Module poly1305

Available on crate feature dep_orion only.

Poly1305 as specified in the RFC 8439.

About:

This implementation is based on poly1305-donna by Andrew Moon.

Parameters:

• data: Data to be authenticated.
• one_time_key: One-time key used to authenticate.
• expected: The expected tag that needs to be verified.

Errors:

An error will be returned if:

• finalize() is called twice without a reset() in between.
• update() is called after finalize() without a reset() in between.
• The calculated tag does not match the expected when verifying.

Security:

• A given key must never be used more than once. A unique OneTimeKey, for each message authenticated, is required. If a key is used more than once, it reveals enough information for an attacker to forge future authentications with the same key.
• The one-time key should be generated using a CSPRNG. OneTimeKey::generate() can be used for this.

Recommendation:

• If you are unsure of whether to use HMAC or Poly1305, it is most often easier to just use HMAC. See also Cryptographic Right Answers.

Example:

use orion::hazardous::mac::poly1305::{OneTimeKey, Poly1305};

let one_time_key = OneTimeKey::generate();
let msg = "Some message.";

let mut poly1305_state = Poly1305::new(&one_time_key);
poly1305_state.update(msg.as_bytes())?;
let tag = poly1305_state.finalize()?;

assert!(Poly1305::verify(&tag, &one_time_key, msg.as_bytes()).is_ok());

Structs

OneTimeKey

A type to represent the OneTimeKey that Poly1305 uses for authentication.

Poly1305

Poly1305 streaming state.

Tag

A type to represent the Tag that Poly1305 returns.

Constants

POLY1305_KEYSIZE

The key size for Poly1305.

POLY1305_OUTSIZE

The output size for Poly1305.