~hc/RK356X_SDK_RELEASE.git

..	..	@@ -1,15 +1,37 @@
	1	+// SPDX-License-Identifier: GPL-2.0-only
1	2	/*
2		- * GHASH: digest algorithm for GCM (Galois/Counter Mode).
	3	+ * GHASH: hash function for GCM (Galois/Counter Mode).
3	4	*
4	5	* Copyright (c) 2007 Nokia Siemens Networks - Mikko Herranen <mh1@iki.fi>
5	6	* Copyright (c) 2009 Intel Corp.
6	7	* Author: Huang Ying <ying.huang@intel.com>
	8	+ */
	9	+
	10	+/*
	11	+ * GHASH is a keyed hash function used in GCM authentication tag generation.
7	12	*
8		- * The algorithm implementation is copied from gcm.c.
	13	+ * The original GCM paper [1] presents GHASH as a function GHASH(H, A, C) which
	14	+ * takes a 16-byte hash key H, additional authenticated data A, and a ciphertext
	15	+ * C. It formats A and C into a single byte string X, interprets X as a
	16	+ * polynomial over GF(2^128), and evaluates this polynomial at the point H.
9	17	*
10		- * This program is free software; you can redistribute it and/or modify it
11		- * under the terms of the GNU General Public License version 2 as published
12		- * by the Free Software Foundation.
	18	+ * However, the NIST standard for GCM [2] presents GHASH as GHASH(H, X) where X
	19	+ * is the already-formatted byte string containing both A and C.
	20	+ *
	21	+ * "ghash" in the Linux crypto API uses the 'X' (pre-formatted) convention,
	22	+ * since the API supports only a single data stream per hash. Thus, the
	23	+ * formatting of 'A' and 'C' is done in the "gcm" template, not in "ghash".
	24	+ *
	25	+ * The reason "ghash" is separate from "gcm" is to allow "gcm" to use an
	26	+ * accelerated "ghash" when a standalone accelerated "gcm(aes)" is unavailable.
	27	+ * It is generally inappropriate to use "ghash" for other purposes, since it is
	28	+ * an "ε-almost-XOR-universal hash function", not a cryptographic hash function.
	29	+ * It can only be used securely in crypto modes specially designed to use it.
	30	+ *
	31	+ * [1] The Galois/Counter Mode of Operation (GCM)
	32	+ * (http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.694.695&rep=rep1&type=pdf)
	33	+ * [2] Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
	34	+ * (https://csrc.nist.gov/publications/detail/sp/800-38d/final)
13	35	*/
14	36
15	37	#include <crypto/algapi.h>
..	..	@@ -36,10 +58,8 @@
36	58	struct ghash_ctx *ctx = crypto_shash_ctx(tfm);
37	59	be128 k;
38	60
39		- if (keylen != GHASH_BLOCK_SIZE) {
40		- crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
	61	+ if (keylen != GHASH_BLOCK_SIZE)
41	62	return -EINVAL;
42		- }
43	63
44	64	if (ctx->gf128)
45	65	gf128mul_free_4k(ctx->gf128);
..	..	@@ -155,10 +175,10 @@
155	175	crypto_unregister_shash(&ghash_alg);
156	176	}
157	177
158		-module_init(ghash_mod_init);
	178	+subsys_initcall(ghash_mod_init);
159	179	module_exit(ghash_mod_exit);
160	180
161	181	MODULE_LICENSE("GPL");
162		-MODULE_DESCRIPTION("GHASH Message Digest Algorithm");
	182	+MODULE_DESCRIPTION("GHASH hash function");
163	183	MODULE_ALIAS_CRYPTO("ghash");
164	184	MODULE_ALIAS_CRYPTO("ghash-generic");