root/include/crypto/nhpoly1305.h

/* [<][>][^][v][top][bottom][index][help] */

INCLUDED FROM

   1 /* SPDX-License-Identifier: GPL-2.0 */
   2 /*
   3  * Common values and helper functions for the NHPoly1305 hash function.
   4  */
   5 
   6 #ifndef _NHPOLY1305_H
   7 #define _NHPOLY1305_H
   8 
   9 #include <crypto/hash.h>
  10 #include <crypto/poly1305.h>
  11 
  12 /* NH parameterization: */
  13 
  14 /* Endianness: little */
  15 /* Word size: 32 bits (works well on NEON, SSE2, AVX2) */
  16 
  17 /* Stride: 2 words (optimal on ARM32 NEON; works okay on other CPUs too) */
  18 #define NH_PAIR_STRIDE          2
  19 #define NH_MESSAGE_UNIT         (NH_PAIR_STRIDE * 2 * sizeof(u32))
  20 
  21 /* Num passes (Toeplitz iteration count): 4, to give ε = 2^{-128} */
  22 #define NH_NUM_PASSES           4
  23 #define NH_HASH_BYTES           (NH_NUM_PASSES * sizeof(u64))
  24 
  25 /* Max message size: 1024 bytes (32x compression factor) */
  26 #define NH_NUM_STRIDES          64
  27 #define NH_MESSAGE_WORDS        (NH_PAIR_STRIDE * 2 * NH_NUM_STRIDES)
  28 #define NH_MESSAGE_BYTES        (NH_MESSAGE_WORDS * sizeof(u32))
  29 #define NH_KEY_WORDS            (NH_MESSAGE_WORDS + \
  30                                  NH_PAIR_STRIDE * 2 * (NH_NUM_PASSES - 1))
  31 #define NH_KEY_BYTES            (NH_KEY_WORDS * sizeof(u32))
  32 
  33 #define NHPOLY1305_KEY_SIZE     (POLY1305_BLOCK_SIZE + NH_KEY_BYTES)
  34 
  35 struct nhpoly1305_key {
  36         struct poly1305_key poly_key;
  37         u32 nh_key[NH_KEY_WORDS];
  38 };
  39 
  40 struct nhpoly1305_state {
  41 
  42         /* Running total of polynomial evaluation */
  43         struct poly1305_state poly_state;
  44 
  45         /* Partial block buffer */
  46         u8 buffer[NH_MESSAGE_UNIT];
  47         unsigned int buflen;
  48 
  49         /*
  50          * Number of bytes remaining until the current NH message reaches
  51          * NH_MESSAGE_BYTES.  When nonzero, 'nh_hash' holds the partial NH hash.
  52          */
  53         unsigned int nh_remaining;
  54 
  55         __le64 nh_hash[NH_NUM_PASSES];
  56 };
  57 
  58 typedef void (*nh_t)(const u32 *key, const u8 *message, size_t message_len,
  59                      __le64 hash[NH_NUM_PASSES]);
  60 
  61 int crypto_nhpoly1305_setkey(struct crypto_shash *tfm,
  62                              const u8 *key, unsigned int keylen);
  63 
  64 int crypto_nhpoly1305_init(struct shash_desc *desc);
  65 int crypto_nhpoly1305_update(struct shash_desc *desc,
  66                              const u8 *src, unsigned int srclen);
  67 int crypto_nhpoly1305_update_helper(struct shash_desc *desc,
  68                                     const u8 *src, unsigned int srclen,
  69                                     nh_t nh_fn);
  70 int crypto_nhpoly1305_final(struct shash_desc *desc, u8 *dst);
  71 int crypto_nhpoly1305_final_helper(struct shash_desc *desc, u8 *dst,
  72                                    nh_t nh_fn);
  73 
  74 #endif /* _NHPOLY1305_H */
/* [<][>][^][v][top][bottom][index][help] */