include/crypto/poly1305.h

   1 /* SPDX-License-Identifier: GPL-2.0 */
   2 /*
   3  * Common values for the Poly1305 algorithm
   4  */
   5
   6 #ifndef _CRYPTO_POLY1305_H
   7 #define _CRYPTO_POLY1305_H
   8
   9 #include <linux/types.h>
  10 #include <linux/crypto.h>
  11
  12 #define POLY1305_BLOCK_SIZE     16
  13 #define POLY1305_KEY_SIZE       32
  14 #define POLY1305_DIGEST_SIZE    16
  15
  16 struct poly1305_key {
  17         u32 r[5];       /* key, base 2^26 */
  18 };
  19
  20 struct poly1305_state {
  21         u32 h[5];       /* accumulator, base 2^26 */
  22 };
  23
  24 struct poly1305_desc_ctx {
  25         /* key */
  26         struct poly1305_key r;
  27         /* finalize key */
  28         u32 s[4];
  29         /* accumulator */
  30         struct poly1305_state h;
  31         /* partial buffer */
  32         u8 buf[POLY1305_BLOCK_SIZE];
  33         /* bytes used in partial buffer */
  34         unsigned int buflen;
  35         /* r key has been set */
  36         bool rset;
  37         /* s key has been set */
  38         bool sset;
  39 };
  40
  41 /*
  42  * Poly1305 core functions.  These implement the ε-almost-∆-universal hash
  43  * function underlying the Poly1305 MAC, i.e. they don't add an encrypted nonce
  44  * ("s key") at the end.  They also only support block-aligned inputs.
  45  */
  46 void poly1305_core_setkey(struct poly1305_key *key, const u8 *raw_key);
  47 static inline void poly1305_core_init(struct poly1305_state *state)
  48 {
  49         memset(state->h, 0, sizeof(state->h));
  50 }
  51 void poly1305_core_blocks(struct poly1305_state *state,
  52                           const struct poly1305_key *key,
  53                           const void *src, unsigned int nblocks);
  54 void poly1305_core_emit(const struct poly1305_state *state, void *dst);
  55
  56 /* Crypto API helper functions for the Poly1305 MAC */
  57 int crypto_poly1305_init(struct shash_desc *desc);
  58 unsigned int crypto_poly1305_setdesckey(struct poly1305_desc_ctx *dctx,
  59                                         const u8 *src, unsigned int srclen);
  60 int crypto_poly1305_update(struct shash_desc *desc,
  61                            const u8 *src, unsigned int srclen);
  62 int crypto_poly1305_final(struct shash_desc *desc, u8 *dst);
  63
  64 #endif