.SH NAME
md4, md5,
sha1, sha2_224, sha2_256, sha2_384, sha2_512,
-ripemd160,
-aes, hmac_x, hmac_md5,
+ripemd160, poly1305,
+hmac_x, hmac_md5,
hmac_sha1, hmac_sha2_224, hmac_sha2_256, hmac_sha2_384, hmac_sha2_512,
-hmac_aes, md5pickle, md5unpickle,
+md5pickle, md5unpickle,
sha1pickle, sha1unpickle \- cryptographically secure hashes
.SH SYNOPSIS
.nr Wd \w'\fLDS* \fP'u
.Ti
DS* ripemd160(uchar *data, ulong dlen, uchar *digest, DS *state)
.Ti
-DS* aes(uchar *data, ulong dlen, uchar *digest, DS *state)
+DS* poly1305(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DS *state)
.Ti
DS* hmac_x(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DS *s, DS*(*x)(uchar*, ulong, uchar*, DS*), int xlen)
.Ti
DS* hmac_sha2_384(uchar *data, ulong dlen, uchar *key, ulong klen, uchar *digest, DS *state)
.Ti
DS* hmac_sha2_512(uchar *data, ulong dlen, uchar *key, ulong klen, uchar *digest, DS *state)
-.Ti
-DS* hmac_aes(uchar *data, ulong dlen, uchar *key, ulong klen, uchar *digest, DS *state)
.SH DESCRIPTION
.DT
We support several secure hash functions. The output of a
.IR sha2_384 ,
.IR sha2_512 ,
.IR ripemd160 ,
-.IR aes ,
+.IR poly1305 ,
.IR hmac_md5 ,
.IR hmac_sha1 ,
.IR hmac_sha2_224 ,
.IR hmac_sha2_256 ,
.IR hmac_sha2_384 ,
-.IR hmac_sha2_512 ,
and
-.I hmac_aes
+.IR hmac_sha2_512
differ only in the length of the resulting digest
and in the security of the hash.
.I Sha2_*
.IR hmac_sha2_224 ,
.IR hmac_sha2_256 ,
.IR hmac_sha2_384 ,
-.IR hmac_sha2_512 ,
and
-.I hmac_aes
+.IR hmac_sha2_512
are used slightly differently. These hash algorithms are keyed and require
a key to be specified on every call.
The digest lengths for these hashes are the obvious ones from
.I hmac_x
is not intended for general use.
.PP
+.IR Poly1305
+is a one-time authenticator designed by D. J. Bernstein. It takes a 32-byte
+one-time key and a message and produces a 16-byte tag.
+.PP
The functions
.I md5pickle
and
.SH SOURCE
.B /sys/src/libsec
.SH SEE ALSO
-.IR aes (2),
.IR blowfish (2),
.IR des (2),
.IR elgamal (2),