180 lines
8.0 KiB
C
180 lines
8.0 KiB
C
#ifndef crypto_aead_aes256gcm_H
|
|
#define crypto_aead_aes256gcm_H
|
|
|
|
/*
|
|
* WARNING: Despite being the most popular AEAD construction due to its
|
|
* use in TLS, safely using AES-GCM in a different context is tricky.
|
|
*
|
|
* No more than ~ 350 GB of input data should be encrypted with a given key.
|
|
* This is for ~ 16 KB messages -- Actual figures vary according to
|
|
* message sizes.
|
|
*
|
|
* In addition, nonces are short and repeated nonces would totally destroy
|
|
* the security of this scheme.
|
|
*
|
|
* Nonces should thus come from atomic counters, which can be difficult to
|
|
* set up in a distributed environment.
|
|
*
|
|
* Unless you absolutely need AES-GCM, use crypto_aead_xchacha20poly1305_ietf_*()
|
|
* instead. It doesn't have any of these limitations.
|
|
* Or, if you don't need to authenticate additional data, just stick to
|
|
* crypto_secretbox().
|
|
*/
|
|
|
|
#include <stddef.h>
|
|
#include "export.h"
|
|
|
|
#ifdef __cplusplus
|
|
# ifdef __GNUC__
|
|
# pragma GCC diagnostic ignored "-Wlong-long"
|
|
# endif
|
|
extern "C" {
|
|
#endif
|
|
|
|
SODIUM_EXPORT
|
|
int crypto_aead_aes256gcm_is_available(void);
|
|
|
|
#define crypto_aead_aes256gcm_KEYBYTES 32U
|
|
SODIUM_EXPORT
|
|
size_t crypto_aead_aes256gcm_keybytes(void);
|
|
|
|
#define crypto_aead_aes256gcm_NSECBYTES 0U
|
|
SODIUM_EXPORT
|
|
size_t crypto_aead_aes256gcm_nsecbytes(void);
|
|
|
|
#define crypto_aead_aes256gcm_NPUBBYTES 12U
|
|
SODIUM_EXPORT
|
|
size_t crypto_aead_aes256gcm_npubbytes(void);
|
|
|
|
#define crypto_aead_aes256gcm_ABYTES 16U
|
|
SODIUM_EXPORT
|
|
size_t crypto_aead_aes256gcm_abytes(void);
|
|
|
|
#define crypto_aead_aes256gcm_MESSAGEBYTES_MAX \
|
|
SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aes256gcm_ABYTES, \
|
|
(16ULL * ((1ULL << 32) - 2ULL)))
|
|
SODIUM_EXPORT
|
|
size_t crypto_aead_aes256gcm_messagebytes_max(void);
|
|
|
|
typedef struct CRYPTO_ALIGN(16) crypto_aead_aes256gcm_state_ {
|
|
unsigned char opaque[512];
|
|
} crypto_aead_aes256gcm_state;
|
|
|
|
SODIUM_EXPORT
|
|
size_t crypto_aead_aes256gcm_statebytes(void);
|
|
|
|
SODIUM_EXPORT
|
|
int crypto_aead_aes256gcm_encrypt(unsigned char *c,
|
|
unsigned long long *clen_p,
|
|
const unsigned char *m,
|
|
unsigned long long mlen,
|
|
const unsigned char *ad,
|
|
unsigned long long adlen,
|
|
const unsigned char *nsec,
|
|
const unsigned char *npub,
|
|
const unsigned char *k)
|
|
__attribute__ ((nonnull(1, 8, 9)));
|
|
|
|
SODIUM_EXPORT
|
|
int crypto_aead_aes256gcm_decrypt(unsigned char *m,
|
|
unsigned long long *mlen_p,
|
|
unsigned char *nsec,
|
|
const unsigned char *c,
|
|
unsigned long long clen,
|
|
const unsigned char *ad,
|
|
unsigned long long adlen,
|
|
const unsigned char *npub,
|
|
const unsigned char *k)
|
|
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
|
|
|
|
SODIUM_EXPORT
|
|
int crypto_aead_aes256gcm_encrypt_detached(unsigned char *c,
|
|
unsigned char *mac,
|
|
unsigned long long *maclen_p,
|
|
const unsigned char *m,
|
|
unsigned long long mlen,
|
|
const unsigned char *ad,
|
|
unsigned long long adlen,
|
|
const unsigned char *nsec,
|
|
const unsigned char *npub,
|
|
const unsigned char *k)
|
|
__attribute__ ((nonnull(1, 2, 9, 10)));
|
|
|
|
SODIUM_EXPORT
|
|
int crypto_aead_aes256gcm_decrypt_detached(unsigned char *m,
|
|
unsigned char *nsec,
|
|
const unsigned char *c,
|
|
unsigned long long clen,
|
|
const unsigned char *mac,
|
|
const unsigned char *ad,
|
|
unsigned long long adlen,
|
|
const unsigned char *npub,
|
|
const unsigned char *k)
|
|
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
|
|
|
|
/* -- Precomputation interface -- */
|
|
|
|
SODIUM_EXPORT
|
|
int crypto_aead_aes256gcm_beforenm(crypto_aead_aes256gcm_state *ctx_,
|
|
const unsigned char *k)
|
|
__attribute__ ((nonnull));
|
|
|
|
SODIUM_EXPORT
|
|
int crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c,
|
|
unsigned long long *clen_p,
|
|
const unsigned char *m,
|
|
unsigned long long mlen,
|
|
const unsigned char *ad,
|
|
unsigned long long adlen,
|
|
const unsigned char *nsec,
|
|
const unsigned char *npub,
|
|
const crypto_aead_aes256gcm_state *ctx_)
|
|
__attribute__ ((nonnull(1, 8, 9)));
|
|
|
|
SODIUM_EXPORT
|
|
int crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m,
|
|
unsigned long long *mlen_p,
|
|
unsigned char *nsec,
|
|
const unsigned char *c,
|
|
unsigned long long clen,
|
|
const unsigned char *ad,
|
|
unsigned long long adlen,
|
|
const unsigned char *npub,
|
|
const crypto_aead_aes256gcm_state *ctx_)
|
|
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
|
|
|
|
SODIUM_EXPORT
|
|
int crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c,
|
|
unsigned char *mac,
|
|
unsigned long long *maclen_p,
|
|
const unsigned char *m,
|
|
unsigned long long mlen,
|
|
const unsigned char *ad,
|
|
unsigned long long adlen,
|
|
const unsigned char *nsec,
|
|
const unsigned char *npub,
|
|
const crypto_aead_aes256gcm_state *ctx_)
|
|
__attribute__ ((nonnull(1, 2, 9, 10)));
|
|
|
|
SODIUM_EXPORT
|
|
int crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m,
|
|
unsigned char *nsec,
|
|
const unsigned char *c,
|
|
unsigned long long clen,
|
|
const unsigned char *mac,
|
|
const unsigned char *ad,
|
|
unsigned long long adlen,
|
|
const unsigned char *npub,
|
|
const crypto_aead_aes256gcm_state *ctx_)
|
|
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
|
|
|
|
SODIUM_EXPORT
|
|
void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES])
|
|
__attribute__ ((nonnull));
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif
|