2018-05-29 20:20:38 +02:00
|
|
|
/*
|
2018-05-29 20:28:12 +02:00
|
|
|
* Copyright (C) 2016 Andrew Moon (dedicated to the public domain)
|
2018-05-29 20:20:38 +02:00
|
|
|
* Copyright (C) 2018 Freie Universität Berlin
|
|
|
|
* Copyright (C) 2018 Inria
|
|
|
|
*
|
|
|
|
* This file is subject to the terms and conditions of the GNU Lesser
|
|
|
|
* General Public License v2.1. See the file LICENSE in the top level
|
|
|
|
* directory for more details.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @ingroup sys_crypto
|
|
|
|
* @defgroup sys_crypto_poly1305 poly1305
|
|
|
|
* @brief Poly1305 one-time message authentication code
|
|
|
|
*
|
|
|
|
* Poly1305 is a one-time authenticator designed by D.J. Bernstein. It uses a
|
|
|
|
* 32-byte one-time key and a message and produces a 16-byte tag.
|
|
|
|
*
|
|
|
|
* @{
|
|
|
|
*
|
|
|
|
* @file
|
|
|
|
* @brief Poly1305 MAC interface
|
|
|
|
*
|
|
|
|
* @author Koen Zandberg <koen@bergzand.net>
|
|
|
|
*
|
|
|
|
* @see https://tools.ietf.org/html/rfc8439#section-2.5
|
|
|
|
*/
|
|
|
|
#ifndef CRYPTO_POLY1305_H
|
|
|
|
#define CRYPTO_POLY1305_H
|
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
|
|
extern "C" {
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <stddef.h>
|
|
|
|
#include <stdint.h>
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Poly1305 block size
|
|
|
|
*/
|
|
|
|
#define POLY1305_BLOCK_SIZE 16
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Poly1305 context
|
|
|
|
*/
|
|
|
|
typedef struct {
|
|
|
|
uint32_t r[4]; /**< first key part */
|
|
|
|
uint32_t pad[4]; /**< Second key part */
|
|
|
|
uint32_t h[5]; /**< Hash */
|
|
|
|
uint32_t c[4]; /**< Message chunk */
|
|
|
|
size_t c_idx; /**< Chunk length */
|
|
|
|
} poly1305_ctx_t;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Initialize a poly1305 context
|
|
|
|
*
|
|
|
|
* @param ctx Poly1305 context
|
|
|
|
* @param key 32 byte key
|
|
|
|
*/
|
|
|
|
void poly1305_init(poly1305_ctx_t *ctx, const uint8_t *key);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Update the poly1305 context with a block of message
|
|
|
|
*
|
|
|
|
* @param ctx poly1305 context
|
|
|
|
* @param data ptr to the message
|
|
|
|
* @param len length of the message
|
|
|
|
*/
|
|
|
|
void poly1305_update(poly1305_ctx_t *ctx, const uint8_t *data, size_t len);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Finish the poly1305 operation
|
|
|
|
*
|
|
|
|
* @param ctx poly1305 context
|
|
|
|
* @param mac 16 byte buffer for the tag
|
|
|
|
*/
|
|
|
|
void poly1305_finish(poly1305_ctx_t *ctx, uint8_t *mac);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Calculate a single poly1305 tag
|
|
|
|
*
|
|
|
|
* @param mac 16 byte buffer for the tag
|
|
|
|
* @param data ptr to the message
|
|
|
|
* @param len length of the message
|
|
|
|
* @param key 32 byte key
|
|
|
|
*/
|
|
|
|
void poly1305_auth(uint8_t *mac, const uint8_t *data, size_t len,
|
|
|
|
const uint8_t *key);
|
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
|
|
}
|
|
|
|
#endif
|
2018-05-29 20:28:12 +02:00
|
|
|
#endif /* CRYPTO_POLY1305_H */
|
2018-05-29 20:20:38 +02:00
|
|
|
/** @} */
|