diff options
author | Nathan Huckleberry <nhuck@google.com> | 2022-05-20 20:14:54 +0200 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2022-06-10 10:40:17 +0200 |
commit | f3c923a09c4c4f5861b1ed53cf75673992a6ba68 (patch) | |
tree | cf65bb77fe12ef20e9b0afe2f8704666d17b4134 /crypto/Kconfig | |
parent | crypto: xctr - Add XCTR support (diff) | |
download | linux-f3c923a09c4c4f5861b1ed53cf75673992a6ba68.tar.xz linux-f3c923a09c4c4f5861b1ed53cf75673992a6ba68.zip |
crypto: polyval - Add POLYVAL support
Add support for POLYVAL, an ε-Δ-universal hash function similar to
GHASH. This patch only uses POLYVAL as a component to implement HCTR2
mode. It should be noted that POLYVAL was originally specified for use
in AES-GCM-SIV (RFC 8452), but the kernel does not currently support
this mode.
POLYVAL is implemented as an shash algorithm. The implementation is
modified from ghash-generic.c.
For more information on POLYVAL see:
Length-preserving encryption with HCTR2:
https://eprint.iacr.org/2021/1441.pdf
AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption:
https://datatracker.ietf.org/doc/html/rfc8452
Signed-off-by: Nathan Huckleberry <nhuck@google.com>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/Kconfig')
-rw-r--r-- | crypto/Kconfig | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig index b9e4d511bf5a..d59e70dca197 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -773,6 +773,14 @@ config CRYPTO_GHASH GHASH is the hash function used in GCM (Galois/Counter Mode). It is not a general-purpose cryptographic hash function. +config CRYPTO_POLYVAL + tristate + select CRYPTO_GF128MUL + select CRYPTO_HASH + help + POLYVAL is the hash function used in HCTR2. It is not a general-purpose + cryptographic hash function. + config CRYPTO_POLY1305 tristate "Poly1305 authenticator algorithm" select CRYPTO_HASH |