43 	struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);  in crypto_poly1305_init()  local
45 	memset(dctx->h, 0, sizeof(dctx->h));  in crypto_poly1305_init()
46 	dctx->buflen = 0;  in crypto_poly1305_init()
47 	dctx->rset = false;  in crypto_poly1305_init()
48 	dctx->sset = false;  in crypto_poly1305_init()
65 static void poly1305_setrkey(struct poly1305_desc_ctx *dctx, const u8 *key)  in poly1305_setrkey()  argument
68 	dctx->r[0] = (le32_to_cpuvp(key +  0) >> 0) & 0x3ffffff;  in poly1305_setrkey()
69 	dctx->r[1] = (le32_to_cpuvp(key +  3) >> 2) & 0x3ffff03;  in poly1305_setrkey()
70 	dctx->r[2] = (le32_to_cpuvp(key +  6) >> 4) & 0x3ffc0ff;  in poly1305_setrkey()
71 	dctx->r[3] = (le32_to_cpuvp(key +  9) >> 6) & 0x3f03fff;  in poly1305_setrkey()
72 	dctx->r[4] = (le32_to_cpuvp(key + 12) >> 8) & 0x00fffff;  in poly1305_setrkey()
75 static void poly1305_setskey(struct poly1305_desc_ctx *dctx, const u8 *key)  in poly1305_setskey()  argument
77 	dctx->s[0] = le32_to_cpuvp(key +  0);  in poly1305_setskey()
78 	dctx->s[1] = le32_to_cpuvp(key +  4);  in poly1305_setskey()
79 	dctx->s[2] = le32_to_cpuvp(key +  8);  in poly1305_setskey()
80 	dctx->s[3] = le32_to_cpuvp(key + 12);  in poly1305_setskey()
83 unsigned int crypto_poly1305_setdesckey(struct poly1305_desc_ctx *dctx,  in crypto_poly1305_setdesckey()  argument
86 	if (!dctx->sset) {  in crypto_poly1305_setdesckey()
87 		if (!dctx->rset && srclen >= POLY1305_BLOCK_SIZE) {  in crypto_poly1305_setdesckey()
88 			poly1305_setrkey(dctx, src);  in crypto_poly1305_setdesckey()
91 			dctx->rset = true;  in crypto_poly1305_setdesckey()
94 			poly1305_setskey(dctx, src);  in crypto_poly1305_setdesckey()
97 			dctx->sset = true;  in crypto_poly1305_setdesckey()
104 static unsigned int poly1305_blocks(struct poly1305_desc_ctx *dctx,  in poly1305_blocks()  argument
114 	if (unlikely(!dctx->sset)) {  in poly1305_blocks()
115 		datalen = crypto_poly1305_setdesckey(dctx, src, srclen);  in poly1305_blocks()
120 	r0 = dctx->r[0];  in poly1305_blocks()
121 	r1 = dctx->r[1];  in poly1305_blocks()
122 	r2 = dctx->r[2];  in poly1305_blocks()
123 	r3 = dctx->r[3];  in poly1305_blocks()
124 	r4 = dctx->r[4];  in poly1305_blocks()
131 	h0 = dctx->h[0];  in poly1305_blocks()
132 	h1 = dctx->h[1];  in poly1305_blocks()
133 	h2 = dctx->h[2];  in poly1305_blocks()
134 	h3 = dctx->h[3];  in poly1305_blocks()
135 	h4 = dctx->h[4];  in poly1305_blocks()
170 	dctx->h[0] = h0;  in poly1305_blocks()
171 	dctx->h[1] = h1;  in poly1305_blocks()
172 	dctx->h[2] = h2;  in poly1305_blocks()
173 	dctx->h[3] = h3;  in poly1305_blocks()
174 	dctx->h[4] = h4;  in poly1305_blocks()
182 	struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);  in crypto_poly1305_update()  local
185 	if (unlikely(dctx->buflen)) {  in crypto_poly1305_update()
186 		bytes = min(srclen, POLY1305_BLOCK_SIZE - dctx->buflen);  in crypto_poly1305_update()
187 		memcpy(dctx->buf + dctx->buflen, src, bytes);  in crypto_poly1305_update()
190 		dctx->buflen += bytes;  in crypto_poly1305_update()
192 		if (dctx->buflen == POLY1305_BLOCK_SIZE) {  in crypto_poly1305_update()
193 			poly1305_blocks(dctx, dctx->buf,  in crypto_poly1305_update()
195 			dctx->buflen = 0;  in crypto_poly1305_update()
200 		bytes = poly1305_blocks(dctx, src, srclen, 1 << 24);  in crypto_poly1305_update()
206 		dctx->buflen = srclen;  in crypto_poly1305_update()
207 		memcpy(dctx->buf, src, srclen);  in crypto_poly1305_update()
216 	struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);  in crypto_poly1305_final()  local
223 	if (unlikely(!dctx->sset))  in crypto_poly1305_final()
226 	if (unlikely(dctx->buflen)) {  in crypto_poly1305_final()
227 		dctx->buf[dctx->buflen++] = 1;  in crypto_poly1305_final()
228 		memset(dctx->buf + dctx->buflen, 0,  in crypto_poly1305_final()
229 		       POLY1305_BLOCK_SIZE - dctx->buflen);  in crypto_poly1305_final()
230 		poly1305_blocks(dctx, dctx->buf, POLY1305_BLOCK_SIZE, 0);  in crypto_poly1305_final()
234 	h0 = dctx->h[0];  in crypto_poly1305_final()
235 	h1 = dctx->h[1];  in crypto_poly1305_final()
236 	h2 = dctx->h[2];  in crypto_poly1305_final()
237 	h3 = dctx->h[3];  in crypto_poly1305_final()
238 	h4 = dctx->h[4];  in crypto_poly1305_final()
274 	f = (f >> 32) + h0 + dctx->s[0]; mac[0] = cpu_to_le32(f);  in crypto_poly1305_final()
275 	f = (f >> 32) + h1 + dctx->s[1]; mac[1] = cpu_to_le32(f);  in crypto_poly1305_final()
276 	f = (f >> 32) + h2 + dctx->s[2]; mac[2] = cpu_to_le32(f);  in crypto_poly1305_final()
277 	f = (f >> 32) + h3 + dctx->s[3]; mac[3] = cpu_to_le32(f);  in crypto_poly1305_final()