Poly1305 message authenticator. More...

#include <Poly1305.h>

Public Member Functions
	Poly1305 ()
	Constructs a new Poly1305 message authenticator.

	~Poly1305 ()
	Destroys this Poly1305 message authenticator after clearing all sensitive information.

void	reset (const void *key)
	Resets the Poly1305 message authenticator for a new session. More...

void	update (const void *data, size_t len)
	Updates the message authenticator with more data. More...

void	finalize (const void nonce, void token, size_t len)
	Finalizes the authentication process and returns the token. More...

void	pad ()
	Pads the input stream with zero bytes to a multiple of 16. More...

void	clear ()
	Clears the authenticator's state, removing all sensitive data.

Detailed Description

Poly1305 message authenticator.

Poly1305 is a message authenticator designed by Daniel J. Bernstein. An arbitrary-length message is broken up into 16-byte chunks and fed into a polynomial mod 2¹³⁰ - 5 based on the 16-byte authentication key. The final polynomial value is then combined with a 16-byte nonce to create the authentication token.

The following example demonstrates how to compute an authentication token for a message made up of several blocks under a specific key and nonce:

Poly1305 poly1305;
uint8_t token[16];
poly1305.reset(key);
poly1305.update(block1, sizeof(block1));
poly1305.update(block2, sizeof(block2));
...
poly1305.update(blockN, sizeof(blockN));
poly1305.finalize(nonce, token, sizeof(token));

In the original Poly1305 specification, the nonce was encrypted with AES and a second 16-byte key. Since then, common practice has been for the caller to encrypt the nonce which gives the caller more flexibility as to how to derive and/or encrypt the nonce.

References: http://en.wikipedia.org/wiki/Poly1305-AES, http://cr.yp.to/mac.html

Definition at line 29 of file Poly1305.h.

Member Function Documentation

◆ finalize()

void Poly1305::finalize	(	const void *	nonce,
		void *	token,
		size_t	len
	)

Finalizes the authentication process and returns the token.

Parameters

nonce	Points to the 16-byte nonce to combine with the token.
token	The buffer to return the token value in.
len	The length of the token buffer between 0 and 16.

If len is less than 16, then the token value will be truncated to the first len bytes. If len is greater than 16, then the remaining bytes will left unchanged.

If finalize() is called again, then the returned token value is undefined. Call reset() first to start a new authentication process.

See also: reset(), update()

Definition at line 182 of file Poly1305.cpp.

◆ pad()

void Poly1305::pad ( )

Pads the input stream with zero bytes to a multiple of 16.

See also: update()

Definition at line 254 of file Poly1305.cpp.

◆ reset()

void Poly1305::reset ( const void * key )

Resets the Poly1305 message authenticator for a new session.

Parameters

key	Points to the 16 byte authentication key.

See also: update(), finalize()

Definition at line 113 of file Poly1305.cpp.

◆ update()

void Poly1305::update	(	const void *	data,
		size_t	len
	)

Updates the message authenticator with more data.

Parameters

data	Data to be hashed.
len	Number of bytes of data to be hashed.

If finalize() has already been called, then the behavior of update() will be undefined. Call reset() first to start a new authentication process.

See also: pad(), reset(), finalize()

Definition at line 145 of file Poly1305.cpp.

The documentation for this class was generated from the following files:

Public Member Functions

Detailed Description

Member Function Documentation

◆ finalize()

◆ pad()

◆ reset()

◆ update()