Index: poly1305/poly1305.go |
=================================================================== |
new file mode 100644 |
--- /dev/null |
+++ b/poly1305/poly1305.go |
@@ -0,0 +1,32 @@ |
+// Copyright 2012 The Go Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style |
+// license that can be found in the LICENSE file. |
+ |
+/* |
+Package poly1305 implements Poly1305 one-time message authentication code as specified in http://cr.yp.to/mac/poly1305-20050329.pdf. |
+ |
+Poly1305 is a fast, one-time authentication function. It is infeasible for an |
+attacker to generate an authenticator for a message without the key. However, a |
+key must only be used for a single message. Authenticating two different |
+messages with the same key allows an attacker to forge authenticators for other |
+messages with the same key. |
+ |
+Poly1305 was originally coupled with AES in order to make Poly1305-AES. AES was |
+used with a fixed key in order to generate one-time keys from an nonce. |
+However, in this package AES isn't used and the one-time key is specified |
+directly. |
+*/ |
+package poly1305 |
+ |
+import "crypto/subtle" |
+ |
+// TagSize is the size, in bytes, of a poly1305 authenticator. |
+const TagSize = 16 |
+ |
+// Verify returns true if mac is a valid authenticator for m with the given |
+// key. |
+func Verify(mac *[16]byte, m []byte, key *[32]byte) bool { |
+ var tmp [16]byte |
+ Sum(&tmp, m, key) |
+ return subtle.ConstantTimeCompare(tmp[:], mac[:]) == 1 |
+} |