Signet Forge 0.1.0
C++20 Parquet library with AI-native extensions
 DEMO
Loading...
Searching...
No Matches
Public Member Functions | Static Public Attributes | List of all members
signet::forge::crypto::AesGcm Class Reference

AES-256 in Galois/Counter Mode (GCM) as specified in NIST SP 800-38D. More...

#include <aes_gcm.hpp>

Public Member Functions

 AesGcm (const uint8_t key[KEY_SIZE])
 Initialize with a 32-byte key.
 
void set_iv_size (size_t size)
 Set the expected IV size.
 
size_t iv_size () const
 Get the current IV size (12 or 16 bytes).
 
expected< std::vector< uint8_t > > encrypt (const uint8_t *plaintext, size_t plaintext_size, const uint8_t iv[IV_SIZE], const uint8_t *aad=nullptr, size_t aad_size=0) const
 Authenticated encryption with additional data (AEAD).
 
expected< std::vector< uint8_t > > decrypt (const uint8_t *ciphertext_with_tag, size_t total_size, const uint8_t iv[IV_SIZE], const uint8_t *aad=nullptr, size_t aad_size=0) const
 Authenticated decryption and verification (NIST SP 800-38D Section 7.2).
 

Static Public Attributes

static constexpr size_t KEY_SIZE = 32
 AES-256 key size in bytes.
 
static constexpr size_t IV_SIZE = 12
 Standard GCM nonce size in bytes (96 bits).
 
static constexpr size_t TAG_SIZE = 16
 Authentication tag size in bytes (128 bits).
 
static constexpr uint64_t MAX_GCM_PLAINTEXT
 Maximum plaintext size for a single GCM invocation (NIST SP 800-38D §5.2.1.1).
 
static constexpr uint64_t MAX_AAD_BYTES = (UINT64_MAX / 8)
 NIST SP 800-38D §5.2.1.1: AAD length limit is 2^64-1 bits.
 

Detailed Description

AES-256 in Galois/Counter Mode (GCM) as specified in NIST SP 800-38D.

Provides both confidentiality (encryption) and authenticity (128-bit authentication tag). This is the mode used for Parquet footer encryption where tamper detection is critical.

Note
The IV/nonce MUST be unique per message under the same key. Reusing an IV completely breaks GCM's authenticity guarantees.
See also
AesCtr for unauthenticated column data encryption

Definition at line 406 of file aes_gcm.hpp.

Constructor & Destructor Documentation

◆ AesGcm()

signet::forge::crypto::AesGcm::AesGcm ( const uint8_t  key[KEY_SIZE])
inlineexplicit

Initialize with a 32-byte key.

Computes the hash subkey H = AES_K(0^128) and precomputes the 4-bit GHASH multiplication table for constant-time operation (NIST SP 800-38D §6.3, CWE-208).

Definition at line 415 of file aes_gcm.hpp.

Member Function Documentation

◆ decrypt()

expected< std::vector< uint8_t > > signet::forge::crypto::AesGcm::decrypt ( const uint8_t *  ciphertext_with_tag,
size_t  total_size,
const uint8_t  iv[IV_SIZE],
const uint8_t *  aad = nullptr,
size_t  aad_size = 0 
) const
inline

Authenticated decryption and verification (NIST SP 800-38D Section 7.2).

Parameters
ciphertext_with_tagPointer to ciphertext + 16-byte appended tag.
total_sizeTotal input size (ciphertext + TAG_SIZE); must be >= TAG_SIZE.
iv12-byte nonce (same as used for encryption).
aadAdditional authenticated data (same as encryption).
aad_sizeLength of AAD in bytes.
Returns
Plaintext (total_size - TAG_SIZE bytes) on success, or ENCRYPTION_ERROR if the authentication tag does not match.

Definition at line 592 of file aes_gcm.hpp.

◆ encrypt()

expected< std::vector< uint8_t > > signet::forge::crypto::AesGcm::encrypt ( const uint8_t *  plaintext,
size_t  plaintext_size,
const uint8_t  iv[IV_SIZE],
const uint8_t *  aad = nullptr,
size_t  aad_size = 0 
) const
inline

Authenticated encryption with additional data (AEAD).

Parameters
plaintextPointer to data to encrypt.
plaintext_sizeNumber of bytes to encrypt.
iv12-byte nonce (MUST be unique per message under the same key).
aadAdditional authenticated data (authenticated but not encrypted; may be nullptr if aad_size == 0).
aad_sizeLength of AAD in bytes.
Returns
Ciphertext with 16-byte auth tag appended (total = plaintext_size + TAG_SIZE), or an error if the plaintext exceeds the NIST maximum.

Definition at line 487 of file aes_gcm.hpp.

◆ iv_size()

size_t signet::forge::crypto::AesGcm::iv_size ( ) const
inline

Get the current IV size (12 or 16 bytes).

Definition at line 457 of file aes_gcm.hpp.

◆ set_iv_size()

void signet::forge::crypto::AesGcm::set_iv_size ( size_t  size)
inline

Set the expected IV size.

Default is 12 bytes (96 bits, standard). Optionally supports 16 bytes; 16-byte IVs use GHASH-based J0 derivation per NIST SP 800-38D §5.2.1.2.

Parameters
sizeMust be 12 or 16.
Exceptions
std::invalid_argumentif size is neither 12 nor 16.

Definition at line 449 of file aes_gcm.hpp.

Member Data Documentation

◆ IV_SIZE

constexpr size_t signet::forge::crypto::AesGcm::IV_SIZE = 12
staticconstexpr

Standard GCM nonce size in bytes (96 bits).

Definition at line 409 of file aes_gcm.hpp.

◆ KEY_SIZE

constexpr size_t signet::forge::crypto::AesGcm::KEY_SIZE = 32
staticconstexpr

AES-256 key size in bytes.

Definition at line 408 of file aes_gcm.hpp.

◆ MAX_AAD_BYTES

constexpr uint64_t signet::forge::crypto::AesGcm::MAX_AAD_BYTES = (UINT64_MAX / 8)
staticconstexpr

NIST SP 800-38D §5.2.1.1: AAD length limit is 2^64-1 bits.

Practical limit: 2^61-1 bytes (to avoid overflow when converting to bits).

Definition at line 467 of file aes_gcm.hpp.

◆ MAX_GCM_PLAINTEXT

constexpr uint64_t signet::forge::crypto::AesGcm::MAX_GCM_PLAINTEXT
staticconstexpr
Initial value:
=
(static_cast<uint64_t>(UINT32_MAX) - 1) * 16

Maximum plaintext size for a single GCM invocation (NIST SP 800-38D §5.2.1.1).

32-bit counter can address at most (2^32 - 2) blocks of 16 bytes each (counter value 1 is reserved for J0).

Definition at line 462 of file aes_gcm.hpp.

◆ TAG_SIZE

constexpr size_t signet::forge::crypto::AesGcm::TAG_SIZE = 16
staticconstexpr

Authentication tag size in bytes (128 bits).

Definition at line 410 of file aes_gcm.hpp.

The documentation for this class was generated from the following file: