#ifndef crypto_aead_aes256gcm_H
#define crypto_aead_aes256gcm_H
/*
* WARNING: Despite being the most popular AEAD construction due to its
* use in TLS, safely using AES-GCM in a different context is tricky.
*
* No more than ~ 350 GB of input data should be encrypted with a given key.
* This is for ~ 16 KB messages -- Actual figures vary according to
* message sizes.
*
* In addition, nonces are short and repeated nonces would totally destroy
* the security of this scheme.
*
* Nonces should thus come from atomic counters, which can be difficult to
* set up in a distributed environment.
*
* Unless you absolutely need AES-GCM, use crypto_aead_xchacha20poly1305_ietf_*()
* instead. It doesn't have any of these limitations.
* Or, if you don't need to authenticate additional data, just stick to
* crypto_secretbox().
*/
#include <stddef.h>
#include "export.h"
#ifdef __cplusplus
# ifdef __GNUC__
# pragma GCC diagnostic ignored "-Wlong-long"
# endif
extern "C" {
#endif
SODIUM_EXPORT
int crypto_aead_aes256gcm_is_available(void);
#define crypto_aead_aes256gcm_KEYBYTES 32U
SODIUM_EXPORT
size_t crypto_aead_aes256gcm_keybytes(void);
#define crypto_aead_aes256gcm_NSECBYTES 0U
SODIUM_EXPORT
size_t crypto_aead_aes256gcm_nsecbytes(void);
#define crypto_aead_aes256gcm_NPUBBYTES 12U
SODIUM_EXPORT
size_t crypto_aead_aes256gcm_npubbytes(void);
#define crypto_aead_aes256gcm_ABYTES 16U
SODIUM_EXPORT
size_t crypto_aead_aes256gcm_abytes(void);
#define crypto_aead_aes256gcm_MESSAGEBYTES_MAX \
SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aes256gcm_ABYTES, \
(16ULL * ((1ULL << 32) - 2ULL)) - crypto_aead_aes256gcm_ABYTES)
SODIUM_EXPORT
size_t crypto_aead_aes256gcm_messagebytes_max(void);
typedef CRYPTO_ALIGN(16) unsigned char crypto_aead_aes256gcm_state[512];
SODIUM_EXPORT
size_t crypto_aead_aes256gcm_statebytes(void);
SODIUM_EXPORT
int crypto_aead_aes256gcm_encrypt(unsigned char *c,
unsigned long long *clen_p,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k);
SODIUM_EXPORT
int crypto_aead_aes256gcm_decrypt(unsigned char *m,
unsigned long long *mlen_p,
unsigned char *nsec,
const unsigned char *c,
unsigned long long clen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k)
__attribute__ ((warn_unused_result));
SODIUM_EXPORT
int crypto_aead_aes256gcm_encrypt_detached(unsigned char *c,
unsigned char *mac,
unsigned long long *maclen_p,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k);
SODIUM_EXPORT
int crypto_aead_aes256gcm_decrypt_detached(unsigned char *m,
unsigned char *nsec,
const unsigned char *c,
unsigned long long clen,
const unsigned char *mac,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k)
__attribute__ ((warn_unused_result));
/* -- Precomputation interface -- */
SODIUM_EXPORT
int crypto_aead_aes256gcm_beforenm(crypto_aead_aes256gcm_state *ctx_,
const unsigned char *k);
SODIUM_EXPORT
int crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c,
unsigned long long *clen_p,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const crypto_aead_aes256gcm_state *ctx_);
SODIUM_EXPORT
int crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m,
unsigned long long *mlen_p,
unsigned char *nsec,
const unsigned char *c,
unsigned long long clen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *npub,
const crypto_aead_aes256gcm_state *ctx_)
__attribute__ ((warn_unused_result));
SODIUM_EXPORT
int crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c,
unsigned char *mac,
unsigned long long *maclen_p,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const crypto_aead_aes256gcm_state *ctx_);
SODIUM_EXPORT
int crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m,
unsigned char *nsec,
const unsigned char *c,
unsigned long long clen,
const unsigned char *mac,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *npub,
const crypto_aead_aes256gcm_state *ctx_)
__attribute__ ((warn_unused_result));
SODIUM_EXPORT
void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES]);
#ifdef __cplusplus
}
#endif
#endif