diff --git a/libraries/Crypto/Poly1305.cpp b/libraries/Crypto/Poly1305.cpp
index a0a143ca..2781699a 100644
--- a/libraries/Crypto/Poly1305.cpp
+++ b/libraries/Crypto/Poly1305.cpp
@@ -138,7 +138,7 @@ void Poly1305::reset(const void *key)
  * If finalize() has already been called, then the behavior of update() will
  * be undefined.  Call reset() first to start a new authentication process.
  *
- * \sa reset(), finalize()
+ * \sa pad(), reset(), finalize()
  */
 void Poly1305::update(const void *data, size_t len)
 {
@@ -243,6 +243,21 @@ void Poly1305::finalize(const void *nonce, void *token, size_t len)
     memcpy(token, state.h, len);
 }
 
+/**
+ * \brief Pads the input stream with zero bytes to a multiple of 16.
+ *
+ * \sa update()
+ */
+void Poly1305::pad()
+{
+    if (state.chunkSize != 0) {
+        memset(((uint8_t *)state.c) + state.chunkSize, 0, 16 - state.chunkSize);
+        state.c[NUM_LIMBS_128BIT] = 1;
+        processChunk();
+        state.chunkSize = 0;
+    }
+}
+
 /**
  * \brief Clears the authenticator's state, removing all sensitive data.
  */
diff --git a/libraries/Crypto/Poly1305.h b/libraries/Crypto/Poly1305.h
index babae205..ef51596c 100644
--- a/libraries/Crypto/Poly1305.h
+++ b/libraries/Crypto/Poly1305.h
@@ -36,6 +36,8 @@ public:
     void update(const void *data, size_t len);
     void finalize(const void *nonce, void *token, size_t len);
 
+    void pad();
+
     void clear();
 
 private: