aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/src/crypto/zinc/selftest/poly1305.h
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2018-09-19 04:42:56 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2018-09-20 19:41:22 +0200
commitb161aff379d6efcd593c75a0d17ef724e8daee63 (patch)
treecb24479660537007c39a66b01baba4cb7d72d332 /src/crypto/zinc/selftest/poly1305.h
parentallowedips: change from BUG_ON to WARN_ON (diff)
downloadwireguard-monolithic-historical-b161aff379d6efcd593c75a0d17ef724e8daee63.tar.xz
wireguard-monolithic-historical-b161aff379d6efcd593c75a0d17ef724e8daee63.zip
poly1305: account for simd being toggled off midway
This is a very rare occurance, but we should account for it, so that the calculations aren't wrong. Here we convert from base 2^26 back to base 2^64.
Diffstat (limited to 'src/crypto/zinc/selftest/poly1305.h')
-rw-r--r--src/crypto/zinc/selftest/poly1305.h17
1 files changed, 17 insertions, 0 deletions
diff --git a/src/crypto/zinc/selftest/poly1305.h b/src/crypto/zinc/selftest/poly1305.h
index 1439c98..71bee1b 100644
--- a/src/crypto/zinc/selftest/poly1305.h
+++ b/src/crypto/zinc/selftest/poly1305.h
@@ -862,6 +862,23 @@ static bool __init poly1305_selftest(void)
i + 1, j);
success = false;
}
+
+ memset(out, 0, sizeof(out));
+ memset(&poly1305, 0, sizeof(poly1305));
+ poly1305_init(&poly1305, poly1305_testvecs[i].key);
+ poly1305_update(&poly1305, poly1305_testvecs[i].input,
+ j, &simd_context);
+ poly1305_update(&poly1305,
+ poly1305_testvecs[i].input + j,
+ poly1305_testvecs[i].ilen - j,
+ (simd_context_t []){ HAVE_NO_SIMD });
+ poly1305_final(&poly1305, out, &simd_context);
+ if (memcmp(out, poly1305_testvecs[i].output,
+ POLY1305_MAC_SIZE)) {
+ pr_info("poly1305 self-test %zu (split %zu, mixed simd): FAIL\n",
+ i + 1, j);
+ success = false;
+ }
simd_relax(&simd_context);
}
}
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.