1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
#ifndef crypto_aead_aes256gcm_H
#define crypto_aead_aes256gcm_H
/*
* WARNING: Despite being the most popular AEAD construction due to its
* use in TLS, safely using AES-GCM in a different context is tricky.
*
* No more than ~ 350 GB of input data should be encrypted with a given key.
* This is for ~ 16 KB messages -- Actual figures vary according to
* message sizes.
*
* In addition, nonces are short and repeated nonces would totally destroy
* the security of this scheme.
*
* Nonces should thus come from atomic counters, which can be difficult to
* set up in a distributed environment.
*
* Unless you absolutely need AES-GCM, use crypto_aead_xchacha20poly1305_ietf_*()
* instead. It doesn't have any of these limitations.
* Or, if you don't need to authenticate additional data, just stick to
* crypto_secretbox().
*/
#include <stddef.h>
#include "export.h"
#ifdef __cplusplus
# ifdef __GNUC__
# pragma GCC diagnostic ignored "-Wlong-long"
# endif
extern "C" {
#endif
SODIUM_EXPORT
int crypto_aead_aes256gcm_is_available(void);
#define crypto_aead_aes256gcm_KEYBYTES 32U
SODIUM_EXPORT
size_t crypto_aead_aes256gcm_keybytes(void);
#define crypto_aead_aes256gcm_NSECBYTES 0U
SODIUM_EXPORT
size_t crypto_aead_aes256gcm_nsecbytes(void);
#define crypto_aead_aes256gcm_NPUBBYTES 12U
SODIUM_EXPORT
size_t crypto_aead_aes256gcm_npubbytes(void);
#define crypto_aead_aes256gcm_ABYTES 16U
SODIUM_EXPORT
size_t crypto_aead_aes256gcm_abytes(void);
#define crypto_aead_aes256gcm_MESSAGEBYTES_MAX \
SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aes256gcm_ABYTES, \
(16ULL * ((1ULL << 32) - 2ULL)))
SODIUM_EXPORT
size_t crypto_aead_aes256gcm_messagebytes_max(void);
typedef CRYPTO_ALIGN(16) struct crypto_aead_aes256gcm_state_ {
unsigned char opaque[512];
} crypto_aead_aes256gcm_state;
SODIUM_EXPORT
size_t crypto_aead_aes256gcm_statebytes(void);
SODIUM_EXPORT
int crypto_aead_aes256gcm_encrypt(unsigned char *c,
unsigned long long *clen_p,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k)
__attribute__ ((nonnull(1, 8, 9)));
SODIUM_EXPORT
int crypto_aead_aes256gcm_decrypt(unsigned char *m,
unsigned long long *mlen_p,
unsigned char *nsec,
const unsigned char *c,
unsigned long long clen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k)
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
SODIUM_EXPORT
int crypto_aead_aes256gcm_encrypt_detached(unsigned char *c,
unsigned char *mac,
unsigned long long *maclen_p,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k)
__attribute__ ((nonnull(1, 2, 9, 10)));
SODIUM_EXPORT
int crypto_aead_aes256gcm_decrypt_detached(unsigned char *m,
unsigned char *nsec,
const unsigned char *c,
unsigned long long clen,
const unsigned char *mac,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k)
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
/* -- Precomputation interface -- */
SODIUM_EXPORT
int crypto_aead_aes256gcm_beforenm(crypto_aead_aes256gcm_state *ctx_,
const unsigned char *k)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c,
unsigned long long *clen_p,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const crypto_aead_aes256gcm_state *ctx_)
__attribute__ ((nonnull(1, 8, 9)));
SODIUM_EXPORT
int crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m,
unsigned long long *mlen_p,
unsigned char *nsec,
const unsigned char *c,
unsigned long long clen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *npub,
const crypto_aead_aes256gcm_state *ctx_)
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
SODIUM_EXPORT
int crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c,
unsigned char *mac,
unsigned long long *maclen_p,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const crypto_aead_aes256gcm_state *ctx_)
__attribute__ ((nonnull(1, 2, 9, 10)));
SODIUM_EXPORT
int crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m,
unsigned char *nsec,
const unsigned char *c,
unsigned long long clen,
const unsigned char *mac,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *npub,
const crypto_aead_aes256gcm_state *ctx_)
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
SODIUM_EXPORT
void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES])
__attribute__ ((nonnull));
#ifdef __cplusplus
}
#endif
#endif
|