3 Poly1305 message authentication code.
5 Copyright (C) 2013 Nikos Mavrogiannopoulos
6 Copyright (C) 2013, 2014 Niels Möller
8 This file is part of GNU Nettle.
10 GNU Nettle is free software: you can redistribute it and/or
11 modify it under the terms of either:
13 * the GNU Lesser General Public License as published by the Free
14 Software Foundation; either version 3 of the License, or (at your
15 option) any later version.
19 * the GNU General Public License as published by the Free
20 Software Foundation; either version 2 of the License, or (at your
21 option) any later version.
23 or both in parallel, as here.
25 GNU Nettle is distributed in the hope that it will be useful,
26 but WITHOUT ANY WARRANTY; without even the implied warranty of
27 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
28 General Public License for more details.
30 You should have received copies of the GNU General Public License and
31 the GNU Lesser General Public License along with this program. If
32 not, see http://www.gnu.org/licenses/.
35 #ifndef NETTLE_POLY1305_H_INCLUDED
36 #define NETTLE_POLY1305_H_INCLUDED
45 #define poly1305_set_key nettle_poly1305_set_key
46 #define poly1305_digest nettle_poly1305_digest
47 #define _poly1305_block _nettle_poly1305_block
49 #define poly1305_aes_set_key nettle_poly1305_aes_set_key
50 #define poly1305_aes_set_nonce nettle_poly1305_aes_set_nonce
51 #define poly1305_aes_update nettle_poly1305_aes_update
52 #define poly1305_aes_digest nettle_poly1305_aes_digest
54 /* Low level functions/macros for the poly1305 construction. */
56 #define POLY1305_DIGEST_SIZE 16
57 #define POLY1305_BLOCK_SIZE 16
58 #define POLY1305_KEY_SIZE 16
61 /* Key, 128-bit value and some cached multiples. */
68 /* State, represented as words of 26, 32 or 64 bits, depending on
70 /* High bits first, to maintain alignment. */
79 /* Low-level internal interface. */
80 void poly1305_set_key(struct poly1305_ctx *ctx, const uint8_t key[POLY1305_KEY_SIZE]);
81 /* Extracts digest, and adds it to s, the encrypted nonce. */
82 void poly1305_digest (struct poly1305_ctx *ctx, union nettle_block16 *s);
83 /* Internal function. Process one block. */
84 void _poly1305_block (struct poly1305_ctx *ctx, const uint8_t *m,
89 #define POLY1305_AES_KEY_SIZE 32
90 #define POLY1305_AES_DIGEST_SIZE 16
91 #define POLY1305_AES_NONCE_SIZE 16
93 struct poly1305_aes_ctx
95 /* Keep aes context last, to make it possible to use a general
96 poly1305_update if other variants are added. */
97 struct poly1305_ctx pctx;
98 uint8_t block[POLY1305_BLOCK_SIZE];
100 uint8_t nonce[POLY1305_BLOCK_SIZE];
101 struct aes128_ctx aes;
104 /* Also initialize the nonce to zero. */
106 poly1305_aes_set_key (struct poly1305_aes_ctx *ctx, const uint8_t *key);
108 /* Optional, if not used, messages get incrementing nonces starting
111 poly1305_aes_set_nonce (struct poly1305_aes_ctx *ctx,
112 const uint8_t *nonce);
114 /* Update is not aes-specific, but since this is the only implemented
115 variant, we need no more general poly1305_update. */
117 poly1305_aes_update (struct poly1305_aes_ctx *ctx, size_t length, const uint8_t *data);
119 /* Also increments the nonce */
121 poly1305_aes_digest (struct poly1305_aes_ctx *ctx,
122 size_t length, uint8_t *digest);
128 #endif /* NETTLE_POLY1305_H_INCLUDED */