{"id":13812931,"url":"https://github.com/floodyberry/poly1305-donna","last_synced_at":"2025-05-14T22:31:19.059Z","repository":{"id":50732861,"uuid":"1682598","full_name":"floodyberry/poly1305-donna","owner":"floodyberry","description":"Implementations of a fast Message-Authentication Code","archived":false,"fork":false,"pushed_at":"2022-09-28T04:09:03.000Z","size":170,"stargazers_count":112,"open_issues_count":6,"forks_count":24,"subscribers_count":15,"default_branch":"master","last_synced_at":"2024-11-19T07:39:47.322Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"http://cr.yp.to/mac.html","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/floodyberry.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2011-04-29T21:06:42.000Z","updated_at":"2024-09-30T06:14:29.000Z","dependencies_parsed_at":"2023-01-18T21:31:51.657Z","dependency_job_id":null,"html_url":"https://github.com/floodyberry/poly1305-donna","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/floodyberry%2Fpoly1305-donna","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/floodyberry%2Fpoly1305-donna/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/floodyberry%2Fpoly1305-donna/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/floodyberry%2Fpoly1305-donna/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/floodyberry","download_url":"https://codeload.github.com/floodyberry/poly1305-donna/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254239540,"owners_count":22037722,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T04:00:58.156Z","updated_at":"2025-05-14T22:31:14.032Z","avatar_url":"https://github.com/floodyberry.png","language":"C","funding_links":[],"categories":["Cryptography"],"sub_categories":["General"],"readme":"\"A state-of-the-art message-authentication code\"\r\n\r\n# ABOUT\r\n\r\nSee: [http://cr.yp.to/mac.html](http://cr.yp.to/mac.html) and [http://cr.yp.to/mac/poly1305-20050329.pdf](http://cr.yp.to/mac/poly1305-20050329.pdf)\r\n\r\nThese are quite portable implementations of increasing efficiency depending on the size of the multiplier available.\r\nOptimized implementations have been moved to [poly1305-opt](https://github.com/floodyberry/poly1305-opt)\r\n\r\n# BUILDING\r\n\r\n## Default\r\n\r\nIf compiled with no options, `poly1305-donna.c` will select between the 32 bit and 64 bit implementations based\r\non what it can tell the compiler supports\r\n\r\n    gcc poly1305-donna.c -O3 -o poly1305.o\r\n\r\n## Selecting a specific version\r\n\r\n    gcc poly1305-donna.c -O3 -o poly1305.o -DPOLY1305_XXBIT\r\n\r\nWhere `-DPOLY1305_XXBIT` is one of\r\n\r\n * `-DPOLY1305_8BIT`, 8-\u003e16 bit multiplies, 32 bit additions\r\n * `-DPOLY1305_16BIT`, 16-\u003e32 bit multiples, 32 bit additions\r\n * `-DPOLY1305_32BIT`, 32-\u003e64 bit multiplies, 64 bit additions\r\n * `-DPOLY1305_64BIT`, 64-\u003e128 bit multiplies, 128 bit additions\r\n\r\n8 bit and 16 bit versions were written to keep the code size small, 32 bit and 64 bit versions are mildly optimized due\r\nto needing fewer multiplications. All 4 can be made faster at the expense of increased code size and complexity, which \r\nis not the intention of this project.\r\n\r\n# USAGE\r\n\r\nSee: [http://nacl.cace-project.eu/onetimeauth.html](http://nacl.cace-project.eu/onetimeauth.html), in specific, slightly plagiarized:\r\n\r\nThe poly1305_auth function, viewed as a function of the message for a uniform random key, is \r\ndesigned to meet the standard notion of unforgeability after a single message. After the sender \r\nauthenticates one message, an attacker cannot find authenticators for any other messages.\r\n\r\nThe sender **MUST NOT** use poly1305_auth to authenticate more than one message under the same key.\r\nAuthenticators for two messages under the same key should be expected to reveal enough information \r\nto allow forgeries of authenticators on other messages. \r\n\r\n## Functions\r\n\r\n`poly1305_context` is declared in [poly1305.h](poly1305.h) and is an opaque structure large enough to support \r\nevery underlying platform specific implementation. It should be size_t aligned, which should be handled already\r\nwith the size_t member `aligner`.\r\n\r\n`void poly1305_init(poly1305_context *ctx, const unsigned char key[32]);`\r\n\r\nwhere\r\n\r\n`key` is the 32 byte key that is **only used for this message and is discarded immediately after**\r\n\r\n`void poly1305_update(poly1305_context *ctx, const unsigned char *m, size_t bytes);`\r\n\r\nwhere `m` is a pointer to the message fragment to be processed, and\r\n\r\n`bytes` is the length of the message fragment\r\n\r\n`void poly1305_finish(poly1305_context *ctx, unsigned char mac[16]);`\r\n\r\nwhere `mac` is the buffer which receives the 16 byte authenticator. After calling finish, the underlying\r\nimplementation will zero out `ctx`.\r\n\r\n`void poly1305_auth(unsigned char mac[16], const unsigned char *m, size_t bytes, const unsigned char key[32]);`\r\n\r\nwhere `mac` is the buffer which receives the 16 byte authenticator,\r\n\r\n`m` is a pointer to the message to be processed,\r\n\r\n`bytes` is the number of bytes in the message, and\r\n\r\n`key` is the 32 byte key that is **only used for this message and is discarded immediately after**.\r\n\r\n`int poly1305_verify(const unsigned char mac1[16], const unsigned char mac2[16]);`\r\n\r\nwhere `mac1` is compared to `mac2` in constant time and returns `1` if they are equal and `0` if they are not\r\n\r\n`int poly1305_power_on_self_test(void);`\r\n\r\ntests the underlying implementation to verify it is working correctly. It returns `1` if all tests pass, and `0` if \r\nany tests fail.\r\n\r\n## Example\r\n\r\n### Simple\r\n\r\n    #include \"poly1305-donna.h\"\r\n\r\n    unsigned char key[32] = {...}, mac[16];\r\n    unsigned char msg[] = {...};\r\n\r\n    poly1305_auth(mac, msg, msglen, key);\r\n\r\n### Full\r\n\r\n[example-poly1305.c](example-poly1305.c) is a simple example of how to verify the underlying implementation is producing\r\nthe correct results, compute an authenticator, and test it against an expected value.\r\n\r\n# LICENSE\r\n\r\n[MIT](http://www.opensource.org/licenses/mit-license.php) or PUBLIC DOMAIN\r\n\r\n\r\n# NAMESAKE\r\n\r\nI borrowed the idea for these from Adam Langley's [curve25519-donna](http://github.com/agl/curve25519-donna), hence\r\nthe name.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffloodyberry%2Fpoly1305-donna","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffloodyberry%2Fpoly1305-donna","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffloodyberry%2Fpoly1305-donna/lists"}