4 * \brief This file contains Poly1305 definitions and functions.
6 * Poly1305 is a one-time message authenticator that can be used to
7 * authenticate messages. Poly1305-AES was created by Daniel
8 * Bernstein https://cr.yp.to/mac/poly1305-20050329.pdf The generic
9 * Poly1305 algorithm (not tied to AES) was also standardized in RFC
12 * \author Daniel King <damaki.gh@gmail.com>
15 /* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
16 * SPDX-License-Identifier: Apache-2.0
18 * Licensed under the Apache License, Version 2.0 (the "License"); you may
19 * not use this file except in compliance with the License.
20 * You may obtain a copy of the License at
22 * http://www.apache.org/licenses/LICENSE-2.0
24 * Unless required by applicable law or agreed to in writing, software
25 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
26 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
27 * See the License for the specific language governing permissions and
28 * limitations under the License.
30 * This file is part of Mbed TLS (https://tls.mbed.org)
33 #ifndef MBEDTLS_POLY1305_H
34 #define MBEDTLS_POLY1305_H
36 #if !defined(MBEDTLS_CONFIG_FILE)
39 #include MBEDTLS_CONFIG_FILE
45 #define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA -0x0057 /**< Invalid input parameter(s). */
47 /* MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE is deprecated and should not be
49 #define MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE -0x0059 /**< Feature not available. For example, s part of the API is not implemented. */
51 /* MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED is deprecated and should not be used.
53 #define MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED -0x005B /**< Poly1305 hardware accelerator failed. */
59 #if !defined(MBEDTLS_POLY1305_ALT)
61 typedef struct mbedtls_poly1305_context
63 uint32_t r[4]; /** The value for 'r' (low 128 bits of the key). */
64 uint32_t s[4]; /** The value for 's' (high 128 bits of the key). */
65 uint32_t acc[5]; /** The accumulator number. */
66 uint8_t queue[16]; /** The current partial block of data. */
67 size_t queue_len; /** The number of bytes stored in 'queue'. */
69 mbedtls_poly1305_context;
71 #else /* MBEDTLS_POLY1305_ALT */
72 #include "poly1305_alt.h"
73 #endif /* MBEDTLS_POLY1305_ALT */
76 * \brief This function initializes the specified Poly1305 context.
78 * It must be the first API called before using
81 * It is usually followed by a call to
82 * \c mbedtls_poly1305_starts(), then one or more calls to
83 * \c mbedtls_poly1305_update(), then one call to
84 * \c mbedtls_poly1305_finish(), then finally
85 * \c mbedtls_poly1305_free().
87 * \param ctx The Poly1305 context to initialize. This must
90 void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx );
93 * \brief This function releases and clears the specified
96 * \param ctx The Poly1305 context to clear. This may be \c NULL, in which
97 * case this function is a no-op. If it is not \c NULL, it must
98 * point to an initialized Poly1305 context.
100 void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx );
103 * \brief This function sets the one-time authentication key.
105 * \warning The key must be unique and unpredictable for each
106 * invocation of Poly1305.
108 * \param ctx The Poly1305 context to which the key should be bound.
109 * This must be initialized.
110 * \param key The buffer containing the \c 32 Byte (\c 256 Bit) key.
112 * \return \c 0 on success.
113 * \return A negative error code on failure.
115 int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
116 const unsigned char key[32] );
119 * \brief This functions feeds an input buffer into an ongoing
120 * Poly1305 computation.
122 * It is called between \c mbedtls_cipher_poly1305_starts() and
123 * \c mbedtls_cipher_poly1305_finish().
124 * It can be called repeatedly to process a stream of data.
126 * \param ctx The Poly1305 context to use for the Poly1305 operation.
127 * This must be initialized and bound to a key.
128 * \param ilen The length of the input data in Bytes.
129 * Any value is accepted.
130 * \param input The buffer holding the input data.
131 * This pointer can be \c NULL if `ilen == 0`.
133 * \return \c 0 on success.
134 * \return A negative error code on failure.
136 int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
137 const unsigned char *input,
141 * \brief This function generates the Poly1305 Message
142 * Authentication Code (MAC).
144 * \param ctx The Poly1305 context to use for the Poly1305 operation.
145 * This must be initialized and bound to a key.
146 * \param mac The buffer to where the MAC is written. This must
147 * be a writable buffer of length \c 16 Bytes.
149 * \return \c 0 on success.
150 * \return A negative error code on failure.
152 int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
153 unsigned char mac[16] );
156 * \brief This function calculates the Poly1305 MAC of the input
157 * buffer with the provided key.
159 * \warning The key must be unique and unpredictable for each
160 * invocation of Poly1305.
162 * \param key The buffer containing the \c 32 Byte (\c 256 Bit) key.
163 * \param ilen The length of the input data in Bytes.
164 * Any value is accepted.
165 * \param input The buffer holding the input data.
166 * This pointer can be \c NULL if `ilen == 0`.
167 * \param mac The buffer to where the MAC is written. This must be
168 * a writable buffer of length \c 16 Bytes.
170 * \return \c 0 on success.
171 * \return A negative error code on failure.
173 int mbedtls_poly1305_mac( const unsigned char key[32],
174 const unsigned char *input,
176 unsigned char mac[16] );
178 #if defined(MBEDTLS_SELF_TEST)
180 * \brief The Poly1305 checkup routine.
182 * \return \c 0 on success.
183 * \return \c 1 on failure.
185 int mbedtls_poly1305_self_test( int verbose );
186 #endif /* MBEDTLS_SELF_TEST */
192 #endif /* MBEDTLS_POLY1305_H */