common/mbedtls/poly1305.h

   1 /**
   2  * \file poly1305.h
   3  *
   4  * \brief   This file contains Poly1305 definitions and functions.
   5  *
   6  *          Poly1305 is a one-time message authenticator that can be used to
   7  *          authenticate messages. Poly1305-AES was created by Daniel
   8  *          Bernstein https://cr.yp.to/mac/poly1305-20050329.pdf The generic
   9  *          Poly1305 algorithm (not tied to AES) was also standardized in RFC
  10  *          7539.
  11  *
  12  * \author Daniel King <damaki.gh@gmail.com>
  13  */
  14
  15 /*
  16  *  Copyright The Mbed TLS Contributors
  17  *  SPDX-License-Identifier: Apache-2.0
  18  *
  19  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
  20  *  not use this file except in compliance with the License.
  21  *  You may obtain a copy of the License at
  22  *
  23  *  http://www.apache.org/licenses/LICENSE-2.0
  24  *
  25  *  Unless required by applicable law or agreed to in writing, software
  26  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  27  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  28  *  See the License for the specific language governing permissions and
  29  *  limitations under the License.
  30  */
  31
  32 #ifndef MBEDTLS_POLY1305_H
  33 #define MBEDTLS_POLY1305_H
  34
  35 #if !defined(MBEDTLS_CONFIG_FILE)
  36 #include "mbedtls/config.h"
  37 #else
  38 #include MBEDTLS_CONFIG_FILE
  39 #endif
  40
  41 #include <stdint.h>
  42 #include <stddef.h>
  43
  44 #define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA         -0x0057 /**< Invalid input parameter(s). */
  45
  46 /* MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE is deprecated and should not be
  47  * used. */
  48 #define MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE    -0x0059 /**< Feature not available. For example, s part of the API is not implemented. */
  49
  50 /* MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED is deprecated and should not be used.
  51  */
  52 #define MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED        -0x005B  /**< Poly1305 hardware accelerator failed. */
  53
  54 #ifdef __cplusplus
  55 extern "C" {
  56 #endif
  57
  58 #if !defined(MBEDTLS_POLY1305_ALT)
  59
  60 typedef struct mbedtls_poly1305_context {
  61     uint32_t r[4];      /** The value for 'r' (low 128 bits of the key). */
  62     uint32_t s[4];      /** The value for 's' (high 128 bits of the key). */
  63     uint32_t acc[5];    /** The accumulator number. */
  64     uint8_t queue[16];  /** The current partial block of data. */
  65     size_t queue_len;   /** The number of bytes stored in 'queue'. */
  66 }
  67 mbedtls_poly1305_context;
  68
  69 #else  /* MBEDTLS_POLY1305_ALT */
  70 #include "poly1305_alt.h"
  71 #endif /* MBEDTLS_POLY1305_ALT */
  72
  73 /**
  74  * \brief           This function initializes the specified Poly1305 context.
  75  *
  76  *                  It must be the first API called before using
  77  *                  the context.
  78  *
  79  *                  It is usually followed by a call to
  80  *                  \c mbedtls_poly1305_starts(), then one or more calls to
  81  *                  \c mbedtls_poly1305_update(), then one call to
  82  *                  \c mbedtls_poly1305_finish(), then finally
  83  *                  \c mbedtls_poly1305_free().
  84  *
  85  * \param ctx       The Poly1305 context to initialize. This must
  86  *                  not be \c NULL.
  87  */
  88 void mbedtls_poly1305_init(mbedtls_poly1305_context *ctx);
  89
  90 /**
  91  * \brief           This function releases and clears the specified
  92  *                  Poly1305 context.
  93  *
  94  * \param ctx       The Poly1305 context to clear. This may be \c NULL, in which
  95  *                  case this function is a no-op. If it is not \c NULL, it must
  96  *                  point to an initialized Poly1305 context.
  97  */
  98 void mbedtls_poly1305_free(mbedtls_poly1305_context *ctx);
  99
 100 /**
 101  * \brief           This function sets the one-time authentication key.
 102  *
 103  * \warning         The key must be unique and unpredictable for each
 104  *                  invocation of Poly1305.
 105  *
 106  * \param ctx       The Poly1305 context to which the key should be bound.
 107  *                  This must be initialized.
 108  * \param key       The buffer containing the \c 32 Byte (\c 256 Bit) key.
 109  *
 110  * \return          \c 0 on success.
 111  * \return          A negative error code on failure.
 112  */
 113 int mbedtls_poly1305_starts(mbedtls_poly1305_context *ctx,
 114                             const unsigned char key[32]);
 115
 116 /**
 117  * \brief           This functions feeds an input buffer into an ongoing
 118  *                  Poly1305 computation.
 119  *
 120  *                  It is called between \c mbedtls_cipher_poly1305_starts() and
 121  *                  \c mbedtls_cipher_poly1305_finish().
 122  *                  It can be called repeatedly to process a stream of data.
 123  *
 124  * \param ctx       The Poly1305 context to use for the Poly1305 operation.
 125  *                  This must be initialized and bound to a key.
 126  * \param ilen      The length of the input data in Bytes.
 127  *                  Any value is accepted.
 128  * \param input     The buffer holding the input data.
 129  *                  This pointer can be \c NULL if `ilen == 0`.
 130  *
 131  * \return          \c 0 on success.
 132  * \return          A negative error code on failure.
 133  */
 134 int mbedtls_poly1305_update(mbedtls_poly1305_context *ctx,
 135                             const unsigned char *input,
 136                             size_t ilen);
 137
 138 /**
 139  * \brief           This function generates the Poly1305 Message
 140  *                  Authentication Code (MAC).
 141  *
 142  * \param ctx       The Poly1305 context to use for the Poly1305 operation.
 143  *                  This must be initialized and bound to a key.
 144  * \param mac       The buffer to where the MAC is written. This must
 145  *                  be a writable buffer of length \c 16 Bytes.
 146  *
 147  * \return          \c 0 on success.
 148  * \return          A negative error code on failure.
 149  */
 150 int mbedtls_poly1305_finish(mbedtls_poly1305_context *ctx,
 151                             unsigned char mac[16]);
 152
 153 /**
 154  * \brief           This function calculates the Poly1305 MAC of the input
 155  *                  buffer with the provided key.
 156  *
 157  * \warning         The key must be unique and unpredictable for each
 158  *                  invocation of Poly1305.
 159  *
 160  * \param key       The buffer containing the \c 32 Byte (\c 256 Bit) key.
 161  * \param ilen      The length of the input data in Bytes.
 162  *                  Any value is accepted.
 163  * \param input     The buffer holding the input data.
 164  *                  This pointer can be \c NULL if `ilen == 0`.
 165  * \param mac       The buffer to where the MAC is written. This must be
 166  *                  a writable buffer of length \c 16 Bytes.
 167  *
 168  * \return          \c 0 on success.
 169  * \return          A negative error code on failure.
 170  */
 171 int mbedtls_poly1305_mac(const unsigned char key[32],
 172                          const unsigned char *input,
 173                          size_t ilen,
 174                          unsigned char mac[16]);
 175
 176 #if defined(MBEDTLS_SELF_TEST)
 177 /**
 178  * \brief           The Poly1305 checkup routine.
 179  *
 180  * \return          \c 0 on success.
 181  * \return          \c 1 on failure.
 182  */
 183 int mbedtls_poly1305_self_test(int verbose);
 184 #endif /* MBEDTLS_SELF_TEST */
 185
 186 #ifdef __cplusplus
 187 }
 188 #endif
 189
 190 #endif /* MBEDTLS_POLY1305_H */