1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Common values for the Poly1305 algorithm 4 */ 5 6 #ifndef _CRYPTO_POLY1305_H 7 #define _CRYPTO_POLY1305_H 8 9 #include <linux/types.h> 10 #include <linux/crypto.h> 11 12 #define POLY1305_BLOCK_SIZE 16 13 #define POLY1305_KEY_SIZE 32 14 #define POLY1305_DIGEST_SIZE 16 15 16 struct poly1305_key { 17 u32 r[5]; /* key, base 2^26 */ 18 }; 19 20 struct poly1305_state { 21 u32 h[5]; /* accumulator, base 2^26 */ 22 }; 23 24 struct poly1305_desc_ctx { 25 /* key */ 26 struct poly1305_key r; 27 /* finalize key */ 28 u32 s[4]; 29 /* accumulator */ 30 struct poly1305_state h; 31 /* partial buffer */ 32 u8 buf[POLY1305_BLOCK_SIZE]; 33 /* bytes used in partial buffer */ 34 unsigned int buflen; 35 /* r key has been set */ 36 bool rset; 37 /* s key has been set */ 38 bool sset; 39 }; 40 41 /* 42 * Poly1305 core functions. These implement the ε-almost-∆-universal hash 43 * function underlying the Poly1305 MAC, i.e. they don't add an encrypted nonce 44 * ("s key") at the end. They also only support block-aligned inputs. 45 */ 46 void poly1305_core_setkey(struct poly1305_key *key, const u8 *raw_key); 47 static inline void poly1305_core_init(struct poly1305_state *state) 48 { 49 memset(state->h, 0, sizeof(state->h)); 50 } 51 void poly1305_core_blocks(struct poly1305_state *state, 52 const struct poly1305_key *key, 53 const void *src, unsigned int nblocks); 54 void poly1305_core_emit(const struct poly1305_state *state, void *dst); 55 56 /* Crypto API helper functions for the Poly1305 MAC */ 57 int crypto_poly1305_init(struct shash_desc *desc); 58 unsigned int crypto_poly1305_setdesckey(struct poly1305_desc_ctx *dctx, 59 const u8 *src, unsigned int srclen); 60 int crypto_poly1305_update(struct shash_desc *desc, 61 const u8 *src, unsigned int srclen); 62 int crypto_poly1305_final(struct shash_desc *desc, u8 *dst); 63 64 #endif 65