4afb116cc1
Move the core Poly1305 routines shared between the generic Poly1305 shash driver and the Adiantum and NHPoly1305 drivers into a separate library so that using just this pieces does not pull in the crypto API pieces of the generic Poly1305 routine. In a subsequent patch, we will augment this generic library with init/update/final routines so that Poyl1305 algorithm can be used directly without the need for using the crypto API's shash abstraction. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit 48ea8c6ebc96bc0990e12ee1c43d0832c23576bb) Bug: 152722841 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I1d1ebae722acdb3a908822b8a5b126689e2147c3
42 lines
752 B
C
42 lines
752 B
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* Common values for the Poly1305 algorithm
|
|
*/
|
|
|
|
#ifndef _CRYPTO_POLY1305_H
|
|
#define _CRYPTO_POLY1305_H
|
|
|
|
#include <linux/types.h>
|
|
#include <linux/crypto.h>
|
|
|
|
#define POLY1305_BLOCK_SIZE 16
|
|
#define POLY1305_KEY_SIZE 32
|
|
#define POLY1305_DIGEST_SIZE 16
|
|
|
|
struct poly1305_key {
|
|
u32 r[5]; /* key, base 2^26 */
|
|
};
|
|
|
|
struct poly1305_state {
|
|
u32 h[5]; /* accumulator, base 2^26 */
|
|
};
|
|
|
|
struct poly1305_desc_ctx {
|
|
/* key */
|
|
struct poly1305_key r;
|
|
/* finalize key */
|
|
u32 s[4];
|
|
/* accumulator */
|
|
struct poly1305_state h;
|
|
/* partial buffer */
|
|
u8 buf[POLY1305_BLOCK_SIZE];
|
|
/* bytes used in partial buffer */
|
|
unsigned int buflen;
|
|
/* r key has been set */
|
|
bool rset;
|
|
/* s key has been set */
|
|
bool sset;
|
|
};
|
|
|
|
#endif
|