crypto_aead_aes256gcm.h (7980B)
1 #ifndef crypto_aead_aes256gcm_H 2 #define crypto_aead_aes256gcm_H 3 4 /* 5 * WARNING: Despite being the most popular AEAD construction due to its 6 * use in TLS, safely using AES-GCM in a different context is tricky. 7 * 8 * No more than ~ 350 GB of input data should be encrypted with a given key. 9 * This is for ~ 16 KB messages -- Actual figures vary according to 10 * message sizes. 11 * 12 * In addition, nonces are short and repeated nonces would totally destroy 13 * the security of this scheme. 14 * 15 * Nonces should thus come from atomic counters, which can be difficult to 16 * set up in a distributed environment. 17 * 18 * Unless you absolutely need AES-GCM, use crypto_aead_xchacha20poly1305_ietf_*() 19 * instead. It doesn't have any of these limitations. 20 * Or, if you don't need to authenticate additional data, just stick to 21 * crypto_secretbox(). 22 */ 23 24 #include <stddef.h> 25 #include "export.h" 26 27 #ifdef __cplusplus 28 # ifdef __GNUC__ 29 # pragma GCC diagnostic ignored "-Wlong-long" 30 # endif 31 extern "C" { 32 #endif 33 34 SODIUM_EXPORT 35 int crypto_aead_aes256gcm_is_available(void); 36 37 #define crypto_aead_aes256gcm_KEYBYTES 32U 38 SODIUM_EXPORT 39 size_t crypto_aead_aes256gcm_keybytes(void); 40 41 #define crypto_aead_aes256gcm_NSECBYTES 0U 42 SODIUM_EXPORT 43 size_t crypto_aead_aes256gcm_nsecbytes(void); 44 45 #define crypto_aead_aes256gcm_NPUBBYTES 12U 46 SODIUM_EXPORT 47 size_t crypto_aead_aes256gcm_npubbytes(void); 48 49 #define crypto_aead_aes256gcm_ABYTES 16U 50 SODIUM_EXPORT 51 size_t crypto_aead_aes256gcm_abytes(void); 52 53 #define crypto_aead_aes256gcm_MESSAGEBYTES_MAX \ 54 SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aes256gcm_ABYTES, \ 55 (16ULL * ((1ULL << 32) - 2ULL))) 56 SODIUM_EXPORT 57 size_t crypto_aead_aes256gcm_messagebytes_max(void); 58 59 typedef struct CRYPTO_ALIGN(16) crypto_aead_aes256gcm_state_ { 60 unsigned char opaque[512]; 61 } crypto_aead_aes256gcm_state; 62 63 SODIUM_EXPORT 64 size_t crypto_aead_aes256gcm_statebytes(void); 65 66 SODIUM_EXPORT 67 int crypto_aead_aes256gcm_encrypt(unsigned char *c, 68 unsigned long long *clen_p, 69 const unsigned char *m, 70 unsigned long long mlen, 71 const unsigned char *ad, 72 unsigned long long adlen, 73 const unsigned char *nsec, 74 const unsigned char *npub, 75 const unsigned char *k) 76 __attribute__ ((nonnull(1, 8, 9))); 77 78 SODIUM_EXPORT 79 int crypto_aead_aes256gcm_decrypt(unsigned char *m, 80 unsigned long long *mlen_p, 81 unsigned char *nsec, 82 const unsigned char *c, 83 unsigned long long clen, 84 const unsigned char *ad, 85 unsigned long long adlen, 86 const unsigned char *npub, 87 const unsigned char *k) 88 __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9))); 89 90 SODIUM_EXPORT 91 int crypto_aead_aes256gcm_encrypt_detached(unsigned char *c, 92 unsigned char *mac, 93 unsigned long long *maclen_p, 94 const unsigned char *m, 95 unsigned long long mlen, 96 const unsigned char *ad, 97 unsigned long long adlen, 98 const unsigned char *nsec, 99 const unsigned char *npub, 100 const unsigned char *k) 101 __attribute__ ((nonnull(1, 2, 9, 10))); 102 103 SODIUM_EXPORT 104 int crypto_aead_aes256gcm_decrypt_detached(unsigned char *m, 105 unsigned char *nsec, 106 const unsigned char *c, 107 unsigned long long clen, 108 const unsigned char *mac, 109 const unsigned char *ad, 110 unsigned long long adlen, 111 const unsigned char *npub, 112 const unsigned char *k) 113 __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9))); 114 115 /* -- Precomputation interface -- */ 116 117 SODIUM_EXPORT 118 int crypto_aead_aes256gcm_beforenm(crypto_aead_aes256gcm_state *ctx_, 119 const unsigned char *k) 120 __attribute__ ((nonnull)); 121 122 SODIUM_EXPORT 123 int crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c, 124 unsigned long long *clen_p, 125 const unsigned char *m, 126 unsigned long long mlen, 127 const unsigned char *ad, 128 unsigned long long adlen, 129 const unsigned char *nsec, 130 const unsigned char *npub, 131 const crypto_aead_aes256gcm_state *ctx_) 132 __attribute__ ((nonnull(1, 8, 9))); 133 134 SODIUM_EXPORT 135 int crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m, 136 unsigned long long *mlen_p, 137 unsigned char *nsec, 138 const unsigned char *c, 139 unsigned long long clen, 140 const unsigned char *ad, 141 unsigned long long adlen, 142 const unsigned char *npub, 143 const crypto_aead_aes256gcm_state *ctx_) 144 __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9))); 145 146 SODIUM_EXPORT 147 int crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c, 148 unsigned char *mac, 149 unsigned long long *maclen_p, 150 const unsigned char *m, 151 unsigned long long mlen, 152 const unsigned char *ad, 153 unsigned long long adlen, 154 const unsigned char *nsec, 155 const unsigned char *npub, 156 const crypto_aead_aes256gcm_state *ctx_) 157 __attribute__ ((nonnull(1, 2, 9, 10))); 158 159 SODIUM_EXPORT 160 int crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m, 161 unsigned char *nsec, 162 const unsigned char *c, 163 unsigned long long clen, 164 const unsigned char *mac, 165 const unsigned char *ad, 166 unsigned long long adlen, 167 const unsigned char *npub, 168 const crypto_aead_aes256gcm_state *ctx_) 169 __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9))); 170 171 SODIUM_EXPORT 172 void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES]) 173 __attribute__ ((nonnull)); 174 175 #ifdef __cplusplus 176 } 177 #endif 178 179 #endif