summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Willi <martin@strongswan.org>2015-06-16 05:34:16 -0400
committerHerbert Xu <herbert@gondor.apana.org.au>2015-06-17 03:35:11 -0400
commitc2b7b20aedfa10de3634877c3e4b7bc9a7d6461e (patch)
treeccc9c1ac23ae8669a5860a3e50ed8f13bbd1704b
parent8f69b763877a20fe06cb8d89b031a7ae73b269f2 (diff)
crypto: poly1305 - Pass key as first two message blocks to each desc_ctx
The Poly1305 authenticator requires a unique key for each generated tag. This implies that we can't set the key per tfm, as multiple users set individual keys. Instead we pass a desc specific key as the first two blocks of the message to authenticate in update(). Signed-off-by: Martin Willi <martin@strongswan.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat
-rw-r--r--crypto/chacha20poly1305.c54
-rw-r--r--crypto/poly1305_generic.c97
-rw-r--r--crypto/testmgr.h99
3 files changed, 134 insertions, 116 deletions
diff --git a/crypto/chacha20poly1305.c b/crypto/chacha20poly1305.c
index 05fbc59297e5..7b46ed799a64 100644
--- a/crypto/chacha20poly1305.c
+++ b/crypto/chacha20poly1305.c
@@ -54,14 +54,14 @@ struct poly_req {
54}; 54};
55 55
56struct chacha_req { 56struct chacha_req {
57 /* the key we generate for Poly1305 using Chacha20 */
58 u8 key[POLY1305_KEY_SIZE];
59 u8 iv[CHACHA20_IV_SIZE]; 57 u8 iv[CHACHA20_IV_SIZE];
60 struct scatterlist src[1]; 58 struct scatterlist src[1];
61 struct ablkcipher_request req; /* must be last member */ 59 struct ablkcipher_request req; /* must be last member */
62}; 60};
63 61
64struct chachapoly_req_ctx { 62struct chachapoly_req_ctx {
63 /* the key we generate for Poly1305 using Chacha20 */
64 u8 key[POLY1305_KEY_SIZE];
65 /* calculated Poly1305 tag */ 65 /* calculated Poly1305 tag */
66 u8 tag[POLY1305_DIGEST_SIZE]; 66 u8 tag[POLY1305_DIGEST_SIZE];
67 /* length of data to en/decrypt, without ICV */ 67 /* length of data to en/decrypt, without ICV */
@@ -294,53 +294,59 @@ static int poly_ad(struct aead_request *req)
294 return poly_adpad(req); 294 return poly_adpad(req);
295} 295}
296 296
297static void poly_init_done(struct crypto_async_request *areq, int err) 297static void poly_setkey_done(struct crypto_async_request *areq, int err)
298{ 298{
299 async_done_continue(areq->data, err, poly_ad); 299 async_done_continue(areq->data, err, poly_ad);
300} 300}
301 301
302static int poly_init(struct aead_request *req) 302static int poly_setkey(struct aead_request *req)
303{ 303{
304 struct chachapoly_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); 304 struct chachapoly_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req));
305 struct chachapoly_req_ctx *rctx = aead_request_ctx(req); 305 struct chachapoly_req_ctx *rctx = aead_request_ctx(req);
306 struct poly_req *preq = &rctx->u.poly; 306 struct poly_req *preq = &rctx->u.poly;
307 int err; 307 int err;
308 308
309 sg_init_table(preq->src, 1);
310 sg_set_buf(preq->src, rctx->key, sizeof(rctx->key));
311
309 ahash_request_set_callback(&preq->req, aead_request_flags(req), 312 ahash_request_set_callback(&preq->req, aead_request_flags(req),
310 poly_init_done, req); 313 poly_setkey_done, req);
311 ahash_request_set_tfm(&preq->req, ctx->poly); 314 ahash_request_set_tfm(&preq->req, ctx->poly);
315 ahash_request_set_crypt(&preq->req, preq->src, NULL, sizeof(rctx->key));
312 316
313 err = crypto_ahash_init(&preq->req); 317 err = crypto_ahash_update(&preq->req);
314 if (err) 318 if (err)
315 return err; 319 return err;
316 320
317 return poly_ad(req); 321 return poly_ad(req);
318} 322}
319 323
320static int poly_genkey_continue(struct aead_request *req) 324static void poly_init_done(struct crypto_async_request *areq, int err)
321{ 325{
322 struct crypto_aead *aead = crypto_aead_reqtfm(req); 326 async_done_continue(areq->data, err, poly_setkey);
323 struct chachapoly_ctx *ctx = crypto_aead_ctx(aead); 327}
328
329static int poly_init(struct aead_request *req)
330{
331 struct chachapoly_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req));
324 struct chachapoly_req_ctx *rctx = aead_request_ctx(req); 332 struct chachapoly_req_ctx *rctx = aead_request_ctx(req);
325 struct chacha_req *creq = &rctx->u.chacha; 333 struct poly_req *preq = &rctx->u.poly;
326 int err; 334 int err;
327 335
328 crypto_ahash_clear_flags(ctx->poly, CRYPTO_TFM_REQ_MASK); 336 ahash_request_set_callback(&preq->req, aead_request_flags(req),
329 crypto_ahash_set_flags(ctx->poly, crypto_aead_get_flags(aead) & 337 poly_init_done, req);
330 CRYPTO_TFM_REQ_MASK); 338 ahash_request_set_tfm(&preq->req, ctx->poly);
331 339
332 err = crypto_ahash_setkey(ctx->poly, creq->key, sizeof(creq->key)); 340 err = crypto_ahash_init(&preq->req);
333 crypto_aead_set_flags(aead, crypto_ahash_get_flags(ctx->poly) &
334 CRYPTO_TFM_RES_MASK);
335 if (err) 341 if (err)
336 return err; 342 return err;
337 343
338 return poly_init(req); 344 return poly_setkey(req);
339} 345}
340 346
341static void poly_genkey_done(struct crypto_async_request *areq, int err) 347static void poly_genkey_done(struct crypto_async_request *areq, int err)
342{ 348{
343 async_done_continue(areq->data, err, poly_genkey_continue); 349 async_done_continue(areq->data, err, poly_init);
344} 350}
345 351
346static int poly_genkey(struct aead_request *req) 352static int poly_genkey(struct aead_request *req)
@@ -351,8 +357,8 @@ static int poly_genkey(struct aead_request *req)
351 int err; 357 int err;
352 358
353 sg_init_table(creq->src, 1); 359 sg_init_table(creq->src, 1);
354 memset(creq->key, 0, sizeof(creq->key)); 360 memset(rctx->key, 0, sizeof(rctx->key));
355 sg_set_buf(creq->src, creq->key, sizeof(creq->key)); 361 sg_set_buf(creq->src, rctx->key, sizeof(rctx->key));
356 362
357 chacha_iv(creq->iv, req, 0); 363 chacha_iv(creq->iv, req, 0);
358 364
@@ -366,7 +372,7 @@ static int poly_genkey(struct aead_request *req)
366 if (err) 372 if (err)
367 return err; 373 return err;
368 374
369 return poly_genkey_continue(req); 375 return poly_init(req);
370} 376}
371 377
372static void chacha_encrypt_done(struct crypto_async_request *areq, int err) 378static void chacha_encrypt_done(struct crypto_async_request *areq, int err)
@@ -403,8 +409,9 @@ static int chachapoly_encrypt(struct aead_request *req)
403 409
404 /* encrypt call chain: 410 /* encrypt call chain:
405 * - chacha_encrypt/done() 411 * - chacha_encrypt/done()
406 * - poly_genkey/done/continue() 412 * - poly_genkey/done()
407 * - poly_init/done() 413 * - poly_init/done()
414 * - poly_setkey/done()
408 * - poly_ad/done() 415 * - poly_ad/done()
409 * - poly_adpad/done() 416 * - poly_adpad/done()
410 * - poly_cipher/done() 417 * - poly_cipher/done()
@@ -424,8 +431,9 @@ static int chachapoly_decrypt(struct aead_request *req)
424 rctx->cryptlen = req->cryptlen - POLY1305_DIGEST_SIZE; 431 rctx->cryptlen = req->cryptlen - POLY1305_DIGEST_SIZE;
425 432
426 /* decrypt call chain: 433 /* decrypt call chain:
427 * - poly_genkey/done/continue() 434 * - poly_genkey/done()
428 * - poly_init/done() 435 * - poly_init/done()
436 * - poly_setkey/done()
429 * - poly_ad/done() 437 * - poly_ad/done()
430 * - poly_adpad/done() 438 * - poly_adpad/done()
431 * - poly_cipher/done() 439 * - poly_cipher/done()
diff --git a/crypto/poly1305_generic.c b/crypto/poly1305_generic.c
index 9c1159b991f4..387b5c887a80 100644
--- a/crypto/poly1305_generic.c
+++ b/crypto/poly1305_generic.c
@@ -21,20 +21,21 @@
21#define POLY1305_KEY_SIZE 32 21#define POLY1305_KEY_SIZE 32
22#define POLY1305_DIGEST_SIZE 16 22#define POLY1305_DIGEST_SIZE 16
23 23
24struct poly1305_ctx { 24struct poly1305_desc_ctx {
25 /* key */ 25 /* key */
26 u32 r[5]; 26 u32 r[5];
27 /* finalize key */ 27 /* finalize key */
28 u32 s[4]; 28 u32 s[4];
29};
30
31struct poly1305_desc_ctx {
32 /* accumulator */ 29 /* accumulator */
33 u32 h[5]; 30 u32 h[5];
34 /* partial buffer */ 31 /* partial buffer */
35 u8 buf[POLY1305_BLOCK_SIZE]; 32 u8 buf[POLY1305_BLOCK_SIZE];
36 /* bytes used in partial buffer */ 33 /* bytes used in partial buffer */
37 unsigned int buflen; 34 unsigned int buflen;
35 /* r key has been set */
36 bool rset;
37 /* s key has been set */
38 bool sset;
38}; 39};
39 40
40static inline u64 mlt(u64 a, u64 b) 41static inline u64 mlt(u64 a, u64 b)
@@ -63,6 +64,8 @@ static int poly1305_init(struct shash_desc *desc)
63 64
64 memset(dctx->h, 0, sizeof(dctx->h)); 65 memset(dctx->h, 0, sizeof(dctx->h));
65 dctx->buflen = 0; 66 dctx->buflen = 0;
67 dctx->rset = false;
68 dctx->sset = false;
66 69
67 return 0; 70 return 0;
68} 71}
@@ -70,42 +73,60 @@ static int poly1305_init(struct shash_desc *desc)
70static int poly1305_setkey(struct crypto_shash *tfm, 73static int poly1305_setkey(struct crypto_shash *tfm,
71 const u8 *key, unsigned int keylen) 74 const u8 *key, unsigned int keylen)
72{ 75{
73 struct poly1305_ctx *ctx = crypto_shash_ctx(tfm); 76 /* Poly1305 requires a unique key for each tag, which implies that
74 77 * we can't set it on the tfm that gets accessed by multiple users
75 if (keylen != POLY1305_KEY_SIZE) { 78 * simultaneously. Instead we expect the key as the first 32 bytes in
76 crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); 79 * the update() call. */
77 return -EINVAL; 80 return -ENOTSUPP;
78 } 81}
79 82
83static void poly1305_setrkey(struct poly1305_desc_ctx *dctx, const u8 *key)
84{
80 /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ 85 /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
81 ctx->r[0] = (le32_to_cpuvp(key + 0) >> 0) & 0x3ffffff; 86 dctx->r[0] = (le32_to_cpuvp(key + 0) >> 0) & 0x3ffffff;
82 ctx->r[1] = (le32_to_cpuvp(key + 3) >> 2) & 0x3ffff03; 87 dctx->r[1] = (le32_to_cpuvp(key + 3) >> 2) & 0x3ffff03;
83 ctx->r[2] = (le32_to_cpuvp(key + 6) >> 4) & 0x3ffc0ff; 88 dctx->r[2] = (le32_to_cpuvp(key + 6) >> 4) & 0x3ffc0ff;
84 ctx->r[3] = (le32_to_cpuvp(key + 9) >> 6) & 0x3f03fff; 89 dctx->r[3] = (le32_to_cpuvp(key + 9) >> 6) & 0x3f03fff;
85 ctx->r[4] = (le32_to_cpuvp(key + 12) >> 8) & 0x00fffff; 90 dctx->r[4] = (le32_to_cpuvp(key + 12) >> 8) & 0x00fffff;
86 91}
87 ctx->s[0] = le32_to_cpuvp(key + 16);
88 ctx->s[1] = le32_to_cpuvp(key + 20);
89 ctx->s[2] = le32_to_cpuvp(key + 24);
90 ctx->s[3] = le32_to_cpuvp(key + 28);
91 92
92 return 0; 93static void poly1305_setskey(struct poly1305_desc_ctx *dctx, const u8 *key)
94{
95 dctx->s[0] = le32_to_cpuvp(key + 0);
96 dctx->s[1] = le32_to_cpuvp(key + 4);
97 dctx->s[2] = le32_to_cpuvp(key + 8);
98 dctx->s[3] = le32_to_cpuvp(key + 12);
93} 99}
94 100
95static unsigned int poly1305_blocks(struct poly1305_desc_ctx *dctx, 101static unsigned int poly1305_blocks(struct poly1305_desc_ctx *dctx,
96 struct poly1305_ctx *ctx, const u8 *src, 102 const u8 *src, unsigned int srclen,
97 unsigned int srclen, u32 hibit) 103 u32 hibit)
98{ 104{
99 u32 r0, r1, r2, r3, r4; 105 u32 r0, r1, r2, r3, r4;
100 u32 s1, s2, s3, s4; 106 u32 s1, s2, s3, s4;
101 u32 h0, h1, h2, h3, h4; 107 u32 h0, h1, h2, h3, h4;
102 u64 d0, d1, d2, d3, d4; 108 u64 d0, d1, d2, d3, d4;
103 109
104 r0 = ctx->r[0]; 110 if (unlikely(!dctx->sset)) {
105 r1 = ctx->r[1]; 111 if (!dctx->rset && srclen >= POLY1305_BLOCK_SIZE) {
106 r2 = ctx->r[2]; 112 poly1305_setrkey(dctx, src);
107 r3 = ctx->r[3]; 113 src += POLY1305_BLOCK_SIZE;
108 r4 = ctx->r[4]; 114 srclen -= POLY1305_BLOCK_SIZE;
115 dctx->rset = true;
116 }
117 if (srclen >= POLY1305_BLOCK_SIZE) {
118 poly1305_setskey(dctx, src);
119 src += POLY1305_BLOCK_SIZE;
120 srclen -= POLY1305_BLOCK_SIZE;
121 dctx->sset = true;
122 }
123 }
124
125 r0 = dctx->r[0];
126 r1 = dctx->r[1];
127 r2 = dctx->r[2];
128 r3 = dctx->r[3];
129 r4 = dctx->r[4];
109 130
110 s1 = r1 * 5; 131 s1 = r1 * 5;
111 s2 = r2 * 5; 132 s2 = r2 * 5;
@@ -164,7 +185,6 @@ static int poly1305_update(struct shash_desc *desc,
164 const u8 *src, unsigned int srclen) 185 const u8 *src, unsigned int srclen)
165{ 186{
166 struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc); 187 struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
167 struct poly1305_ctx *ctx = crypto_shash_ctx(desc->tfm);
168 unsigned int bytes; 188 unsigned int bytes;
169 189
170 if (unlikely(dctx->buflen)) { 190 if (unlikely(dctx->buflen)) {
@@ -175,14 +195,14 @@ static int poly1305_update(struct shash_desc *desc,
175 dctx->buflen += bytes; 195 dctx->buflen += bytes;
176 196
177 if (dctx->buflen == POLY1305_BLOCK_SIZE) { 197 if (dctx->buflen == POLY1305_BLOCK_SIZE) {
178 poly1305_blocks(dctx, ctx, dctx->buf, 198 poly1305_blocks(dctx, dctx->buf,
179 POLY1305_BLOCK_SIZE, 1 << 24); 199 POLY1305_BLOCK_SIZE, 1 << 24);
180 dctx->buflen = 0; 200 dctx->buflen = 0;
181 } 201 }
182 } 202 }
183 203
184 if (likely(srclen >= POLY1305_BLOCK_SIZE)) { 204 if (likely(srclen >= POLY1305_BLOCK_SIZE)) {
185 bytes = poly1305_blocks(dctx, ctx, src, srclen, 1 << 24); 205 bytes = poly1305_blocks(dctx, src, srclen, 1 << 24);
186 src += srclen - bytes; 206 src += srclen - bytes;
187 srclen = bytes; 207 srclen = bytes;
188 } 208 }
@@ -198,18 +218,20 @@ static int poly1305_update(struct shash_desc *desc,
198static int poly1305_final(struct shash_desc *desc, u8 *dst) 218static int poly1305_final(struct shash_desc *desc, u8 *dst)
199{ 219{
200 struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc); 220 struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
201 struct poly1305_ctx *ctx = crypto_shash_ctx(desc->tfm);
202 __le32 *mac = (__le32 *)dst; 221 __le32 *mac = (__le32 *)dst;
203 u32 h0, h1, h2, h3, h4; 222 u32 h0, h1, h2, h3, h4;
204 u32 g0, g1, g2, g3, g4; 223 u32 g0, g1, g2, g3, g4;
205 u32 mask; 224 u32 mask;
206 u64 f = 0; 225 u64 f = 0;
207 226
227 if (unlikely(!dctx->sset))
228 return -ENOKEY;
229
208 if (unlikely(dctx->buflen)) { 230 if (unlikely(dctx->buflen)) {
209 dctx->buf[dctx->buflen++] = 1; 231 dctx->buf[dctx->buflen++] = 1;
210 memset(dctx->buf + dctx->buflen, 0, 232 memset(dctx->buf + dctx->buflen, 0,
211 POLY1305_BLOCK_SIZE - dctx->buflen); 233 POLY1305_BLOCK_SIZE - dctx->buflen);
212 poly1305_blocks(dctx, ctx, dctx->buf, POLY1305_BLOCK_SIZE, 0); 234 poly1305_blocks(dctx, dctx->buf, POLY1305_BLOCK_SIZE, 0);
213 } 235 }
214 236
215 /* fully carry h */ 237 /* fully carry h */
@@ -253,10 +275,10 @@ static int poly1305_final(struct shash_desc *desc, u8 *dst)
253 h3 = (h3 >> 18) | (h4 << 8); 275 h3 = (h3 >> 18) | (h4 << 8);
254 276
255 /* mac = (h + s) % (2^128) */ 277 /* mac = (h + s) % (2^128) */
256 f = (f >> 32) + h0 + ctx->s[0]; mac[0] = cpu_to_le32(f); 278 f = (f >> 32) + h0 + dctx->s[0]; mac[0] = cpu_to_le32(f);
257 f = (f >> 32) + h1 + ctx->s[1]; mac[1] = cpu_to_le32(f); 279 f = (f >> 32) + h1 + dctx->s[1]; mac[1] = cpu_to_le32(f);
258 f = (f >> 32) + h2 + ctx->s[2]; mac[2] = cpu_to_le32(f); 280 f = (f >> 32) + h2 + dctx->s[2]; mac[2] = cpu_to_le32(f);
259 f = (f >> 32) + h3 + ctx->s[3]; mac[3] = cpu_to_le32(f); 281 f = (f >> 32) + h3 + dctx->s[3]; mac[3] = cpu_to_le32(f);
260 282
261 return 0; 283 return 0;
262} 284}
@@ -275,7 +297,6 @@ static struct shash_alg poly1305_alg = {
275 .cra_flags = CRYPTO_ALG_TYPE_SHASH, 297 .cra_flags = CRYPTO_ALG_TYPE_SHASH,
276 .cra_alignmask = sizeof(u32) - 1, 298 .cra_alignmask = sizeof(u32) - 1,
277 .cra_blocksize = POLY1305_BLOCK_SIZE, 299 .cra_blocksize = POLY1305_BLOCK_SIZE,
278 .cra_ctxsize = sizeof(struct poly1305_ctx),
279 .cra_module = THIS_MODULE, 300 .cra_module = THIS_MODULE,
280 }, 301 },
281}; 302};
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 56f8a8ef4862..35f37bcbc0d9 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -3051,12 +3051,11 @@ static struct hash_testvec hmac_sha512_tv_template[] = {
3051 3051
3052static struct hash_testvec poly1305_tv_template[] = { 3052static struct hash_testvec poly1305_tv_template[] = {
3053 { /* Test Vector #1 */ 3053 { /* Test Vector #1 */
3054 .key = "\x00\x00\x00\x00\x00\x00\x00\x00" 3054 .plaintext = "\x00\x00\x00\x00\x00\x00\x00\x00"
3055 "\x00\x00\x00\x00\x00\x00\x00\x00"
3056 "\x00\x00\x00\x00\x00\x00\x00\x00"
3055 "\x00\x00\x00\x00\x00\x00\x00\x00" 3057 "\x00\x00\x00\x00\x00\x00\x00\x00"
3056 "\x00\x00\x00\x00\x00\x00\x00\x00" 3058 "\x00\x00\x00\x00\x00\x00\x00\x00"
3057 "\x00\x00\x00\x00\x00\x00\x00\x00",
3058 .ksize = 32,
3059 .plaintext = "\x00\x00\x00\x00\x00\x00\x00\x00"
3060 "\x00\x00\x00\x00\x00\x00\x00\x00" 3059 "\x00\x00\x00\x00\x00\x00\x00\x00"
3061 "\x00\x00\x00\x00\x00\x00\x00\x00" 3060 "\x00\x00\x00\x00\x00\x00\x00\x00"
3062 "\x00\x00\x00\x00\x00\x00\x00\x00" 3061 "\x00\x00\x00\x00\x00\x00\x00\x00"
@@ -3064,16 +3063,15 @@ static struct hash_testvec poly1305_tv_template[] = {
3064 "\x00\x00\x00\x00\x00\x00\x00\x00" 3063 "\x00\x00\x00\x00\x00\x00\x00\x00"
3065 "\x00\x00\x00\x00\x00\x00\x00\x00" 3064 "\x00\x00\x00\x00\x00\x00\x00\x00"
3066 "\x00\x00\x00\x00\x00\x00\x00\x00", 3065 "\x00\x00\x00\x00\x00\x00\x00\x00",
3067 .psize = 64, 3066 .psize = 96,
3068 .digest = "\x00\x00\x00\x00\x00\x00\x00\x00" 3067 .digest = "\x00\x00\x00\x00\x00\x00\x00\x00"
3069 "\x00\x00\x00\x00\x00\x00\x00\x00", 3068 "\x00\x00\x00\x00\x00\x00\x00\x00",
3070 }, { /* Test Vector #2 */ 3069 }, { /* Test Vector #2 */
3071 .key = "\x00\x00\x00\x00\x00\x00\x00\x00" 3070 .plaintext = "\x00\x00\x00\x00\x00\x00\x00\x00"
3072 "\x00\x00\x00\x00\x00\x00\x00\x00" 3071 "\x00\x00\x00\x00\x00\x00\x00\x00"
3073 "\x36\xe5\xf6\xb5\xc5\xe0\x60\x70" 3072 "\x36\xe5\xf6\xb5\xc5\xe0\x60\x70"
3074 "\xf0\xef\xca\x96\x22\x7a\x86\x3e", 3073 "\xf0\xef\xca\x96\x22\x7a\x86\x3e"
3075 .ksize = 32, 3074 "\x41\x6e\x79\x20\x73\x75\x62\x6d"
3076 .plaintext = "\x41\x6e\x79\x20\x73\x75\x62\x6d"
3077 "\x69\x73\x73\x69\x6f\x6e\x20\x74" 3075 "\x69\x73\x73\x69\x6f\x6e\x20\x74"
3078 "\x6f\x20\x74\x68\x65\x20\x49\x45" 3076 "\x6f\x20\x74\x68\x65\x20\x49\x45"
3079 "\x54\x46\x20\x69\x6e\x74\x65\x6e" 3077 "\x54\x46\x20\x69\x6e\x74\x65\x6e"
@@ -3120,16 +3118,15 @@ static struct hash_testvec poly1305_tv_template[] = {
3120 "\x20\x77\x68\x69\x63\x68\x20\x61" 3118 "\x20\x77\x68\x69\x63\x68\x20\x61"
3121 "\x72\x65\x20\x61\x64\x64\x72\x65" 3119 "\x72\x65\x20\x61\x64\x64\x72\x65"
3122 "\x73\x73\x65\x64\x20\x74\x6f", 3120 "\x73\x73\x65\x64\x20\x74\x6f",
3123 .psize = 375, 3121 .psize = 407,
3124 .digest = "\x36\xe5\xf6\xb5\xc5\xe0\x60\x70" 3122 .digest = "\x36\xe5\xf6\xb5\xc5\xe0\x60\x70"
3125 "\xf0\xef\xca\x96\x22\x7a\x86\x3e", 3123 "\xf0\xef\xca\x96\x22\x7a\x86\x3e",
3126 }, { /* Test Vector #3 */ 3124 }, { /* Test Vector #3 */
3127 .key = "\x36\xe5\xf6\xb5\xc5\xe0\x60\x70" 3125 .plaintext = "\x36\xe5\xf6\xb5\xc5\xe0\x60\x70"
3128 "\xf0\xef\xca\x96\x22\x7a\x86\x3e" 3126 "\xf0\xef\xca\x96\x22\x7a\x86\x3e"
3129 "\x00\x00\x00\x00\x00\x00\x00\x00" 3127 "\x00\x00\x00\x00\x00\x00\x00\x00"
3130 "\x00\x00\x00\x00\x00\x00\x00\x00", 3128 "\x00\x00\x00\x00\x00\x00\x00\x00"
3131 .ksize = 32, 3129 "\x41\x6e\x79\x20\x73\x75\x62\x6d"
3132 .plaintext = "\x41\x6e\x79\x20\x73\x75\x62\x6d"
3133 "\x69\x73\x73\x69\x6f\x6e\x20\x74" 3130 "\x69\x73\x73\x69\x6f\x6e\x20\x74"
3134 "\x6f\x20\x74\x68\x65\x20\x49\x45" 3131 "\x6f\x20\x74\x68\x65\x20\x49\x45"
3135 "\x54\x46\x20\x69\x6e\x74\x65\x6e" 3132 "\x54\x46\x20\x69\x6e\x74\x65\x6e"
@@ -3176,16 +3173,15 @@ static struct hash_testvec poly1305_tv_template[] = {
3176 "\x20\x77\x68\x69\x63\x68\x20\x61" 3173 "\x20\x77\x68\x69\x63\x68\x20\x61"
3177 "\x72\x65\x20\x61\x64\x64\x72\x65" 3174 "\x72\x65\x20\x61\x64\x64\x72\x65"
3178 "\x73\x73\x65\x64\x20\x74\x6f", 3175 "\x73\x73\x65\x64\x20\x74\x6f",
3179 .psize = 375, 3176 .psize = 407,
3180 .digest = "\xf3\x47\x7e\x7c\xd9\x54\x17\xaf" 3177 .digest = "\xf3\x47\x7e\x7c\xd9\x54\x17\xaf"
3181 "\x89\xa6\xb8\x79\x4c\x31\x0c\xf0", 3178 "\x89\xa6\xb8\x79\x4c\x31\x0c\xf0",
3182 }, { /* Test Vector #4 */ 3179 }, { /* Test Vector #4 */
3183 .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a" 3180 .plaintext = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
3184 "\xf3\x33\x88\x86\x04\xf6\xb5\xf0" 3181 "\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
3185 "\x47\x39\x17\xc1\x40\x2b\x80\x09" 3182 "\x47\x39\x17\xc1\x40\x2b\x80\x09"
3186 "\x9d\xca\x5c\xbc\x20\x70\x75\xc0", 3183 "\x9d\xca\x5c\xbc\x20\x70\x75\xc0"
3187 .ksize = 32, 3184 "\x27\x54\x77\x61\x73\x20\x62\x72"
3188 .plaintext = "\x27\x54\x77\x61\x73\x20\x62\x72"
3189 "\x69\x6c\x6c\x69\x67\x2c\x20\x61" 3185 "\x69\x6c\x6c\x69\x67\x2c\x20\x61"
3190 "\x6e\x64\x20\x74\x68\x65\x20\x73" 3186 "\x6e\x64\x20\x74\x68\x65\x20\x73"
3191 "\x6c\x69\x74\x68\x79\x20\x74\x6f" 3187 "\x6c\x69\x74\x68\x79\x20\x74\x6f"
@@ -3201,79 +3197,73 @@ static struct hash_testvec poly1305_tv_template[] = {
3201 "\x68\x65\x20\x6d\x6f\x6d\x65\x20" 3197 "\x68\x65\x20\x6d\x6f\x6d\x65\x20"
3202 "\x72\x61\x74\x68\x73\x20\x6f\x75" 3198 "\x72\x61\x74\x68\x73\x20\x6f\x75"
3203 "\x74\x67\x72\x61\x62\x65\x2e", 3199 "\x74\x67\x72\x61\x62\x65\x2e",
3204 .psize = 127, 3200 .psize = 159,
3205 .digest = "\x45\x41\x66\x9a\x7e\xaa\xee\x61" 3201 .digest = "\x45\x41\x66\x9a\x7e\xaa\xee\x61"
3206 "\xe7\x08\xdc\x7c\xbc\xc5\xeb\x62", 3202 "\xe7\x08\xdc\x7c\xbc\xc5\xeb\x62",
3207 }, { /* Test Vector #5 */ 3203 }, { /* Test Vector #5 */
3208 .key = "\x02\x00\x00\x00\x00\x00\x00\x00" 3204 .plaintext = "\x02\x00\x00\x00\x00\x00\x00\x00"
3209 "\x00\x00\x00\x00\x00\x00\x00\x00" 3205 "\x00\x00\x00\x00\x00\x00\x00\x00"
3210 "\x00\x00\x00\x00\x00\x00\x00\x00" 3206 "\x00\x00\x00\x00\x00\x00\x00\x00"
3211 "\x00\x00\x00\x00\x00\x00\x00\x00", 3207 "\x00\x00\x00\x00\x00\x00\x00\x00"
3212 .ksize = 32, 3208 "\xff\xff\xff\xff\xff\xff\xff\xff"
3213 .plaintext = "\xff\xff\xff\xff\xff\xff\xff\xff"
3214 "\xff\xff\xff\xff\xff\xff\xff\xff", 3209 "\xff\xff\xff\xff\xff\xff\xff\xff",
3215 .psize = 16, 3210 .psize = 48,
3216 .digest = "\x03\x00\x00\x00\x00\x00\x00\x00" 3211 .digest = "\x03\x00\x00\x00\x00\x00\x00\x00"
3217 "\x00\x00\x00\x00\x00\x00\x00\x00", 3212 "\x00\x00\x00\x00\x00\x00\x00\x00",
3218 }, { /* Test Vector #6 */ 3213 }, { /* Test Vector #6 */
3219 .key = "\x02\x00\x00\x00\x00\x00\x00\x00" 3214 .plaintext = "\x02\x00\x00\x00\x00\x00\x00\x00"
3220 "\x00\x00\x00\x00\x00\x00\x00\x00" 3215 "\x00\x00\x00\x00\x00\x00\x00\x00"
3221 "\xff\xff\xff\xff\xff\xff\xff\xff" 3216 "\xff\xff\xff\xff\xff\xff\xff\xff"
3222 "\xff\xff\xff\xff\xff\xff\xff\xff", 3217 "\xff\xff\xff\xff\xff\xff\xff\xff"
3223 .ksize = 32, 3218 "\x02\x00\x00\x00\x00\x00\x00\x00"
3224 .plaintext = "\x02\x00\x00\x00\x00\x00\x00\x00"
3225 "\x00\x00\x00\x00\x00\x00\x00\x00", 3219 "\x00\x00\x00\x00\x00\x00\x00\x00",
3226 .psize = 16, 3220 .psize = 48,
3227 .digest = "\x03\x00\x00\x00\x00\x00\x00\x00" 3221 .digest = "\x03\x00\x00\x00\x00\x00\x00\x00"
3228 "\x00\x00\x00\x00\x00\x00\x00\x00", 3222 "\x00\x00\x00\x00\x00\x00\x00\x00",
3229 }, { /* Test Vector #7 */ 3223 }, { /* Test Vector #7 */
3230 .key = "\x01\x00\x00\x00\x00\x00\x00\x00" 3224 .plaintext = "\x01\x00\x00\x00\x00\x00\x00\x00"
3231 "\x00\x00\x00\x00\x00\x00\x00\x00" 3225 "\x00\x00\x00\x00\x00\x00\x00\x00"
3232 "\x00\x00\x00\x00\x00\x00\x00\x00" 3226 "\x00\x00\x00\x00\x00\x00\x00\x00"
3233 "\x00\x00\x00\x00\x00\x00\x00\x00", 3227 "\x00\x00\x00\x00\x00\x00\x00\x00"
3234 .ksize = 32, 3228 "\xff\xff\xff\xff\xff\xff\xff\xff"
3235 .plaintext = "\xff\xff\xff\xff\xff\xff\xff\xff"
3236 "\xff\xff\xff\xff\xff\xff\xff\xff" 3229 "\xff\xff\xff\xff\xff\xff\xff\xff"
3237 "\xf0\xff\xff\xff\xff\xff\xff\xff" 3230 "\xf0\xff\xff\xff\xff\xff\xff\xff"
3238 "\xff\xff\xff\xff\xff\xff\xff\xff" 3231 "\xff\xff\xff\xff\xff\xff\xff\xff"
3239 "\x11\x00\x00\x00\x00\x00\x00\x00" 3232 "\x11\x00\x00\x00\x00\x00\x00\x00"
3240 "\x00\x00\x00\x00\x00\x00\x00\x00", 3233 "\x00\x00\x00\x00\x00\x00\x00\x00",
3241 .psize = 48, 3234 .psize = 80,
3242 .digest = "\x05\x00\x00\x00\x00\x00\x00\x00" 3235 .digest = "\x05\x00\x00\x00\x00\x00\x00\x00"
3243 "\x00\x00\x00\x00\x00\x00\x00\x00", 3236 "\x00\x00\x00\x00\x00\x00\x00\x00",
3244 }, { /* Test Vector #8 */ 3237 }, { /* Test Vector #8 */
3245 .key = "\x01\x00\x00\x00\x00\x00\x00\x00" 3238 .plaintext = "\x01\x00\x00\x00\x00\x00\x00\x00"
3239 "\x00\x00\x00\x00\x00\x00\x00\x00"
3246 "\x00\x00\x00\x00\x00\x00\x00\x00" 3240 "\x00\x00\x00\x00\x00\x00\x00\x00"
3247 "\x00\x00\x00\x00\x00\x00\x00\x00" 3241 "\x00\x00\x00\x00\x00\x00\x00\x00"
3248 "\x00\x00\x00\x00\x00\x00\x00\x00", 3242 "\xff\xff\xff\xff\xff\xff\xff\xff"
3249 .ksize = 32,
3250 .plaintext = "\xff\xff\xff\xff\xff\xff\xff\xff"
3251 "\xff\xff\xff\xff\xff\xff\xff\xff" 3243 "\xff\xff\xff\xff\xff\xff\xff\xff"
3252 "\xfb\xfe\xfe\xfe\xfe\xfe\xfe\xfe" 3244 "\xfb\xfe\xfe\xfe\xfe\xfe\xfe\xfe"
3253 "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe" 3245 "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe"
3254 "\x01\x01\x01\x01\x01\x01\x01\x01" 3246 "\x01\x01\x01\x01\x01\x01\x01\x01"
3255 "\x01\x01\x01\x01\x01\x01\x01\x01", 3247 "\x01\x01\x01\x01\x01\x01\x01\x01",
3256 .psize = 48, 3248 .psize = 80,
3257 .digest = "\x00\x00\x00\x00\x00\x00\x00\x00" 3249 .digest = "\x00\x00\x00\x00\x00\x00\x00\x00"
3258 "\x00\x00\x00\x00\x00\x00\x00\x00", 3250 "\x00\x00\x00\x00\x00\x00\x00\x00",
3259 }, { /* Test Vector #9 */ 3251 }, { /* Test Vector #9 */
3260 .key = "\x02\x00\x00\x00\x00\x00\x00\x00" 3252 .plaintext = "\x02\x00\x00\x00\x00\x00\x00\x00"
3261 "\x00\x00\x00\x00\x00\x00\x00\x00" 3253 "\x00\x00\x00\x00\x00\x00\x00\x00"
3262 "\x00\x00\x00\x00\x00\x00\x00\x00" 3254 "\x00\x00\x00\x00\x00\x00\x00\x00"
3263 "\x00\x00\x00\x00\x00\x00\x00\x00", 3255 "\x00\x00\x00\x00\x00\x00\x00\x00"
3264 .ksize = 32, 3256 "\xfd\xff\xff\xff\xff\xff\xff\xff"
3265 .plaintext = "\xfd\xff\xff\xff\xff\xff\xff\xff"
3266 "\xff\xff\xff\xff\xff\xff\xff\xff", 3257 "\xff\xff\xff\xff\xff\xff\xff\xff",
3267 .psize = 16, 3258 .psize = 48,
3268 .digest = "\xfa\xff\xff\xff\xff\xff\xff\xff" 3259 .digest = "\xfa\xff\xff\xff\xff\xff\xff\xff"
3269 "\xff\xff\xff\xff\xff\xff\xff\xff", 3260 "\xff\xff\xff\xff\xff\xff\xff\xff",
3270 }, { /* Test Vector #10 */ 3261 }, { /* Test Vector #10 */
3271 .key = "\x01\x00\x00\x00\x00\x00\x00\x00" 3262 .plaintext = "\x01\x00\x00\x00\x00\x00\x00\x00"
3272 "\x04\x00\x00\x00\x00\x00\x00\x00" 3263 "\x04\x00\x00\x00\x00\x00\x00\x00"
3273 "\x00\x00\x00\x00\x00\x00\x00\x00" 3264 "\x00\x00\x00\x00\x00\x00\x00\x00"
3274 "\x00\x00\x00\x00\x00\x00\x00\x00", 3265 "\x00\x00\x00\x00\x00\x00\x00\x00"
3275 .ksize = 32, 3266 "\xe3\x35\x94\xd7\x50\x5e\x43\xb9"
3276 .plaintext = "\xe3\x35\x94\xd7\x50\x5e\x43\xb9"
3277 "\x00\x00\x00\x00\x00\x00\x00\x00" 3267 "\x00\x00\x00\x00\x00\x00\x00\x00"
3278 "\x33\x94\xd7\x50\x5e\x43\x79\xcd" 3268 "\x33\x94\xd7\x50\x5e\x43\x79\xcd"
3279 "\x01\x00\x00\x00\x00\x00\x00\x00" 3269 "\x01\x00\x00\x00\x00\x00\x00\x00"
@@ -3281,22 +3271,21 @@ static struct hash_testvec poly1305_tv_template[] = {
3281 "\x00\x00\x00\x00\x00\x00\x00\x00" 3271 "\x00\x00\x00\x00\x00\x00\x00\x00"
3282 "\x01\x00\x00\x00\x00\x00\x00\x00" 3272 "\x01\x00\x00\x00\x00\x00\x00\x00"
3283 "\x00\x00\x00\x00\x00\x00\x00\x00", 3273 "\x00\x00\x00\x00\x00\x00\x00\x00",
3284 .psize = 64, 3274 .psize = 96,
3285 .digest = "\x14\x00\x00\x00\x00\x00\x00\x00" 3275 .digest = "\x14\x00\x00\x00\x00\x00\x00\x00"
3286 "\x55\x00\x00\x00\x00\x00\x00\x00", 3276 "\x55\x00\x00\x00\x00\x00\x00\x00",
3287 }, { /* Test Vector #11 */ 3277 }, { /* Test Vector #11 */
3288 .key = "\x01\x00\x00\x00\x00\x00\x00\x00" 3278 .plaintext = "\x01\x00\x00\x00\x00\x00\x00\x00"
3289 "\x04\x00\x00\x00\x00\x00\x00\x00" 3279 "\x04\x00\x00\x00\x00\x00\x00\x00"
3290 "\x00\x00\x00\x00\x00\x00\x00\x00" 3280 "\x00\x00\x00\x00\x00\x00\x00\x00"
3291 "\x00\x00\x00\x00\x00\x00\x00\x00", 3281 "\x00\x00\x00\x00\x00\x00\x00\x00"
3292 .ksize = 32, 3282 "\xe3\x35\x94\xd7\x50\x5e\x43\xb9"
3293 .plaintext = "\xe3\x35\x94\xd7\x50\x5e\x43\xb9"
3294 "\x00\x00\x00\x00\x00\x00\x00\x00" 3283 "\x00\x00\x00\x00\x00\x00\x00\x00"
3295 "\x33\x94\xd7\x50\x5e\x43\x79\xcd" 3284 "\x33\x94\xd7\x50\x5e\x43\x79\xcd"
3296 "\x01\x00\x00\x00\x00\x00\x00\x00" 3285 "\x01\x00\x00\x00\x00\x00\x00\x00"
3297 "\x00\x00\x00\x00\x00\x00\x00\x00" 3286 "\x00\x00\x00\x00\x00\x00\x00\x00"
3298 "\x00\x00\x00\x00\x00\x00\x00\x00", 3287 "\x00\x00\x00\x00\x00\x00\x00\x00",
3299 .psize = 48, 3288 .psize = 80,
3300 .digest = "\x13\x00\x00\x00\x00\x00\x00\x00" 3289 .digest = "\x13\x00\x00\x00\x00\x00\x00\x00"
3301 "\x00\x00\x00\x00\x00\x00\x00\x00", 3290 "\x00\x00\x00\x00\x00\x00\x00\x00",
3302 }, 3291 },
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-17 00:11:07 -0400