summaryrefslogtreecommitdiff
path: root/crypto/testmgr.c
diff options
context:
space:
mode:
authorNathan Huckleberry <nhuck@google.com>2022-05-20 18:14:54 +0000
committerHerbert Xu <herbert@gondor.apana.org.au>2022-06-10 16:40:17 +0800
commitf3c923a09c4c4f5861b1ed53cf75673992a6ba68 (patch)
treecf65bb77fe12ef20e9b0afe2f8704666d17b4134 /crypto/testmgr.c
parent17fee07a2ac577da18b44dd658a9c3c864281c49 (diff)
downloadlwn-f3c923a09c4c4f5861b1ed53cf75673992a6ba68.tar.gz
lwn-f3c923a09c4c4f5861b1ed53cf75673992a6ba68.zip
crypto: polyval - Add POLYVAL support
Add support for POLYVAL, an ε-Δ-universal hash function similar to GHASH. This patch only uses POLYVAL as a component to implement HCTR2 mode. It should be noted that POLYVAL was originally specified for use in AES-GCM-SIV (RFC 8452), but the kernel does not currently support this mode. POLYVAL is implemented as an shash algorithm. The implementation is modified from ghash-generic.c. For more information on POLYVAL see: Length-preserving encryption with HCTR2: https://eprint.iacr.org/2021/1441.pdf AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption: https://datatracker.ietf.org/doc/html/rfc8452 Signed-off-by: Nathan Huckleberry <nhuck@google.com> Reviewed-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/testmgr.c')
-rw-r--r--crypto/testmgr.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 0ea77dcdc6c0..0f40e260b5a9 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5343,6 +5343,12 @@ static const struct alg_test_desc alg_test_descs[] = {
.hash = __VECS(poly1305_tv_template)
}
}, {
+ .alg = "polyval",
+ .test = alg_test_hash,
+ .suite = {
+ .hash = __VECS(polyval_tv_template)
+ }
+ }, {
.alg = "rfc3686(ctr(aes))",
.test = alg_test_skcipher,
.fips_allowed = 1,