diff options
Diffstat (limited to '')
-rw-r--r-- | web/server/h2o/libh2o/deps/picotls/deps/cifra/src/poly1305.h | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/web/server/h2o/libh2o/deps/picotls/deps/cifra/src/poly1305.h b/web/server/h2o/libh2o/deps/picotls/deps/cifra/src/poly1305.h new file mode 100644 index 00000000..b318e284 --- /dev/null +++ b/web/server/h2o/libh2o/deps/picotls/deps/cifra/src/poly1305.h @@ -0,0 +1,91 @@ +/* + * cifra - embedded cryptography library + * Written in 2014 by Joseph Birr-Pixton <jpixton@gmail.com> + * + * To the extent possible under law, the author(s) have dedicated all + * copyright and related and neighboring rights to this software to the + * public domain worldwide. This software is distributed without any + * warranty. + * + * You should have received a copy of the CC0 Public Domain Dedication + * along with this software. If not, see + * <http://creativecommons.org/publicdomain/zero/1.0/>. + */ + +#ifndef POLY1305_H +#define POLY1305_H + +#include <stddef.h> +#include <stdint.h> + +/** + * Poly1305 + * ======== + * This is an incremental interface to computing the poly1305 + * single shot MAC. + * + * Note: construct Poly1305-AES with this by taking a 16 byte + * nonce and encrypting it, and then using the result as an + * input to this function. + */ + +/* .. c:type:: cf_poly1305 + * Poly1305 incremental interface context. + * + * .. c:member:: cf_poly1305.h + * Current accumulator. + * + * .. c:member:: cf_poly1305.r + * Block multiplier. + * + * .. c:member:: cf_poly1305.s + * Final XOR offset. + * + * .. c:member:: cf_poly1305.partial + * Unprocessed input. + * + * .. c:member:: cf_poly1305.npartial + * Number of bytes of unprocessed input. + * + */ +typedef struct +{ + uint32_t h[17]; + uint32_t r[17]; + uint8_t s[16]; + uint8_t partial[16]; + size_t npartial; +} cf_poly1305; + +/* .. c:function:: $DECL + * Sets up `ctx` ready to compute a new MAC. + * + * In Poly1305-AES, `r` is the second half of the 32-byte key. + * `s` is a nonce encrypted under the first half of the key. + * + * :param ctx: context (written) + * :param r: MAC key. + * :param s: preprocessed nonce. + * + */ +void cf_poly1305_init(cf_poly1305 *ctx, + const uint8_t r[16], + const uint8_t s[16]); + +/* .. c:function:: $DECL + * Processes `nbytes` at `data`. Copies the data if there isn't enough to make + * a full block. + */ +void cf_poly1305_update(cf_poly1305 *ctx, + const uint8_t *data, + size_t nbytes); + +/* .. c:function:: $DECL + * Finishes the operation, writing 16 bytes to `out`. + * + * This destroys `ctx`. + */ +void cf_poly1305_finish(cf_poly1305 *ctx, + uint8_t out[16]); + +#endif |