34 lines
1.3 KiB
Go
34 lines
1.3 KiB
Go
// Copyright 2012 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
/*
|
|
Package poly1305 implements Poly1305 one-time message authentication code as
|
|
specified in https://cr.yp.to/mac/poly1305-20050329.pdf.
|
|
|
|
Poly1305 is a fast, one-time authentication function. It is infeasible for an
|
|
attacker to generate an authenticator for a message without the key. However, a
|
|
key must only be used for a single message. Authenticating two different
|
|
messages with the same key allows an attacker to forge authenticators for other
|
|
messages with the same key.
|
|
|
|
Poly1305 was originally coupled with AES in order to make Poly1305-AES. AES was
|
|
used with a fixed key in order to generate one-time keys from an nonce.
|
|
However, in this package AES isn't used and the one-time key is specified
|
|
directly.
|
|
*/
|
|
package poly1305 // import "golang.org/x/crypto/poly1305"
|
|
|
|
import "crypto/subtle"
|
|
|
|
// TagSize is the size, in bytes, of a poly1305 authenticator.
|
|
const TagSize = 16
|
|
|
|
// Verify returns true if mac is a valid authenticator for m with the given
|
|
// key.
|
|
func Verify(mac *[16]byte, m []byte, key *[32]byte) bool {
|
|
var tmp [16]byte
|
|
Sum(&tmp, m, key)
|
|
return subtle.ConstantTimeCompare(tmp[:], mac[:]) == 1
|
|
}
|