poly1305.h

00001 /**
00002  * \file poly1305.h
00003  *
00004  * \brief   This file contains Poly1305 definitions and functions.
00005  *
00006  *          Poly1305 is a one-time message authenticator that can be used to
00007  *          authenticate messages. Poly1305-AES was created by Daniel
00008  *          Bernstein https://cr.yp.to/mac/poly1305-20050329.pdf The generic
00009  *          Poly1305 algorithm (not tied to AES) was also standardized in RFC
00010  *          7539.
00011  *
00012  * \author Daniel King <damaki.gh@gmail.com>
00013  */
00014 
00015 /*  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
00016  *  SPDX-License-Identifier: Apache-2.0
00017  *
00018  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
00019  *  not use this file except in compliance with the License.
00020  *  You may obtain a copy of the License at
00021  *
00022  *  http://www.apache.org/licenses/LICENSE-2.0
00023  *
00024  *  Unless required by applicable law or agreed to in writing, software
00025  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
00026  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00027  *  See the License for the specific language governing permissions and
00028  *  limitations under the License.
00029  *
00030  *  This file is part of Mbed TLS (https://tls.mbed.org)
00031  */
00032 
00033 #ifndef MBEDTLS_POLY1305_H
00034 #define MBEDTLS_POLY1305_H
00035 
00036 #if !defined(MBEDTLS_CONFIG_FILE)
00037 #include "mbedtls/config.h"
00038 #else
00039 #include MBEDTLS_CONFIG_FILE
00040 #endif
00041 
00042 #include <stdint.h>
00043 #include <stddef.h>
00044 
00045 #define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA         -0x0057 /**< Invalid input parameter(s). */
00046 #define MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE    -0x0059 /**< Feature not available. For example, s part of the API is not implemented. */
00047 #define MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED        -0x005B  /**< Poly1305 hardware accelerator failed. */
00048 
00049 #ifdef __cplusplus
00050 extern "C" {
00051 #endif
00052 
00053 #if !defined(MBEDTLS_POLY1305_ALT)
00054 
00055 typedef struct mbedtls_poly1305_context
00056 {
00057     uint32_t r[4];      /** The value for 'r' (low 128 bits of the key). */
00058     uint32_t s[4];      /** The value for 's' (high 128 bits of the key). */
00059     uint32_t acc[5];    /** The accumulator number. */
00060     uint8_t queue[16];  /** The current partial block of data. */
00061     size_t queue_len;   /** The number of bytes stored in 'queue'. */
00062 }
00063 mbedtls_poly1305_context;
00064 
00065 #else  /* MBEDTLS_POLY1305_ALT */
00066 #include "poly1305_alt.h"
00067 #endif /* MBEDTLS_POLY1305_ALT */
00068 
00069 /**
00070  * \brief           This function initializes the specified Poly1305 context.
00071  *
00072  *                  It must be the first API called before using
00073  *                  the context.
00074  *
00075  *                  It is usually followed by a call to
00076  *                  \c mbedtls_poly1305_starts(), then one or more calls to
00077  *                  \c mbedtls_poly1305_update(), then one call to
00078  *                  \c mbedtls_poly1305_finish(), then finally
00079  *                  \c mbedtls_poly1305_free().
00080  *
00081  * \param ctx       The Poly1305 context to initialize.
00082  */
00083 void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx );
00084 
00085 /**
00086  * \brief           This function releases and clears the specified Poly1305 context.
00087  *
00088  * \param ctx       The Poly1305 context to clear.
00089  */
00090 void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx );
00091 
00092 /**
00093  * \brief           This function sets the one-time authentication key.
00094  *
00095  * \warning         The key must be unique and unpredictable for each
00096  *                  invocation of Poly1305.
00097  *
00098  * \param ctx       The Poly1305 context to which the key should be bound.
00099  * \param key       The buffer containing the 256-bit key.
00100  *
00101  * \return          \c 0 on success.
00102  * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
00103  *                  if ctx or key are NULL.
00104  */
00105 int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
00106                              const unsigned char key[32] );
00107 
00108 /**
00109  * \brief           This functions feeds an input buffer into an ongoing
00110  *                  Poly1305 computation.
00111  *
00112  *                  It is called between \c mbedtls_cipher_poly1305_starts() and
00113  *                  \c mbedtls_cipher_poly1305_finish().
00114  *                  It can be called repeatedly to process a stream of data.
00115  *
00116  * \param ctx       The Poly1305 context to use for the Poly1305 operation.
00117  * \param ilen      The length of the input data (in bytes). Any value is accepted.
00118  * \param input     The buffer holding the input data.
00119  *                  This pointer can be NULL if ilen == 0.
00120  *
00121  * \return          \c 0 on success.
00122  * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
00123  *                  if ctx or input are NULL.
00124  */
00125 int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
00126                              const unsigned char *input,
00127                              size_t ilen );
00128 
00129 /**
00130  * \brief           This function generates the Poly1305 Message
00131  *                  Authentication Code (MAC).
00132  *
00133  * \param ctx       The Poly1305 context to use for the Poly1305 operation.
00134  * \param mac       The buffer to where the MAC is written. Must be big enough
00135  *                  to hold the 16-byte MAC.
00136  *
00137  * \return          \c 0 on success.
00138  * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
00139  *                  if ctx or mac are NULL.
00140  */
00141 int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
00142                              unsigned char mac[16] );
00143 
00144 /**
00145  * \brief           This function calculates the Poly1305 MAC of the input
00146  *                  buffer with the provided key.
00147  *
00148  * \warning         The key must be unique and unpredictable for each
00149  *                  invocation of Poly1305.
00150  *
00151  * \param key       The buffer containing the 256-bit key.
00152  * \param ilen      The length of the input data (in bytes). Any value is accepted.
00153  * \param input     The buffer holding the input data.
00154  *                  This pointer can be NULL if ilen == 0.
00155  * \param mac       The buffer to where the MAC is written. Must be big enough
00156  *                  to hold the 16-byte MAC.
00157  *
00158  * \return          \c 0 on success.
00159  * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
00160  *                  if key, input, or mac are NULL.
00161  */
00162 int mbedtls_poly1305_mac( const unsigned char key[32],
00163                           const unsigned char *input,
00164                           size_t ilen,
00165                           unsigned char mac[16] );
00166 
00167 #if defined(MBEDTLS_SELF_TEST)
00168 /**
00169  * \brief           The Poly1305 checkup routine.
00170  *
00171  * \return          \c 0 on success.
00172  * \return          \c 1 on failure.
00173  */
00174 int mbedtls_poly1305_self_test( int verbose );
00175 #endif /* MBEDTLS_SELF_TEST */
00176 
00177 #ifdef __cplusplus
00178 }
00179 #endif
00180 
00181 #endif /* MBEDTLS_POLY1305_H */