1 #ifndef crypto_aead_aes256gcm_H 2 #define crypto_aead_aes256gcm_H 3 4 /* 5 * WARNING: Despite being the most popular AEAD construction due to its 6 * use in TLS, safely using AES-GCM in a different context is tricky. 7 * 8 * No more than ~ 350 GB of input data should be encrypted with a given key. 9 * This is for ~ 16 KB messages -- Actual figures vary according to 10 * message sizes. 11 * 12 * In addition, nonces are short and repeated nonces would totally destroy 13 * the security of this scheme. 14 * 15 * Nonces should thus come from atomic counters, which can be difficult to 16 * set up in a distributed environment. 17 * 18 * Unless you absolutely need AES-GCM, use crypto_aead_xchacha20poly1305_ietf_*() 19 * instead. It doesn't have any of these limitations. 20 * Or, if you don't need to authenticate additional data, just stick to 21 * crypto_secretbox(). 22 */ 23 24 #include <stddef.h> 25 #include "export.h" 26 27 #ifdef __cplusplus 28 # ifdef __GNUC__ 29 # pragma GCC diagnostic ignored "-Wlong-long" 30 # endif 31 extern "C" { 32 #endif 33 34 SODIUM_EXPORT 35 int crypto_aead_aes256gcm_is_available(void); 36 37 #define crypto_aead_aes256gcm_KEYBYTES 32U 38 SODIUM_EXPORT 39 size_t crypto_aead_aes256gcm_keybytes(void); 40 41 #define crypto_aead_aes256gcm_NSECBYTES 0U 42 SODIUM_EXPORT 43 size_t crypto_aead_aes256gcm_nsecbytes(void); 44 45 #define crypto_aead_aes256gcm_NPUBBYTES 12U 46 SODIUM_EXPORT 47 size_t crypto_aead_aes256gcm_npubbytes(void); 48 49 #define crypto_aead_aes256gcm_ABYTES 16U 50 SODIUM_EXPORT 51 size_t crypto_aead_aes256gcm_abytes(void); 52 53 #define crypto_aead_aes256gcm_MESSAGEBYTES_MAX \ 54 SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aes256gcm_ABYTES, \ 55 (16ULL * ((1ULL << 32) - 2ULL)) - crypto_aead_aes256gcm_ABYTES) 56 SODIUM_EXPORT 57 size_t crypto_aead_aes256gcm_messagebytes_max(void); 58 59 typedef CRYPTO_ALIGN(16) unsigned char crypto_aead_aes256gcm_state[512]; 60 61 SODIUM_EXPORT 62 size_t crypto_aead_aes256gcm_statebytes(void); 63 64 SODIUM_EXPORT 65 int crypto_aead_aes256gcm_encrypt(unsigned char *c, 66 unsigned long long *clen_p, 67 const unsigned char *m, 68 unsigned long long mlen, 69 const unsigned char *ad, 70 unsigned long long adlen, 71 const unsigned char *nsec, 72 const unsigned char *npub, 73 const unsigned char *k); 74 75 SODIUM_EXPORT 76 int crypto_aead_aes256gcm_decrypt(unsigned char *m, 77 unsigned long long *mlen_p, 78 unsigned char *nsec, 79 const unsigned char *c, 80 unsigned long long clen, 81 const unsigned char *ad, 82 unsigned long long adlen, 83 const unsigned char *npub, 84 const unsigned char *k) 85 __attribute__ ((warn_unused_result)); 86 87 SODIUM_EXPORT 88 int crypto_aead_aes256gcm_encrypt_detached(unsigned char *c, 89 unsigned char *mac, 90 unsigned long long *maclen_p, 91 const unsigned char *m, 92 unsigned long long mlen, 93 const unsigned char *ad, 94 unsigned long long adlen, 95 const unsigned char *nsec, 96 const unsigned char *npub, 97 const unsigned char *k); 98 99 SODIUM_EXPORT 100 int crypto_aead_aes256gcm_decrypt_detached(unsigned char *m, 101 unsigned char *nsec, 102 const unsigned char *c, 103 unsigned long long clen, 104 const unsigned char *mac, 105 const unsigned char *ad, 106 unsigned long long adlen, 107 const unsigned char *npub, 108 const unsigned char *k) 109 __attribute__ ((warn_unused_result)); 110 111 /* -- Precomputation interface -- */ 112 113 SODIUM_EXPORT 114 int crypto_aead_aes256gcm_beforenm(crypto_aead_aes256gcm_state *ctx_, 115 const unsigned char *k); 116 117 SODIUM_EXPORT 118 int crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c, 119 unsigned long long *clen_p, 120 const unsigned char *m, 121 unsigned long long mlen, 122 const unsigned char *ad, 123 unsigned long long adlen, 124 const unsigned char *nsec, 125 const unsigned char *npub, 126 const crypto_aead_aes256gcm_state *ctx_); 127 128 SODIUM_EXPORT 129 int crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m, 130 unsigned long long *mlen_p, 131 unsigned char *nsec, 132 const unsigned char *c, 133 unsigned long long clen, 134 const unsigned char *ad, 135 unsigned long long adlen, 136 const unsigned char *npub, 137 const crypto_aead_aes256gcm_state *ctx_) 138 __attribute__ ((warn_unused_result)); 139 140 SODIUM_EXPORT 141 int crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c, 142 unsigned char *mac, 143 unsigned long long *maclen_p, 144 const unsigned char *m, 145 unsigned long long mlen, 146 const unsigned char *ad, 147 unsigned long long adlen, 148 const unsigned char *nsec, 149 const unsigned char *npub, 150 const crypto_aead_aes256gcm_state *ctx_); 151 152 SODIUM_EXPORT 153 int crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m, 154 unsigned char *nsec, 155 const unsigned char *c, 156 unsigned long long clen, 157 const unsigned char *mac, 158 const unsigned char *ad, 159 unsigned long long adlen, 160 const unsigned char *npub, 161 const crypto_aead_aes256gcm_state *ctx_) 162 __attribute__ ((warn_unused_result)); 163 164 SODIUM_EXPORT 165 void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES]); 166 167 #ifdef __cplusplus 168 } 169 #endif 170 171 #endif 172