1 /* 2 Written in the D programming language. 3 For git maintenance (ensure at least one congruent line with originating C header): 4 #define crypto_aead_aes256gcm_H 5 */ 6 /* 7 * WARNING: Despite being the most popular AEAD construction due to its 8 * use in TLS, safely using AES-GCM in a different context is tricky. 9 * 10 * No more than ~ 350 GB of input data should be encrypted with a given key. 11 * This is for ~ 16 KB messages -- Actual figures vary according to 12 * message sizes. 13 * 14 * In addition, nonces are short and repeated nonces would totally destroy 15 * the security of this scheme. 16 * 17 * Nonces should thus come from atomic counters, which can be difficult to 18 * set up in a distributed environment. 19 * 20 * Unless you absolutely need AES-GCM, use crypto_aead_xchacha20poly1305_ietf_*() 21 * instead. It doesn't have any of these limitations. 22 * Or, if you don't need to authenticate additional data, just stick to 23 * crypto_secretbox(). 24 */ 25 26 module deimos.sodium.crypto_aead_aes256gcm; 27 28 import deimos.sodium.export_; 29 30 extern(C) @nogc : 31 32 33 int crypto_aead_aes256gcm_is_available() pure @trusted; 34 35 enum crypto_aead_aes256gcm_KEYBYTES = 32U; 36 37 size_t crypto_aead_aes256gcm_keybytes() pure @trusted; 38 39 enum crypto_aead_aes256gcm_NSECBYTES = 0U; 40 41 size_t crypto_aead_aes256gcm_nsecbytes() pure @trusted; 42 43 enum crypto_aead_aes256gcm_NPUBBYTES = 12U; 44 45 size_t crypto_aead_aes256gcm_npubbytes() pure @trusted; 46 47 enum crypto_aead_aes256gcm_ABYTES = 16U; 48 49 size_t crypto_aead_aes256gcm_abytes() pure @trusted; 50 51 version(bin_v1_0_16) 52 enum crypto_aead_aes256gcm_MESSAGEBYTES_MAX = 53 SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aes256gcm_ABYTES, 54 (16UL * ((1UL << 32) - 2UL)) - crypto_aead_aes256gcm_ABYTES); 55 else 56 enum crypto_aead_aes256gcm_MESSAGEBYTES_MAX = 57 SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aes256gcm_ABYTES, 58 (16UL * ((1UL << 32) - 2UL))); 59 60 size_t crypto_aead_aes256gcm_messagebytes_max() pure @trusted; 61 62 version(bin_v1_0_16) 63 alias crypto_aead_aes256gcm_state = align(16) ubyte[512]; // typedef CRYPTO_ALIGN(16) unsigned char crypto_aead_aes256gcm_state[512]; 64 else 65 align(16) struct crypto_aead_aes256gcm_state { // typedef CRYPTO_ALIGN(16) struct crypto_aead_aes256gcm_state_ {...} 66 ubyte[512] opaque; 67 } 68 69 size_t crypto_aead_aes256gcm_statebytes() pure @trusted; 70 71 int crypto_aead_aes256gcm_encrypt(ubyte* c, 72 ulong* clen_p, 73 const(ubyte)* m, 74 ulong mlen, 75 const(ubyte)* ad, 76 ulong adlen, 77 const(ubyte)* nsec, 78 const(ubyte)* npub, 79 const(ubyte)* k) pure; // __attribute__ ((nonnull(1, 8, 9))); 80 81 int crypto_aead_aes256gcm_decrypt(ubyte* m, 82 ulong* mlen_p, 83 ubyte* nsec, 84 const(ubyte)* c, 85 ulong clen, 86 const(ubyte)* ad, 87 ulong adlen, 88 const(ubyte)* npub, 89 const(ubyte)* k) pure nothrow; // __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9))); 90 91 int crypto_aead_aes256gcm_encrypt_detached(ubyte* c, 92 ubyte* mac, 93 ulong* maclen_p, 94 const(ubyte)* m, 95 ulong mlen, 96 const(ubyte)* ad, 97 ulong adlen, 98 const(ubyte)* nsec, 99 const(ubyte)* npub, 100 const(ubyte)* k) pure; // __attribute__ ((nonnull(1, 2, 9, 10))); 101 102 int crypto_aead_aes256gcm_decrypt_detached(ubyte *m, 103 ubyte *nsec, 104 const(ubyte)* c, 105 ulong clen, 106 const(ubyte)* mac, 107 const(ubyte)* ad, 108 ulong adlen, 109 const(ubyte)* npub, 110 const(ubyte)* k) pure nothrow; // __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9))); 111 112 /* -- Precomputation interface -- */ 113 114 int crypto_aead_aes256gcm_beforenm(crypto_aead_aes256gcm_state* ctx_, 115 const(ubyte)* k) pure; // __attribute__ ((nonnull)); 116 117 int crypto_aead_aes256gcm_encrypt_afternm(ubyte* c, 118 ulong* clen_p, 119 const(ubyte)* m, 120 ulong mlen, 121 const(ubyte)* ad, 122 ulong adlen, 123 const(ubyte)* nsec, 124 const(ubyte)* npub, 125 const(crypto_aead_aes256gcm_state)* ctx_) pure; // __attribute__ ((nonnull(1, 8, 9))); 126 127 int crypto_aead_aes256gcm_decrypt_afternm(ubyte* m, 128 ulong* mlen_p, 129 ubyte* nsec, 130 const(ubyte)* c, 131 ulong clen, 132 const(ubyte)* ad, 133 ulong adlen, 134 const(ubyte)* npub, 135 const(crypto_aead_aes256gcm_state)* ctx_) pure nothrow; // __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9))); 136 137 int crypto_aead_aes256gcm_encrypt_detached_afternm(ubyte* c, 138 ubyte* mac, 139 ulong* maclen_p, 140 const(ubyte)* m, 141 ulong mlen, 142 const(ubyte)* ad, 143 ulong adlen, 144 const(ubyte)* nsec, 145 const(ubyte)* npub, 146 const(crypto_aead_aes256gcm_state)* ctx_) pure; // __attribute__ ((nonnull(1, 2, 9, 10))); 147 148 int crypto_aead_aes256gcm_decrypt_detached_afternm(ubyte* m, 149 ubyte* nsec, 150 const(ubyte)* c, 151 ulong clen, 152 const(ubyte)* mac, 153 const(ubyte)* ad, 154 ulong adlen, 155 const(ubyte)* npub, 156 const(crypto_aead_aes256gcm_state)* ctx_) pure nothrow; // __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9))); 157 158 void crypto_aead_aes256gcm_keygen(ref ubyte[crypto_aead_aes256gcm_KEYBYTES] k) nothrow @trusted; // __attribute__ ((nonnull));