Commit | Line | Data |
---|---|---|
b2441318 | 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
2546f811 MW |
2 | /* |
3 | * Common values for the Poly1305 algorithm | |
4 | */ | |
5 | ||
6 | #ifndef _CRYPTO_POLY1305_H | |
7 | #define _CRYPTO_POLY1305_H | |
8 | ||
9 | #include <linux/types.h> | |
10 | #include <linux/crypto.h> | |
11 | ||
12 | #define POLY1305_BLOCK_SIZE 16 | |
13 | #define POLY1305_KEY_SIZE 32 | |
14 | #define POLY1305_DIGEST_SIZE 16 | |
15 | ||
878afc35 EB |
16 | struct poly1305_key { |
17 | u32 r[5]; /* key, base 2^26 */ | |
18 | }; | |
19 | ||
20 | struct poly1305_state { | |
21 | u32 h[5]; /* accumulator, base 2^26 */ | |
22 | }; | |
23 | ||
2546f811 MW |
24 | struct poly1305_desc_ctx { |
25 | /* key */ | |
878afc35 | 26 | struct poly1305_key r; |
2546f811 MW |
27 | /* finalize key */ |
28 | u32 s[4]; | |
29 | /* accumulator */ | |
878afc35 | 30 | struct poly1305_state h; |
2546f811 MW |
31 | /* partial buffer */ |
32 | u8 buf[POLY1305_BLOCK_SIZE]; | |
33 | /* bytes used in partial buffer */ | |
34 | unsigned int buflen; | |
35 | /* r key has been set */ | |
36 | bool rset; | |
37 | /* s key has been set */ | |
38 | bool sset; | |
39 | }; | |
40 | ||
1b6fd3d5 EB |
41 | /* |
42 | * Poly1305 core functions. These implement the ε-almost-∆-universal hash | |
43 | * function underlying the Poly1305 MAC, i.e. they don't add an encrypted nonce | |
44 | * ("s key") at the end. They also only support block-aligned inputs. | |
45 | */ | |
46 | void poly1305_core_setkey(struct poly1305_key *key, const u8 *raw_key); | |
47 | static inline void poly1305_core_init(struct poly1305_state *state) | |
48 | { | |
49 | memset(state->h, 0, sizeof(state->h)); | |
50 | } | |
51 | void poly1305_core_blocks(struct poly1305_state *state, | |
52 | const struct poly1305_key *key, | |
53 | const void *src, unsigned int nblocks); | |
54 | void poly1305_core_emit(const struct poly1305_state *state, void *dst); | |
55 | ||
56 | /* Crypto API helper functions for the Poly1305 MAC */ | |
2546f811 | 57 | int crypto_poly1305_init(struct shash_desc *desc); |
2546f811 MW |
58 | unsigned int crypto_poly1305_setdesckey(struct poly1305_desc_ctx *dctx, |
59 | const u8 *src, unsigned int srclen); | |
60 | int crypto_poly1305_update(struct shash_desc *desc, | |
61 | const u8 *src, unsigned int srclen); | |
62 | int crypto_poly1305_final(struct shash_desc *desc, u8 *dst); | |
63 | ||
64 | #endif |