diff options
| author | Nathan Huckleberry <nhuck@google.com> | 2022-05-20 18:14:54 +0000 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2022-06-10 16:40:17 +0800 |
| commit | f48f9d07a358b9a210157d6f36dfd3352ede9e9d (patch) | |
| tree | 1a2df24d13bd73f73f234023c1804759a1b9c414 /crypto/Makefile | |
| parent | 880d1ee81cdf5f2a4e070beab419c17865edfd24 (diff) | |
| download | linux-crypto-f48f9d07a358b9a210157d6f36dfd3352ede9e9d.tar.gz linux-crypto-f48f9d07a358b9a210157d6f36dfd3352ede9e9d.zip | |
crypto: polyval - Add POLYVAL support
Add support for POLYVAL, an ε-Δ-universal hash function similar to
GHASH. This patch only uses POLYVAL as a component to implement HCTR2
mode. It should be noted that POLYVAL was originally specified for use
in AES-GCM-SIV (RFC 8452), but the kernel does not currently support
this mode.
POLYVAL is implemented as an shash algorithm. The implementation is
modified from ghash-generic.c.
For more information on POLYVAL see:
Length-preserving encryption with HCTR2:
https://eprint.iacr.org/2021/1441.pdf
AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption:
https://datatracker.ietf.org/doc/html/rfc8452
Signed-off-by: Nathan Huckleberry <nhuck@google.com>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/Makefile')
| -rw-r--r-- | crypto/Makefile | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/Makefile b/crypto/Makefile index 93d0afeb..7694ed0a 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -172,6 +172,7 @@ UBSAN_SANITIZE_jitterentropy.o = n jitterentropy_rng-y := jitterentropy.o jitterentropy-kcapi.o obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o obj-$(CONFIG_CRYPTO_GHASH) += ghash-generic.o +obj-$(CONFIG_CRYPTO_POLYVAL) += polyval-generic.o obj-$(CONFIG_CRYPTO_USER_API) += af_alg.o obj-$(CONFIG_CRYPTO_USER_API_HASH) += algif_hash.o obj-$(CONFIG_CRYPTO_USER_API_SKCIPHER) += algif_skcipher.o |