The AEAD functions and Aead Class methods provide AEAD encryption and decryption based on [RFC5116]. The following AEAD algorithms are provided:
The functions AEAD_Encrypt and AEAD_Decrypt
provide a simple, stateless interface to do one-off computations. These two functions deal with the authenticated tag separately.
The functions AEAD_EncryptWithTag and AEAD_DecryptWithTag provide one-off AEAD encryption
but append the tag to the end of the output.
If you need to process a large quantity of data in chunks, use the stateful, incremental functions
AEAD_InitKey,
AEAD_SetNonce, ...,
AEAD_Destroy.
The correct sequence to call these functions is described below.
Note also that the AEAD_AES_xxx_GCM algorithms only support 128- and 256-bit AES keys and the IV (nonce) must be exactly 12 bytes long. If you want to use AES-GCM with AES-192 or an IV of a different length, use the older GCM functions.
Table of parameters as defined in Section 4 of [RFC5116] (all values in octets):
| Parameter | AES_128_GCM | AES_256_GCM | CHACHA20_POLY1305 | Description |
|---|---|---|---|---|
K_LEN | 16 | 32 | 32 | Fixed key length |
P_MAX | 2^36 - 31 | 2^36 - 31 | 2^38 - 64 | Max plaintext length |
A_MAX | 2^61 - 1 | 2^61 - 1 | 2^64 - 1 | Max AAD length |
N_MIN | 12 | 12 | 12 | Min nonce length |
N_MAX | 12 | 12 | 12 | Max nonce length |
C_MAX | 2^36 - 15 | 2^36 - 15 | 2^38 - 48 | Max ciphertext length |
The tag length for all supported algorithms is 16 octets.
Note that the maximum length of a byte array in this toolkit is limited to 2^32 - 1.