# encoding: binary
module RbNaCl
module OneTimeAuths
# Computes an authenticator using poly1305
#
# The authenticator can be used at a later time to verify the provenance of
# the message by recomputing the tag over the message and then comparing it to
# the provided authenticator. The class provides methods for generating
# signatures and also has a constant-time implementation for checking them.
#
# As the name suggests, this is a **ONE TIME** authenticator. Computing an
# authenticator for two messages using the same key probably gives an
# attacker enough information to forge further authenticators for the same
# key.
#
# This is a secret key authenticator, i.e. anyone who can verify signatures
# can also create them.
#
# @see http://nacl.cr.yp.to/onetimeauth.html
class Poly1305 < Auth
extend Sodium
sodium_type :onetimeauth
sodium_primitive :poly1305
sodium_constant :BYTES
sodium_constant :KEYBYTES
sodium_function :onetimeauth_poly1305,
:crypto_onetimeauth_poly1305,
[:pointer, :pointer, :ulong_long, :pointer]
sodium_function :onetimeauth_poly1305_verify,
:crypto_onetimeauth_poly1305_verify,
[:pointer, :pointer, :ulong_long, :pointer]
private
def compute_authenticator(authenticator, message)
self.class.onetimeauth_poly1305(authenticator, message, message.bytesize, key)
end
def verify_message(authenticator, message)
self.class.onetimeauth_poly1305_verify(authenticator, message, message.bytesize, key)
end
end
end
end