dnscrypt-proxy/vendor/github.com/aead/poly1305/poly1305.go

31 lines
1.1 KiB
Go
Raw Normal View History

// Copyright (c) 2016 Andreas Auernhammer. All rights reserved.
// Use of this source code is governed by a license that can be
// found in the LICENSE file.
// Package poly1305 implements Poly1305 one-time message authentication code
// defined in RFC 7539..
//
// Poly1305 is a fast, one-time authentication function. It is infeasible for an
// attacker to generate an authenticator for a message without the key.
// However, a key must only be used for a single message. Authenticating two
// different messages with the same key allows an attacker to forge
// authenticators for other messages with the same key.
package poly1305 // import "github.com/aead/poly1305"
import (
"crypto/subtle"
"errors"
)
// TagSize is the size of the poly1305 authentication tag in bytes.
const TagSize = 16
var errWriteAfterSum = errors.New("checksum already computed - adding more data is not allowed")
// Verify returns true if and only if the mac is a valid authenticator
// for msg with the given key.
func Verify(mac *[TagSize]byte, msg []byte, key [32]byte) bool {
sum := Sum(msg, key)
return subtle.ConstantTimeCompare(sum[:], mac[:]) == 1
}