Interface IAesGcmPrimitives
- Namespace
- Yubico.Core.Cryptography
- Assembly
- Yubico.Core.dll
An interface exposing AES-GCM primitive operations.
public interface IAesGcmPrimitives
Methods
DecryptAndVerify(ReadOnlySpan<byte>, ReadOnlySpan<byte>, ReadOnlySpan<byte>, ReadOnlySpan<byte>, Span<byte>, ReadOnlySpan<byte>)
Decrypt the ciphertext
using AES-GCM with the given
keyData
, nonce
, and associatedData
. Verify the
authentication tag in the tag
Span. Place the resulting
decrypted data into the plaintext
Span. Return the result of
the authentication verification.
bool DecryptAndVerify(ReadOnlySpan<byte> keyData, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> ciphertext, ReadOnlySpan<byte> tag, Span<byte> plaintext, ReadOnlySpan<byte> associatedData)
Parameters
keyData
ReadOnlySpan<byte>The key data that will be used to decrypt, either 16, 24, or 32 bytes.
nonce
ReadOnlySpan<byte>The 12-byte "IV". A GCM nonce should be random bytes and should be different for each key.
ciphertext
ReadOnlySpan<byte>The data to decrypt.
tag
ReadOnlySpan<byte>The 16-byte authentication tag computed during encryption. This is the value this method will authenticate.
plaintext
Span<byte>Where the decrypted data will be placed.
associatedData
ReadOnlySpan<byte>The "extra" data used to compute the authentication tag.
Returns
- bool
A boolean,
true
if the authentication tag is verified andfalse
if it is not.
Remarks
The key data must be either 128, 192, or 256 bits (16, 24, or 32 bytes).
The nonce must be exactly 12 bytes, and the tag must be exactly 16
bytes. The plaintext result will be the same length as the
ciphertext. Note that this method will throw an exception if
plaintext.Length
is not exactly ciphertext.Length
.
If the input tag matches the tag computed during decryption, this
method will return true
. If the input tag does not match the
tag computed during decryption, this method will return false
.
In this case, the method will still fill the plaintext
buffer
with the decrypted data.
Exceptions
- CryptographicException
The key data is not a valid length.
- ArgumentException
One of the arguments was not valid (e.g. tag is not exactly 16 bytes).
EncryptAndAuthenticate(ReadOnlySpan<byte>, ReadOnlySpan<byte>, ReadOnlySpan<byte>, Span<byte>, Span<byte>, ReadOnlySpan<byte>)
Encrypt the plaintext
using AES-GCM with the given
keyData
, nonce
, and associatedData
. Place the
resulting encrypted data into the ciphertext
Span and the
authentication tag into the tag
Span.
void EncryptAndAuthenticate(ReadOnlySpan<byte> keyData, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> plaintext, Span<byte> ciphertext, Span<byte> tag, ReadOnlySpan<byte> associatedData)
Parameters
keyData
ReadOnlySpan<byte>The key data that will be used to encrypt, either 16, 24, or 32 bytes.
nonce
ReadOnlySpan<byte>The 12-byte "IV". A GCM nonce should be random bytes and should be different for each key.
plaintext
ReadOnlySpan<byte>The data to encrypt.
ciphertext
Span<byte>Where the encrypted data will be placed.
tag
Span<byte>Where the 16-byte authentication tag will be placed.
associatedData
ReadOnlySpan<byte>The "extra" data used to compute the authentication tag.
Remarks
The key data must be either 128, 192, or 256 bits (16, 24, or 32 bytes).
The nonce must be exactly 12 bytes. The ciphertext will be the same
length as the plaintext and the authentication tag will be exactly 16
bytes. Note that this method will throw an exception if
ciphertext.Length
is not exactly plaintext.Length
and
tag.Length
is not exactly 16.
Note also that the plaintext can be any length. That is, it is not necessary to to supply data that is a length which is a multiple of the AES block size.
Exceptions
- CryptographicException
The key data is not a valid length.
- ArgumentException
One of the arguments was not valid (e.g. nonce is not exactly 12 bytes).