Commit e3efa825 authored May 20, 2022 by Nathan Huckleberry Committed by Greg Kroah-Hartman Sep 07, 2022

UPSTREAM: crypto: polyval - Add POLYVAL support

Add support for POLYVAL, an ε-Δ-universal hash function similar to
GHASH.  This patch only uses POLYVAL as a component to implement HCTR2
mode.  It should be noted that POLYVAL was originally specified for use
in AES-GCM-SIV (RFC 8452), but the kernel does not currently support
this mode.

POLYVAL is implemented as an shash algorithm.  The implementation is
modified from ghash-generic.c.

For more information on POLYVAL see:
Length-preserving encryption with HCTR2:
  https://eprint.iacr.org/2021/1441.pdf
AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption:
  https://datatracker.ietf.org/doc/html/rfc8452



Signed-off-by: Nathan Huckleberry <nhuck@google.com>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Bug: 233652475
Link: https://lore.kernel.org/linux-arm-kernel/20220520181501.2159644-4-nhuck@google.com/T/


(cherry picked from commit f3c923a0)
Change-Id: I7a7e177ecddaa103421b3b4e2d2f072e30e0c934
Signed-off-by: Nathan Huckleberry <nhuck@google.com>

parent 00354420

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit 679bf6a5
· Nov 05, 2025

mentioned in commit 679bf6a5

mentioned in commit 679bf6a59162f072378c62f05ef1238bc546f103

Toggle commit list

Please to comment