1 /**
2  * \file poly1305.h
3  *
4  * \brief   This file contains Poly1305 definitions and functions.
5  *
6  *          Poly1305 is a one-time message authenticator that can be used to
7  *          authenticate messages. Poly1305-AES was created by Daniel
8  *          Bernstein https://cr.yp.to/mac/poly1305-20050329.pdf The generic
9  *          Poly1305 algorithm (not tied to AES) was also standardized in RFC
10  *          7539.
11  *
12  * \author Daniel King <damaki.gh@gmail.com>
13  */
14 
15 /*
16  *  Copyright The Mbed TLS Contributors
17  *  SPDX-License-Identifier: Apache-2.0
18  *
19  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
20  *  not use this file except in compliance with the License.
21  *  You may obtain a copy of the License at
22  *
23  *  http://www.apache.org/licenses/LICENSE-2.0
24  *
25  *  Unless required by applicable law or agreed to in writing, software
26  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
27  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
28  *  See the License for the specific language governing permissions and
29  *  limitations under the License.
30  */
31 
32 #ifndef MBEDTLS_POLY1305_H
33 #define MBEDTLS_POLY1305_H
34 
35 #if !defined(MBEDTLS_CONFIG_FILE)
36 #include "mbedtls/config.h"
37 #else
38 #include MBEDTLS_CONFIG_FILE
39 #endif
40 
41 #include <stdint.h>
42 #include <stddef.h>
43 
44 /** Invalid input parameter(s). */
45 #define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA         -0x0057
46 
47 /* MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE is deprecated and should not be
48  * used. */
49 /** Feature not available. For example, s part of the API is not implemented. */
50 #define MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE    -0x0059
51 
52 /* MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED is deprecated and should not be used.
53  */
54 /** Poly1305 hardware accelerator failed. */
55 #define MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED        -0x005B
56 
57 #ifdef __cplusplus
58 extern "C" {
59 #endif
60 
61 #if !defined(MBEDTLS_POLY1305_ALT)
62 
63 typedef struct mbedtls_poly1305_context
64 {
65     uint32_t r[4];      /** The value for 'r' (low 128 bits of the key). */
66     uint32_t s[4];      /** The value for 's' (high 128 bits of the key). */
67     uint32_t acc[5];    /** The accumulator number. */
68     uint8_t queue[16];  /** The current partial block of data. */
69     size_t queue_len;   /** The number of bytes stored in 'queue'. */
70 }
71 mbedtls_poly1305_context;
72 
73 #else  /* MBEDTLS_POLY1305_ALT */
74 #include "poly1305_alt.h"
75 #endif /* MBEDTLS_POLY1305_ALT */
76 
77 /**
78  * \brief           This function initializes the specified Poly1305 context.
79  *
80  *                  It must be the first API called before using
81  *                  the context.
82  *
83  *                  It is usually followed by a call to
84  *                  \c mbedtls_poly1305_starts(), then one or more calls to
85  *                  \c mbedtls_poly1305_update(), then one call to
86  *                  \c mbedtls_poly1305_finish(), then finally
87  *                  \c mbedtls_poly1305_free().
88  *
89  * \param ctx       The Poly1305 context to initialize. This must
90  *                  not be \c NULL.
91  */
92 void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx );
93 
94 /**
95  * \brief           This function releases and clears the specified
96  *                  Poly1305 context.
97  *
98  * \param ctx       The Poly1305 context to clear. This may be \c NULL, in which
99  *                  case this function is a no-op. If it is not \c NULL, it must
100  *                  point to an initialized Poly1305 context.
101  */
102 void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx );
103 
104 /**
105  * \brief           This function sets the one-time authentication key.
106  *
107  * \warning         The key must be unique and unpredictable for each
108  *                  invocation of Poly1305.
109  *
110  * \param ctx       The Poly1305 context to which the key should be bound.
111  *                  This must be initialized.
112  * \param key       The buffer containing the \c 32 Byte (\c 256 Bit) key.
113  *
114  * \return          \c 0 on success.
115  * \return          A negative error code on failure.
116  */
117 int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
118                              const unsigned char key[32] );
119 
120 /**
121  * \brief           This functions feeds an input buffer into an ongoing
122  *                  Poly1305 computation.
123  *
124  *                  It is called between \c mbedtls_cipher_poly1305_starts() and
125  *                  \c mbedtls_cipher_poly1305_finish().
126  *                  It can be called repeatedly to process a stream of data.
127  *
128  * \param ctx       The Poly1305 context to use for the Poly1305 operation.
129  *                  This must be initialized and bound to a key.
130  * \param ilen      The length of the input data in Bytes.
131  *                  Any value is accepted.
132  * \param input     The buffer holding the input data.
133  *                  This pointer can be \c NULL if `ilen == 0`.
134  *
135  * \return          \c 0 on success.
136  * \return          A negative error code on failure.
137  */
138 int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
139                              const unsigned char *input,
140                              size_t ilen );
141 
142 /**
143  * \brief           This function generates the Poly1305 Message
144  *                  Authentication Code (MAC).
145  *
146  * \param ctx       The Poly1305 context to use for the Poly1305 operation.
147  *                  This must be initialized and bound to a key.
148  * \param mac       The buffer to where the MAC is written. This must
149  *                  be a writable buffer of length \c 16 Bytes.
150  *
151  * \return          \c 0 on success.
152  * \return          A negative error code on failure.
153  */
154 int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
155                              unsigned char mac[16] );
156 
157 /**
158  * \brief           This function calculates the Poly1305 MAC of the input
159  *                  buffer with the provided key.
160  *
161  * \warning         The key must be unique and unpredictable for each
162  *                  invocation of Poly1305.
163  *
164  * \param key       The buffer containing the \c 32 Byte (\c 256 Bit) key.
165  * \param ilen      The length of the input data in Bytes.
166  *                  Any value is accepted.
167  * \param input     The buffer holding the input data.
168  *                  This pointer can be \c NULL if `ilen == 0`.
169  * \param mac       The buffer to where the MAC is written. This must be
170  *                  a writable buffer of length \c 16 Bytes.
171  *
172  * \return          \c 0 on success.
173  * \return          A negative error code on failure.
174  */
175 int mbedtls_poly1305_mac( const unsigned char key[32],
176                           const unsigned char *input,
177                           size_t ilen,
178                           unsigned char mac[16] );
179 
180 #if defined(MBEDTLS_SELF_TEST)
181 /**
182  * \brief           The Poly1305 checkup routine.
183  *
184  * \return          \c 0 on success.
185  * \return          \c 1 on failure.
186  */
187 int mbedtls_poly1305_self_test( int verbose );
188 #endif /* MBEDTLS_SELF_TEST */
189 
190 #ifdef __cplusplus
191 }
192 #endif
193 
194 #endif /* MBEDTLS_POLY1305_H */
195