1// Copyright 2012 The Go Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style 3// license that can be found in the LICENSE file. 4 5/* 6Package poly1305 implements Poly1305 one-time message authentication code as 7specified in https://cr.yp.to/mac/poly1305-20050329.pdf. 8 9Poly1305 is a fast, one-time authentication function. It is infeasible for an 10attacker to generate an authenticator for a message without the key. However, a 11key must only be used for a single message. Authenticating two different 12messages with the same key allows an attacker to forge authenticators for other 13messages with the same key. 14 15Poly1305 was originally coupled with AES in order to make Poly1305-AES. AES was 16used with a fixed key in order to generate one-time keys from an nonce. 17However, in this package AES isn't used and the one-time key is specified 18directly. 19*/ 20package poly1305 // import "golang.org/x/crypto/poly1305" 21 22import "crypto/subtle" 23 24// TagSize is the size, in bytes, of a poly1305 authenticator. 25const TagSize = 16 26 27// Verify returns true if mac is a valid authenticator for m with the given 28// key. 29func Verify(mac *[16]byte, m []byte, key *[32]byte) bool { 30 var tmp [16]byte 31 Sum(&tmp, m, key) 32 return subtle.ConstantTimeCompare(tmp[:], mac[:]) == 1 33} 34