summaryrefslogtreecommitdiffstats
path: root/vendor/golang.org/x/crypto/poly1305/poly1305.go
diff options
context:
space:
mode:
authorWim <wim@42.be>2020-07-18 17:27:41 +0200
committerGitHub <noreply@github.com>2020-07-18 17:27:41 +0200
commit23d8742f0d95096b92f11729fb47f86ac3b68d43 (patch)
tree7b8acb02b051ae06e5454fda4a9d5118428fe016 /vendor/golang.org/x/crypto/poly1305/poly1305.go
parent3b6a8be07b9422714db30fb50977f342057febf3 (diff)
downloadmatterbridge-msglm-23d8742f0d95096b92f11729fb47f86ac3b68d43.tar.gz
matterbridge-msglm-23d8742f0d95096b92f11729fb47f86ac3b68d43.tar.bz2
matterbridge-msglm-23d8742f0d95096b92f11729fb47f86ac3b68d43.zip
Update dependencies for 1.18.0 release (#1175)
Diffstat (limited to 'vendor/golang.org/x/crypto/poly1305/poly1305.go')
-rw-r--r--vendor/golang.org/x/crypto/poly1305/poly1305.go26
1 files changed, 18 insertions, 8 deletions
diff --git a/vendor/golang.org/x/crypto/poly1305/poly1305.go b/vendor/golang.org/x/crypto/poly1305/poly1305.go
index 066159b7..9d7a6af0 100644
--- a/vendor/golang.org/x/crypto/poly1305/poly1305.go
+++ b/vendor/golang.org/x/crypto/poly1305/poly1305.go
@@ -26,7 +26,9 @@ const TagSize = 16
// 16-byte result into out. Authenticating two different messages with the same
// key allows an attacker to forge messages at will.
func Sum(out *[16]byte, m []byte, key *[32]byte) {
- sum(out, m, key)
+ h := New(key)
+ h.Write(m)
+ h.Sum(out[:0])
}
// Verify returns true if mac is a valid authenticator for m with the given key.
@@ -46,10 +48,9 @@ func Verify(mac *[16]byte, m []byte, key *[32]byte) bool {
// two different messages with the same key allows an attacker
// to forge messages at will.
func New(key *[32]byte) *MAC {
- return &MAC{
- mac: newMAC(key),
- finalized: false,
- }
+ m := &MAC{}
+ initialize(key, &m.macState)
+ return m
}
// MAC is an io.Writer computing an authentication tag
@@ -58,7 +59,7 @@ func New(key *[32]byte) *MAC {
// MAC cannot be used like common hash.Hash implementations,
// because using a poly1305 key twice breaks its security.
// Therefore writing data to a running MAC after calling
-// Sum causes it to panic.
+// Sum or Verify causes it to panic.
type MAC struct {
mac // platform-dependent implementation
@@ -71,10 +72,10 @@ func (h *MAC) Size() int { return TagSize }
// Write adds more data to the running message authentication code.
// It never returns an error.
//
-// It must not be called after the first call of Sum.
+// It must not be called after the first call of Sum or Verify.
func (h *MAC) Write(p []byte) (n int, err error) {
if h.finalized {
- panic("poly1305: write to MAC after Sum")
+ panic("poly1305: write to MAC after Sum or Verify")
}
return h.mac.Write(p)
}
@@ -87,3 +88,12 @@ func (h *MAC) Sum(b []byte) []byte {
h.finalized = true
return append(b, mac[:]...)
}
+
+// Verify returns whether the authenticator of all data written to
+// the message authentication code matches the expected value.
+func (h *MAC) Verify(expected []byte) bool {
+ var mac [TagSize]byte
+ h.mac.Sum(&mac)
+ h.finalized = true
+ return subtle.ConstantTimeCompare(expected, mac[:]) == 1
+}