crypto: polyval - Add POLYVAL support
Add support for POLYVAL, an ε-Δ-universal hash function similar to GHASH. This patch only uses POLYVAL as a component to implement HCTR2 mode. It should be noted that POLYVAL was originally specified for use in AES-GCM-SIV (RFC 8452), but the kernel does not currently support this mode. POLYVAL is implemented as an shash algorithm. The implementation is modified from ghash-generic.c. For more information on POLYVAL see: Length-preserving encryption with HCTR2: https://eprint.iacr.org/2021/1441.pdf AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption: https://datatracker.ietf.org/doc/html/rfc8452 Signed-off-by:Nathan Huckleberry <nhuck@google.com> Reviewed-by:
Eric Biggers <ebiggers@google.com> Reviewed-by:
Ard Biesheuvel <ardb@kernel.org> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
Showing
- crypto/Kconfig 8 additions, 0 deletionscrypto/Kconfig
- crypto/Makefile 1 addition, 0 deletionscrypto/Makefile
- crypto/polyval-generic.c 205 additions, 0 deletionscrypto/polyval-generic.c
- crypto/tcrypt.c 4 additions, 0 deletionscrypto/tcrypt.c
- crypto/testmgr.c 6 additions, 0 deletionscrypto/testmgr.c
- crypto/testmgr.h 171 additions, 0 deletionscrypto/testmgr.h
- include/crypto/polyval.h 17 additions, 0 deletionsinclude/crypto/polyval.h
Please register or sign in to comment