• Eric Biggers's avatar
    crypto: poly1305 - add Poly1305 core API · 1b6fd3d5
    Eric Biggers authored
    Expose a low-level Poly1305 API which implements the
    ε-almost-∆-universal (εA∆U) hash function underlying the Poly1305 MAC
    and supports block-aligned inputs only.
    This is needed for Adiantum hashing, which builds an εA∆U hash function
    from NH and a polynomial evaluation in GF(2^{130}-5); this polynomial
    evaluation is identical to the one the Poly1305 MAC does.  However, the
    crypto_shash Poly1305 API isn't very appropriate for this because its
    calling convention assumes it is used as a MAC, with a 32-byte "one-time
    key" provided for every digest.
    But by design, in Adiantum hashing the performance of the polynomial
    evaluation isn't nearly as critical as NH.  So it suffices to just have
    some C helper functions.  Thus, this patch adds such functions.
    Acked-by: default avatarMartin Willi <martin@strongswan.org>
    Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
    Acked-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
poly1305_generic.c 8.52 KB