#ifndef crypto_aead_aes256gcm_H #define crypto_aead_aes256gcm_H /* * WARNING: Despite being the most popular AEAD construction due to its * use in TLS, safely using AES-GCM in a different context is tricky. * * No more than ~ 350 GB of input data should be encrypted with a given key. * This is for ~ 16 KB messages -- Actual figures vary according to * message sizes. * * In addition, nonces are short and repeated nonces would totally destroy * the security of this scheme. * * Nonces should thus come from atomic counters, which can be difficult to * set up in a distributed environment. * * Unless you absolutely need AES-GCM, use crypto_aead_xchacha20poly1305_ietf_*() * instead. It doesn't have any of these limitations. * Or, if you don't need to authenticate additional data, just stick to * crypto_secretbox(). */ #include #include "export.h" #ifdef __cplusplus # ifdef __GNUC__ # pragma GCC diagnostic ignored "-Wlong-long" # endif extern "C" { #endif SODIUM_EXPORT int crypto_aead_aes256gcm_is_available(void); #define crypto_aead_aes256gcm_KEYBYTES 32U SODIUM_EXPORT size_t crypto_aead_aes256gcm_keybytes(void); #define crypto_aead_aes256gcm_NSECBYTES 0U SODIUM_EXPORT size_t crypto_aead_aes256gcm_nsecbytes(void); #define crypto_aead_aes256gcm_NPUBBYTES 12U SODIUM_EXPORT size_t crypto_aead_aes256gcm_npubbytes(void); #define crypto_aead_aes256gcm_ABYTES 16U SODIUM_EXPORT size_t crypto_aead_aes256gcm_abytes(void); #define crypto_aead_aes256gcm_MESSAGEBYTES_MAX \ SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aes256gcm_ABYTES, \ (16ULL * ((1ULL << 32) - 2ULL))) SODIUM_EXPORT size_t crypto_aead_aes256gcm_messagebytes_max(void); typedef struct CRYPTO_ALIGN(16) crypto_aead_aes256gcm_state_ { unsigned char opaque[512]; } crypto_aead_aes256gcm_state; SODIUM_EXPORT size_t crypto_aead_aes256gcm_statebytes(void); SODIUM_EXPORT int crypto_aead_aes256gcm_encrypt(unsigned char *c, unsigned long long *clen_p, const unsigned char *m, unsigned long long mlen, const unsigned char *ad, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, const unsigned char *k) __attribute__ ((nonnull(1, 8, 9))); SODIUM_EXPORT int crypto_aead_aes256gcm_decrypt(unsigned char *m, unsigned long long *mlen_p, unsigned char *nsec, const unsigned char *c, unsigned long long clen, const unsigned char *ad, unsigned long long adlen, const unsigned char *npub, const unsigned char *k) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9))); SODIUM_EXPORT int crypto_aead_aes256gcm_encrypt_detached(unsigned char *c, unsigned char *mac, unsigned long long *maclen_p, const unsigned char *m, unsigned long long mlen, const unsigned char *ad, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, const unsigned char *k) __attribute__ ((nonnull(1, 2, 9, 10))); SODIUM_EXPORT int crypto_aead_aes256gcm_decrypt_detached(unsigned char *m, unsigned char *nsec, const unsigned char *c, unsigned long long clen, const unsigned char *mac, const unsigned char *ad, unsigned long long adlen, const unsigned char *npub, const unsigned char *k) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9))); /* -- Precomputation interface -- */ SODIUM_EXPORT int crypto_aead_aes256gcm_beforenm(crypto_aead_aes256gcm_state *ctx_, const unsigned char *k) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c, unsigned long long *clen_p, const unsigned char *m, unsigned long long mlen, const unsigned char *ad, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, const crypto_aead_aes256gcm_state *ctx_) __attribute__ ((nonnull(1, 8, 9))); SODIUM_EXPORT int crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m, unsigned long long *mlen_p, unsigned char *nsec, const unsigned char *c, unsigned long long clen, const unsigned char *ad, unsigned long long adlen, const unsigned char *npub, const crypto_aead_aes256gcm_state *ctx_) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9))); SODIUM_EXPORT int crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c, unsigned char *mac, unsigned long long *maclen_p, const unsigned char *m, unsigned long long mlen, const unsigned char *ad, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, const crypto_aead_aes256gcm_state *ctx_) __attribute__ ((nonnull(1, 2, 9, 10))); SODIUM_EXPORT int crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m, unsigned char *nsec, const unsigned char *c, unsigned long long clen, const unsigned char *mac, const unsigned char *ad, unsigned long long adlen, const unsigned char *npub, const crypto_aead_aes256gcm_state *ctx_) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9))); SODIUM_EXPORT void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES]) __attribute__ ((nonnull)); #ifdef __cplusplus } #endif #endif