git.baikalelectronics.ru Git - kernel.git/commit

author	Nathan Huckleberry <nhuck@google.com>
	Fri, 20 May 2022 18:14:54 +0000 (18:14 +0000)
committer	Herbert Xu <herbert@gondor.apana.org.au>
	Fri, 10 Jun 2022 08:40:17 +0000 (16:40 +0800)
commit	e74e1fe4f4045bfa0ac96f3c8f23998ea2b84727
tree	cf65bb77fe12ef20e9b0afe2f8704666d17b4134	tree \| snapshot
parent	0e277f96957d94f9b2ed8b53a18dd8d4ac2c9c9f	commit \| diff

crypto: polyval - Add POLYVAL support

Add support for POLYVAL, an ε-Δ-universal hash function similar to
GHASH.  This patch only uses POLYVAL as a component to implement HCTR2
mode.  It should be noted that POLYVAL was originally specified for use
in AES-GCM-SIV (RFC 8452), but the kernel does not currently support
this mode.

POLYVAL is implemented as an shash algorithm.  The implementation is
modified from ghash-generic.c.

For more information on POLYVAL see:
Length-preserving encryption with HCTR2:
  https://eprint.iacr.org/2021/1441.pdf
AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption:
  https://datatracker.ietf.org/doc/html/rfc8452

Signed-off-by: Nathan Huckleberry <nhuck@google.com>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto/Kconfig		diff \| blob \| history
crypto/Makefile		diff \| blob \| history
crypto/polyval-generic.c	[new file with mode: 0644]	blob
crypto/tcrypt.c		diff \| blob \| history
crypto/testmgr.c		diff \| blob \| history
crypto/testmgr.h		diff \| blob \| history
include/crypto/polyval.h	[new file with mode: 0644]	blob