17 Feb, 2018
1 commit
-
commit a16e772e664b9a261424107784804cffc8894977 upstream.
Since Poly1305 requires a nonce per invocation, the Linux kernel
implementations of Poly1305 don't use the crypto API's keying mechanism
and instead expect the key and nonce as the first 32 bytes of the data.
But ->setkey() is still defined as a stub returning an error code. This
prevents Poly1305 from being used through AF_ALG and will also break it
completely once we start enforcing that all crypto API users (not just
AF_ALG) call ->setkey() if present.Fix it by removing crypto_poly1305_setkey(), leaving ->setkey as NULL.
Signed-off-by: Eric Biggers
Signed-off-by: Herbert Xu
Signed-off-by: Greg Kroah-Hartman
13 Nov, 2016
1 commit
-
By using the unaligned access helpers, we drastically improve
performance on small MIPS routers that have to go through the exception
fix-up handler for these unaligned accesses.Signed-off-by: Jason A. Donenfeld
Reviewed-by: Eric Biggers
Acked-by: Martin Willi
Signed-off-by: Herbert Xu
17 Jul, 2015
1 commit
-
As architecture specific drivers need a software fallback, export Poly1305
init/update/final functions together with some helpers in a header file.Signed-off-by: Martin Willi
Signed-off-by: Herbert Xu
17 Jun, 2015
1 commit
-
The Poly1305 authenticator requires a unique key for each generated tag. This
implies that we can't set the key per tfm, as multiple users set individual
keys. Instead we pass a desc specific key as the first two blocks of the
message to authenticate in update().Signed-off-by: Martin Willi
Signed-off-by: Herbert Xu
04 Jun, 2015
1 commit
-
Poly1305 is a fast message authenticator designed by Daniel J. Bernstein.
It is further defined in RFC7539 as a building block for the ChaCha20-Poly1305
AEAD for use in IETF protocols.This is a portable C implementation of the algorithm without architecture
specific optimizations, based on public domain code by Daniel J. Bernstein and
Andrew Moon.Signed-off-by: Martin Willi
Acked-by: Steffen Klassert
Signed-off-by: Herbert Xu