tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1/* SPDX-License-Identifier: GPL-2.0 */
2/*
3 * Common values for the Poly1305 algorithm
4 */
5
6#ifndef _CRYPTO_INTERNAL_POLY1305_H
7#define _CRYPTO_INTERNAL_POLY1305_H
8
9#include <asm/unaligned.h>
10#include <linux/types.h>
11#include <crypto/poly1305.h>
12
13/*
14 * Poly1305 core functions. These implement the ε-almost-∆-universal hash
15 * function underlying the Poly1305 MAC, i.e. they don't add an encrypted nonce
16 * ("s key") at the end. They also only support block-aligned inputs.
17 */
18void poly1305_core_setkey(struct poly1305_key *key, const u8 *raw_key);
19static inline void poly1305_core_init(struct poly1305_state *state)
20{
21 *state = (struct poly1305_state){};
22}
23
24void poly1305_core_blocks(struct poly1305_state *state,
25 const struct poly1305_key *key, const void *src,
26 unsigned int nblocks, u32 hibit);
27void poly1305_core_emit(const struct poly1305_state *state, void *dst);
28
29/*
30 * Poly1305 requires a unique key for each tag, which implies that we can't set
31 * it on the tfm that gets accessed by multiple users simultaneously. Instead we
32 * expect the key as the first 32 bytes in the update() call.
33 */
34static inline
35unsigned int crypto_poly1305_setdesckey(struct poly1305_desc_ctx *dctx,
36 const u8 *src, unsigned int srclen)
37{
38 if (!dctx->sset) {
39 if (!dctx->rset && srclen >= POLY1305_BLOCK_SIZE) {
40 poly1305_core_setkey(dctx->r, src);
41 src += POLY1305_BLOCK_SIZE;
42 srclen -= POLY1305_BLOCK_SIZE;
43 dctx->rset = 1;
44 }
45 if (srclen >= POLY1305_BLOCK_SIZE) {
46 dctx->s[0] = get_unaligned_le32(src + 0);
47 dctx->s[1] = get_unaligned_le32(src + 4);
48 dctx->s[2] = get_unaligned_le32(src + 8);
49 dctx->s[3] = get_unaligned_le32(src + 12);
50 src += POLY1305_BLOCK_SIZE;
51 srclen -= POLY1305_BLOCK_SIZE;
52 dctx->sset = true;
53 }
54 }
55 return srclen;
56}
57
58#endif