31 lines
1.1 KiB
Go
31 lines
1.1 KiB
Go
// Copyright (c) 2016 Andreas Auernhammer. All rights reserved.
|
|
// Use of this source code is governed by a license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Package poly1305 implements Poly1305 one-time message authentication code
|
|
// defined in RFC 7539..
|
|
//
|
|
// Poly1305 is a fast, one-time authentication function. It is infeasible for an
|
|
// attacker to generate an authenticator for a message without the key.
|
|
// However, a key must only be used for a single message. Authenticating two
|
|
// different messages with the same key allows an attacker to forge
|
|
// authenticators for other messages with the same key.
|
|
package poly1305 // import "github.com/aead/poly1305"
|
|
|
|
import (
|
|
"crypto/subtle"
|
|
"errors"
|
|
)
|
|
|
|
// TagSize is the size of the poly1305 authentication tag in bytes.
|
|
const TagSize = 16
|
|
|
|
var errWriteAfterSum = errors.New("checksum already computed - adding more data is not allowed")
|
|
|
|
// Verify returns true if and only if the mac is a valid authenticator
|
|
// for msg with the given key.
|
|
func Verify(mac *[TagSize]byte, msg []byte, key [32]byte) bool {
|
|
sum := Sum(msg, key)
|
|
return subtle.ConstantTimeCompare(sum[:], mac[:]) == 1
|
|
}
|