Documentation for most AES-GCM members

[jonasfj]

No description provided.

[sigurdm]

Does this documentation come from somewhere, or you wrote it all from scratch?

[sigurdm]

It nags me that the example is both top-level code, and statement-level code...
Ideally it would somehow be actual runnable code by some convention.

[jonasfj]

Yes, maybe it's messy and we should add a main, or omit imports.

Feel free to file an issue on the repository.

[sigurdm]

Ok: #101

[sigurdm]

Theoretically there could be a streaming API for computational reasons (ie. you don't have to keep everything in memory at once), ending up with the result being thrown away at the end.

[jonasfj]

Technically correct, but BoringSSL doesn't offer a streaming interface, I suspect I read in a bug somewhere that it doesn't because the authors thought it would be a bad idea.

So that is the opinion we're carrying into package:webcrypto.

Also Web Cryptography specification doesn't offer streaming APIs at all, so I only added them because BoringSSL does. And on web we always buffer up the entire stream before we do the operation 🤣

[sigurdm]

I'd either remove the explanation or link to the discussion. I don't think we need to explain this.

I kind-of agree that a streaming interface would be hard to use correctly. But so is basically all crypto primitives. You really have to know what you are doing.

[jonasfj]

Does this documentation come from somewhere, or you wrote it all from scratch?

I deciphered most of it from NIST SP 800-38D, which is also why I leave a lot of references to it.

[jonasfj]

Filed #102 to follow up with more recommendations, once we find credible sources we can reference.