1
2
3
4
5
6
7
8
9
10
11
12
13
14#include <crypto/algapi.h>
15#include <crypto/internal/hash.h>
16#include <crypto/internal/poly1305.h>
17#include <linux/crypto.h>
18#include <linux/kernel.h>
19#include <linux/module.h>
20#include <asm/unaligned.h>
21
22static int crypto_poly1305_init(struct shash_desc *desc)
23{
24 struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
25
26 poly1305_core_init(&dctx->h);
27 dctx->buflen = 0;
28 dctx->rset = 0;
29 dctx->sset = false;
30
31 return 0;
32}
33
34static unsigned int crypto_poly1305_setdesckey(struct poly1305_desc_ctx *dctx,
35 const u8 *src, unsigned int srclen)
36{
37 if (!dctx->sset) {
38 if (!dctx->rset && srclen >= POLY1305_BLOCK_SIZE) {
39 poly1305_core_setkey(&dctx->core_r, src);
40 src += POLY1305_BLOCK_SIZE;
41 srclen -= POLY1305_BLOCK_SIZE;
42 dctx->rset = 2;
43 }
44 if (srclen >= POLY1305_BLOCK_SIZE) {
45 dctx->s[0] = get_unaligned_le32(src + 0);
46 dctx->s[1] = get_unaligned_le32(src + 4);
47 dctx->s[2] = get_unaligned_le32(src + 8);
48 dctx->s[3] = get_unaligned_le32(src + 12);
49 src += POLY1305_BLOCK_SIZE;
50 srclen -= POLY1305_BLOCK_SIZE;
51 dctx->sset = true;
52 }
53 }
54 return srclen;
55}
56
57static void poly1305_blocks(struct poly1305_desc_ctx *dctx, const u8 *src,
58 unsigned int srclen)
59{
60 unsigned int datalen;
61
62 if (unlikely(!dctx->sset)) {
63 datalen = crypto_poly1305_setdesckey(dctx, src, srclen);
64 src += srclen - datalen;
65 srclen = datalen;
66 }
67
68 poly1305_core_blocks(&dctx->h, &dctx->core_r, src,
69 srclen / POLY1305_BLOCK_SIZE, 1);
70}
71
72static int crypto_poly1305_update(struct shash_desc *desc,
73 const u8 *src, unsigned int srclen)
74{
75 struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
76 unsigned int bytes;
77
78 if (unlikely(dctx->buflen)) {
79 bytes = min(srclen, POLY1305_BLOCK_SIZE - dctx->buflen);
80 memcpy(dctx->buf + dctx->buflen, src, bytes);
81 src += bytes;
82 srclen -= bytes;
83 dctx->buflen += bytes;
84
85 if (dctx->buflen == POLY1305_BLOCK_SIZE) {
86 poly1305_blocks(dctx, dctx->buf,
87 POLY1305_BLOCK_SIZE);
88 dctx->buflen = 0;
89 }
90 }
91
92 if (likely(srclen >= POLY1305_BLOCK_SIZE)) {
93 poly1305_blocks(dctx, src, srclen);
94 src += srclen - (srclen % POLY1305_BLOCK_SIZE);
95 srclen %= POLY1305_BLOCK_SIZE;
96 }
97
98 if (unlikely(srclen)) {
99 dctx->buflen = srclen;
100 memcpy(dctx->buf, src, srclen);
101 }
102
103 return 0;
104}
105
106static int crypto_poly1305_final(struct shash_desc *desc, u8 *dst)
107{
108 struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
109
110 if (unlikely(!dctx->sset))
111 return -ENOKEY;
112
113 poly1305_final_generic(dctx, dst);
114 return 0;
115}
116
117static struct shash_alg poly1305_alg = {
118 .digestsize = POLY1305_DIGEST_SIZE,
119 .init = crypto_poly1305_init,
120 .update = crypto_poly1305_update,
121 .final = crypto_poly1305_final,
122 .descsize = sizeof(struct poly1305_desc_ctx),
123 .base = {
124 .cra_name = "poly1305",
125 .cra_driver_name = "poly1305-generic",
126 .cra_priority = 100,
127 .cra_blocksize = POLY1305_BLOCK_SIZE,
128 .cra_module = THIS_MODULE,
129 },
130};
131
132static int __init poly1305_mod_init(void)
133{
134 return crypto_register_shash(&poly1305_alg);
135}
136
137static void __exit poly1305_mod_exit(void)
138{
139 crypto_unregister_shash(&poly1305_alg);
140}
141
142subsys_initcall(poly1305_mod_init);
143module_exit(poly1305_mod_exit);
144
145MODULE_LICENSE("GPL");
146MODULE_AUTHOR("Martin Willi <martin@strongswan.org>");
147MODULE_DESCRIPTION("Poly1305 authenticator");
148MODULE_ALIAS_CRYPTO("poly1305");
149MODULE_ALIAS_CRYPTO("poly1305-generic");
150
