| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179 |
- #ifndef crypto_aead_aes256gcm_H
- #define crypto_aead_aes256gcm_H
- /*
- * WARNING: Despite being the most popular AEAD construction due to its
- * use in TLS, safely using AES-GCM in a different context is tricky.
- *
- * No more than ~ 350 GB of input data should be encrypted with a given key.
- * This is for ~ 16 KB messages -- Actual figures vary according to
- * message sizes.
- *
- * In addition, nonces are short and repeated nonces would totally destroy
- * the security of this scheme.
- *
- * Nonces should thus come from atomic counters, which can be difficult to
- * set up in a distributed environment.
- *
- * Unless you absolutely need AES-GCM, use crypto_aead_xchacha20poly1305_ietf_*()
- * instead. It doesn't have any of these limitations.
- * Or, if you don't need to authenticate additional data, just stick to
- * crypto_secretbox().
- */
- #include <stddef.h>
- #include "export.h"
- #ifdef __cplusplus
- # ifdef __GNUC__
- # pragma GCC diagnostic ignored "-Wlong-long"
- # endif
- extern "C" {
- #endif
- SODIUM_EXPORT
- int crypto_aead_aes256gcm_is_available(void);
- #define crypto_aead_aes256gcm_KEYBYTES 32U
- SODIUM_EXPORT
- size_t crypto_aead_aes256gcm_keybytes(void);
- #define crypto_aead_aes256gcm_NSECBYTES 0U
- SODIUM_EXPORT
- size_t crypto_aead_aes256gcm_nsecbytes(void);
- #define crypto_aead_aes256gcm_NPUBBYTES 12U
- SODIUM_EXPORT
- size_t crypto_aead_aes256gcm_npubbytes(void);
- #define crypto_aead_aes256gcm_ABYTES 16U
- SODIUM_EXPORT
- size_t crypto_aead_aes256gcm_abytes(void);
- #define crypto_aead_aes256gcm_MESSAGEBYTES_MAX \
- SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aes256gcm_ABYTES, \
- (16ULL * ((1ULL << 32) - 2ULL)))
- SODIUM_EXPORT
- size_t crypto_aead_aes256gcm_messagebytes_max(void);
- typedef struct CRYPTO_ALIGN(16) crypto_aead_aes256gcm_state_ {
- unsigned char opaque[512];
- } crypto_aead_aes256gcm_state;
- SODIUM_EXPORT
- size_t crypto_aead_aes256gcm_statebytes(void);
- SODIUM_EXPORT
- int crypto_aead_aes256gcm_encrypt(unsigned char *c,
- unsigned long long *clen_p,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *nsec,
- const unsigned char *npub,
- const unsigned char *k)
- __attribute__ ((nonnull(1, 8, 9)));
- SODIUM_EXPORT
- int crypto_aead_aes256gcm_decrypt(unsigned char *m,
- unsigned long long *mlen_p,
- unsigned char *nsec,
- const unsigned char *c,
- unsigned long long clen,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *npub,
- const unsigned char *k)
- __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
- SODIUM_EXPORT
- int crypto_aead_aes256gcm_encrypt_detached(unsigned char *c,
- unsigned char *mac,
- unsigned long long *maclen_p,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *nsec,
- const unsigned char *npub,
- const unsigned char *k)
- __attribute__ ((nonnull(1, 2, 9, 10)));
- SODIUM_EXPORT
- int crypto_aead_aes256gcm_decrypt_detached(unsigned char *m,
- unsigned char *nsec,
- const unsigned char *c,
- unsigned long long clen,
- const unsigned char *mac,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *npub,
- const unsigned char *k)
- __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
- /* -- Precomputation interface -- */
- SODIUM_EXPORT
- int crypto_aead_aes256gcm_beforenm(crypto_aead_aes256gcm_state *ctx_,
- const unsigned char *k)
- __attribute__ ((nonnull));
- SODIUM_EXPORT
- int crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c,
- unsigned long long *clen_p,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *nsec,
- const unsigned char *npub,
- const crypto_aead_aes256gcm_state *ctx_)
- __attribute__ ((nonnull(1, 8, 9)));
- SODIUM_EXPORT
- int crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m,
- unsigned long long *mlen_p,
- unsigned char *nsec,
- const unsigned char *c,
- unsigned long long clen,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *npub,
- const crypto_aead_aes256gcm_state *ctx_)
- __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
- SODIUM_EXPORT
- int crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c,
- unsigned char *mac,
- unsigned long long *maclen_p,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *nsec,
- const unsigned char *npub,
- const crypto_aead_aes256gcm_state *ctx_)
- __attribute__ ((nonnull(1, 2, 9, 10)));
- SODIUM_EXPORT
- int crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m,
- unsigned char *nsec,
- const unsigned char *c,
- unsigned long long clen,
- const unsigned char *mac,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *npub,
- const crypto_aead_aes256gcm_state *ctx_)
- __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
- SODIUM_EXPORT
- void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES])
- __attribute__ ((nonnull));
- #ifdef __cplusplus
- }
- #endif
- #endif
|
