summaryrefslogtreecommitdiffstats
path: root/crypto/testmgr.c
diff options
context:
space:
mode:
authorEric Biggers <ebiggers@google.com>2018-06-18 10:22:39 -0700
committerHerbert Xu <herbert@gondor.apana.org.au>2018-07-01 21:00:43 +0800
commited331adab35bcddc595dae066522ca6336ee9210 (patch)
tree7d9daa5ac6b7d61166803e51458e8f512ae88013 /crypto/testmgr.c
parentbb29648102335586e9a66289a1d98a0cb392b6e5 (diff)
downloadlinux-ed331adab35bcddc595dae066522ca6336ee9210.tar.gz
linux-ed331adab35bcddc595dae066522ca6336ee9210.tar.bz2
linux-ed331adab35bcddc595dae066522ca6336ee9210.zip
crypto: vmac - add nonced version with big endian digest
Currently the VMAC template uses a "nonce" hardcoded to 0, which makes it insecure unless a unique key is set for every message. Also, the endianness of the final digest is wrong: the implementation uses little endian, but the VMAC specification has it as big endian, as do other VMAC implementations such as the one in Crypto++. Add a new VMAC template where the nonce is passed as the first 16 bytes of data (similar to what is done for Poly1305's nonce), and the digest is big endian. Call it "vmac64", since the old name of simply "vmac" didn't clarify whether the implementation is of VMAC-64 or of VMAC-128 (which produce 64-bit and 128-bit digests respectively); so we fix the naming ambiguity too. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/testmgr.c')
-rw-r--r--crypto/testmgr.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 11e45352fd0b..60a557b0f8d3 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -3484,6 +3484,12 @@ static const struct alg_test_desc alg_test_descs[] = {
.hash = __VECS(aes_vmac128_tv_template)
}
}, {
+ .alg = "vmac64(aes)",
+ .test = alg_test_hash,
+ .suite = {
+ .hash = __VECS(vmac64_aes_tv_template)
+ }
+ }, {
.alg = "wp256",
.test = alg_test_hash,
.suite = {