Struct Poly1305 

pub struct Poly1305 { /* private fields */ }

Poly1305 MAC state.

Holds the accumulator acc, the precomputed r (and r * 5 for each limb, to absorb the * 5 mod p of the lazy reduction in the inner loop), the tag-finalisation key s, and a 16-byte buffer for handling messages whose length is not a multiple of 16.

Internally:

• r[0..5] : r in 5 26-bit limbs
• s[0..4] : the second half of the one-time key as 4 LE u32s
• acc[0..5]: accumulator in 5 26-bit limbs
• buffer : up to 16 bytes of pending data
• buf_pos : 0..=16

Implementations

impl Poly1305

pub fn new(key: &[u8; 32]) -> Self

Initialise Poly1305 with a 32-byte one-time key key = r ‖ s.

r is clamped per RFC 8439 §2.5: bytes 3, 7, 11, 15 have their top 4 bits cleared (& 0x0f) and bytes 4, 8, 12 have their low 2 bits cleared (& 0xfc).

pub fn update(&mut self, data: &[u8])

Absorb additional data into the accumulator.

Buffers up to 15 leftover bytes between calls so that arbitrary update sizes work the same as one big call.

pub fn finalize(self) -> [u8; 16]

Finalise the MAC and write the 16-byte tag into tag. Consumes the state.

pub fn mac(key: &[u8; 32], data: &[u8]) -> [u8; 16]

One-shot helper: feed the entire data and return the tag.