summaryrefslogtreecommitdiff
path: root/libs/libsodium/src/include/sodium/crypto_aead_aes256gcm.h
diff options
context:
space:
mode:
Diffstat (limited to 'libs/libsodium/src/include/sodium/crypto_aead_aes256gcm.h')
-rw-r--r--libs/libsodium/src/include/sodium/crypto_aead_aes256gcm.h171
1 files changed, 171 insertions, 0 deletions
diff --git a/libs/libsodium/src/include/sodium/crypto_aead_aes256gcm.h b/libs/libsodium/src/include/sodium/crypto_aead_aes256gcm.h
new file mode 100644
index 0000000000..46a3800f37
--- /dev/null
+++ b/libs/libsodium/src/include/sodium/crypto_aead_aes256gcm.h
@@ -0,0 +1,171 @@
+#ifndef crypto_aead_aes256gcm_H
+#define crypto_aead_aes256gcm_H
+
+/*
+ * WARNING: Despite being the most popular AEAD construction due to its
+ * use in TLS, safely using AES-GCM in a different context is tricky.
+ *
+ * No more than ~ 350 GB of input data should be encrypted with a given key.
+ * This is for ~ 16 KB messages -- Actual figures vary according to
+ * message sizes.
+ *
+ * In addition, nonces are short and repeated nonces would totally destroy
+ * the security of this scheme.
+ *
+ * Nonces should thus come from atomic counters, which can be difficult to
+ * set up in a distributed environment.
+ *
+ * Unless you absolutely need AES-GCM, use crypto_aead_xchacha20poly1305_ietf_*()
+ * instead. It doesn't have any of these limitations.
+ * Or, if you don't need to authenticate additional data, just stick to
+ * crypto_secretbox().
+ */
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_is_available(void);
+
+#define crypto_aead_aes256gcm_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_keybytes(void);
+
+#define crypto_aead_aes256gcm_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_nsecbytes(void);
+
+#define crypto_aead_aes256gcm_NPUBBYTES 12U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_npubbytes(void);
+
+#define crypto_aead_aes256gcm_ABYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_abytes(void);
+
+#define crypto_aead_aes256gcm_MESSAGEBYTES_MAX \
+ SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aes256gcm_ABYTES, \
+ (16ULL * ((1ULL << 32) - 2ULL)) - crypto_aead_aes256gcm_ABYTES)
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_messagebytes_max(void);
+
+typedef CRYPTO_ALIGN(16) unsigned char crypto_aead_aes256gcm_state[512];
+
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt(unsigned char *c,
+ unsigned long long *clen_p,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *nsec,
+ const unsigned char *npub,
+ const unsigned char *k);
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt(unsigned char *m,
+ unsigned long long *mlen_p,
+ unsigned char *nsec,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt_detached(unsigned char *c,
+ unsigned char *mac,
+ unsigned long long *maclen_p,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *nsec,
+ const unsigned char *npub,
+ const unsigned char *k);
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt_detached(unsigned char *m,
+ unsigned char *nsec,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *mac,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result));
+
+/* -- Precomputation interface -- */
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_beforenm(crypto_aead_aes256gcm_state *ctx_,
+ const unsigned char *k);
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c,
+ unsigned long long *clen_p,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *nsec,
+ const unsigned char *npub,
+ const crypto_aead_aes256gcm_state *ctx_);
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m,
+ unsigned long long *mlen_p,
+ unsigned char *nsec,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *npub,
+ const crypto_aead_aes256gcm_state *ctx_)
+ __attribute__ ((warn_unused_result));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c,
+ unsigned char *mac,
+ unsigned long long *maclen_p,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *nsec,
+ const unsigned char *npub,
+ const crypto_aead_aes256gcm_state *ctx_);
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m,
+ unsigned char *nsec,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *mac,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *npub,
+ const crypto_aead_aes256gcm_state *ctx_)
+ __attribute__ ((warn_unused_result));
+
+SODIUM_EXPORT
+void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES]);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-28 18:07:25 +0000