diff options
author | Nathan Huckleberry <nhuck@google.com> | 2022-05-20 18:14:54 +0000 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2022-06-10 16:40:17 +0800 |
commit | f48f9d07a358b9a210157d6f36dfd3352ede9e9d (patch) | |
tree | 1a2df24d13bd73f73f234023c1804759a1b9c414 /crypto/adiantum.c | |
parent | 880d1ee81cdf5f2a4e070beab419c17865edfd24 (diff) | |
download | linux-crypto-f48f9d07a358b9a210157d6f36dfd3352ede9e9d.tar.gz linux-crypto-f48f9d07a358b9a210157d6f36dfd3352ede9e9d.zip |
crypto: polyval - Add POLYVAL support
Add support for POLYVAL, an ε-Δ-universal hash function similar to
GHASH. This patch only uses POLYVAL as a component to implement HCTR2
mode. It should be noted that POLYVAL was originally specified for use
in AES-GCM-SIV (RFC 8452), but the kernel does not currently support
this mode.
POLYVAL is implemented as an shash algorithm. The implementation is
modified from ghash-generic.c.
For more information on POLYVAL see:
Length-preserving encryption with HCTR2:
https://eprint.iacr.org/2021/1441.pdf
AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption:
https://datatracker.ietf.org/doc/html/rfc8452
Signed-off-by: Nathan Huckleberry <nhuck@google.com>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/adiantum.c')
0 files changed, 0 insertions, 0 deletions