1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Common values for the Poly1305 algorithm 4 */ 5 6 #ifndef _CRYPTO_INTERNAL_POLY1305_H 7 #define _CRYPTO_INTERNAL_POLY1305_H 8 9 #include <asm/unaligned.h> 10 #include <linux/types.h> 11 #include <crypto/poly1305.h> 12 13 /* 14 * Poly1305 core functions. These implement the ε-almost-∆-universal hash 15 * function underlying the Poly1305 MAC, i.e. they don't add an encrypted nonce 16 * ("s key") at the end. They also only support block-aligned inputs. 17 */ 18 void poly1305_core_setkey(struct poly1305_key *key, const u8 *raw_key); 19 static inline void poly1305_core_init(struct poly1305_state *state) 20 { 21 *state = (struct poly1305_state){}; 22 } 23 24 void poly1305_core_blocks(struct poly1305_state *state, 25 const struct poly1305_key *key, const void *src, 26 unsigned int nblocks, u32 hibit); 27 void poly1305_core_emit(const struct poly1305_state *state, void *dst); 28 29 /* 30 * Poly1305 requires a unique key for each tag, which implies that we can't set 31 * it on the tfm that gets accessed by multiple users simultaneously. Instead we 32 * expect the key as the first 32 bytes in the update() call. 33 */ 34 static inline 35 unsigned int crypto_poly1305_setdesckey(struct poly1305_desc_ctx *dctx, 36 const u8 *src, unsigned int srclen) 37 { 38 if (!dctx->sset) { 39 if (!dctx->rset && srclen >= POLY1305_BLOCK_SIZE) { 40 poly1305_core_setkey(dctx->r, src); 41 src += POLY1305_BLOCK_SIZE; 42 srclen -= POLY1305_BLOCK_SIZE; 43 dctx->rset = 1; 44 } 45 if (srclen >= POLY1305_BLOCK_SIZE) { 46 dctx->s[0] = get_unaligned_le32(src + 0); 47 dctx->s[1] = get_unaligned_le32(src + 4); 48 dctx->s[2] = get_unaligned_le32(src + 8); 49 dctx->s[3] = get_unaligned_le32(src + 12); 50 src += POLY1305_BLOCK_SIZE; 51 srclen -= POLY1305_BLOCK_SIZE; 52 dctx->sset = true; 53 } 54 } 55 return srclen; 56 } 57 58 #endif 59