Poly1305 (Poly1305 v1.0.4)

View Source

Poly1305 message authentication

https://tools.ietf.org/html/rfc7539

Summary

Types

key()

Encryption key

nonce()

Per-message nonce

tag()

MAC tag

Functions

aead_decrypt(c, k, n, a \\ "", t)

authenticated encryption with additional data - decryption

aead_encrypt(m, k, n, a \\ "")

authenticated encryption with additional data - encryption

hmac(m, k)

Compute a Message authentication code

same_hmac?(a, b)

compare two HMACs in constant time

Types

key()

@type key() :: binary()

Encryption key

nonce()

@type nonce() :: binary()

Per-message nonce

By convention, the first 4 bytes should be sender-specific. The trailing 8 bytes may be as simple as a counter.

tag()

@type tag() :: binary()

MAC tag

Functions

aead_decrypt(c, k, n, a \\ "", t)

@spec aead_decrypt(binary(), key(), nonce(), binary(), tag()) :: binary() | :error

authenticated encryption with additional data - decryption

  • encrypted message
  • shared secret key
  • one-time use nonce
  • additional authenticated data
  • MAC

On success, returns the plaintext message. If the message cannot be authenticated :error is returned.

aead_encrypt(m, k, n, a \\ "")

@spec aead_encrypt(binary(), key(), nonce(), binary()) :: {binary(), tag()}

authenticated encryption with additional data - encryption

  • message to be encrypted
  • shared secret key
  • one-time use nonce
  • additional authenticated data

The return value will be a tuple of {ciphertext, MAC}

The algorithm is applied as described in RFC7539:

  • The key and nonce are used to encrypt the message with ChaCha20.
  • The one-time MAC key is derived from the cipher key and nonce.
  • The ciphertext and additional data are authenticated with the MAC

hmac(m, k)

@spec hmac(binary(), key()) :: tag()

Compute a Message authentication code

The one-time key should never be reused.

same_hmac?(a, b)

@spec same_hmac?(binary(), binary()) :: boolean()

compare two HMACs in constant time