+aead.Overhead())
dst = append(dst, ad)
dst = append(dst, nonce)
dst = aead.Seal(dst, nonce, plaintext, ad)
in preparation for writing dst to a network connection.
In the language of crypto internal function sliceForAppend, I understand
that ad may not overlap tail, but why not allow it to be part of head?
Is there some subtle timing side-channel that I'm overlooking?
Is the comment just poorly worded and should be improved?
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/golang-nuts/b4b2f78f-da8f-4126-8688-db62aa272ae2n%40googlegroups.com.
