Nack. This API is meant to take simple integers, so that programmers can use atomic64_t with it and have safe nonces. I'm also interested in preserving the API's ability to safely encrypt more than 4 gigs of data at once. Passing a buffer also encourages people to use randomized nonces, which isn't really safe. Finally, there are no in-tree users of 96bit nonces for this interface. If you're after a cornucopia of compatibility primitives, the ipsec stuff might be more to your fitting. Or, add a new simple function/api. But adding complexity to users of the existing one and confusing future users of it is a non-starter. It's supposed to be deliberately non-awful to use.
