a16e772e66
Since Poly1305 requires a nonce per invocation, the Linux kernel implementations of Poly1305 don't use the crypto API's keying mechanism and instead expect the key and nonce as the first 32 bytes of the data. But ->setkey() is still defined as a stub returning an error code. This prevents Poly1305 from being used through AF_ALG and will also break it completely once we start enforcing that all crypto API users (not just AF_ALG) call ->setkey() if present. Fix it by removing crypto_poly1305_setkey(), leaving ->setkey as NULL. Cc: stable@vger.kernel.org Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
40 lines
920 B
C
40 lines
920 B
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* Common values for the Poly1305 algorithm
|
|
*/
|
|
|
|
#ifndef _CRYPTO_POLY1305_H
|
|
#define _CRYPTO_POLY1305_H
|
|
|
|
#include <linux/types.h>
|
|
#include <linux/crypto.h>
|
|
|
|
#define POLY1305_BLOCK_SIZE 16
|
|
#define POLY1305_KEY_SIZE 32
|
|
#define POLY1305_DIGEST_SIZE 16
|
|
|
|
struct poly1305_desc_ctx {
|
|
/* key */
|
|
u32 r[5];
|
|
/* finalize key */
|
|
u32 s[4];
|
|
/* accumulator */
|
|
u32 h[5];
|
|
/* partial buffer */
|
|
u8 buf[POLY1305_BLOCK_SIZE];
|
|
/* bytes used in partial buffer */
|
|
unsigned int buflen;
|
|
/* r key has been set */
|
|
bool rset;
|
|
/* s key has been set */
|
|
bool sset;
|
|
};
|
|
|
|
int crypto_poly1305_init(struct shash_desc *desc);
|
|
unsigned int crypto_poly1305_setdesckey(struct poly1305_desc_ctx *dctx,
|
|
const u8 *src, unsigned int srclen);
|
|
int crypto_poly1305_update(struct shash_desc *desc,
|
|
const u8 *src, unsigned int srclen);
|
|
int crypto_poly1305_final(struct shash_desc *desc, u8 *dst);
|
|
|
|
#endif
|