poly1305 support (#4802)

* poly1305 support

* some more tests

* have I mentioned how bad the spellchecker is?

* doc improvements

* EVP_PKEY_new_raw_private_key copies the key but that's not documented

Let's assume that might change and be very defensive

* review feedback

* add a test that fails on a tag of the correct length but wrong value

* docs improvements

1 files changed, 13 insertions, 0 deletions

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index b040b809..15eff837 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -55,6 +55,9 @@ from cryptography.hazmat.backends.openssl.hmac import _HMACContext
 from cryptography.hazmat.backends.openssl.ocsp import (
     _OCSPRequest, _OCSPResponse
 )
+from cryptography.hazmat.backends.openssl.poly1305 import (
+    _POLY1305_KEY_SIZE, _Poly1305Context
+)
 from cryptography.hazmat.backends.openssl.rsa import (
     _RSAPrivateKey, _RSAPublicKey
 )
@@ -2401,6 +2404,16 @@ class Backend(object):
 
         return (key, cert, additional_certificates)
 
+    def poly1305_supported(self):
+        return self._lib.Cryptography_HAS_POLY1305 == 1
+
+    def create_poly1305_ctx(self, key):
+        utils._check_byteslike("key", key)
+        if len(key) != _POLY1305_KEY_SIZE:
+            raise ValueError("A poly1305 key is 32 bytes long")
+
+        return _Poly1305Context(self, key)
+
 
 class GetCipherByName(object):
     def __init__(self, fmt):