From b73ed5a6a3067c832413a6b4c987667a9d545153 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sun, 10 Mar 2019 10:12:00 +0800
Subject: poly1305 support (#4802)

* poly1305 support

* some more tests

* have I mentioned how bad the spellchecker is?

* doc improvements

* EVP_PKEY_new_raw_private_key copies the key but that's not documented

Let's assume that might change and be very defensive

* review feedback

* add a test that fails on a tag of the correct length but wrong value

* docs improvements
---
 src/cryptography/hazmat/primitives/poly1305.py | 43 ++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 src/cryptography/hazmat/primitives/poly1305.py

(limited to 'src/cryptography/hazmat/primitives')

diff --git a/src/cryptography/hazmat/primitives/poly1305.py b/src/cryptography/hazmat/primitives/poly1305.py
new file mode 100644
index 00000000..02b6629d
--- /dev/null
+++ b/src/cryptography/hazmat/primitives/poly1305.py
@@ -0,0 +1,43 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+
+from cryptography import utils
+from cryptography.exceptions import (
+    AlreadyFinalized, UnsupportedAlgorithm, _Reasons
+)
+
+
+class Poly1305(object):
+    def __init__(self, key):
+        from cryptography.hazmat.backends.openssl.backend import backend
+        if not backend.poly1305_supported():
+            raise UnsupportedAlgorithm(
+                "poly1305 is not supported by this version of OpenSSL.",
+                _Reasons.UNSUPPORTED_MAC
+            )
+        self._ctx = backend.create_poly1305_ctx(key)
+
+    def update(self, data):
+        if self._ctx is None:
+            raise AlreadyFinalized("Context was already finalized.")
+        utils._check_byteslike("data", data)
+        self._ctx.update(data)
+
+    def finalize(self):
+        if self._ctx is None:
+            raise AlreadyFinalized("Context was already finalized.")
+        mac = self._ctx.finalize()
+        self._ctx = None
+        return mac
+
+    def verify(self, tag):
+        utils._check_bytes("tag", tag)
+        if self._ctx is None:
+            raise AlreadyFinalized("Context was already finalized.")
+
+        ctx, self._ctx = self._ctx, None
+        ctx.verify(tag)
-- 
cgit v1.2.3