diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-09-19 04:42:56 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-09-20 19:41:22 +0200 |
commit | b161aff379d6efcd593c75a0d17ef724e8daee63 (patch) | |
tree | cb24479660537007c39a66b01baba4cb7d72d332 /src/crypto/zinc/selftest/poly1305.h | |
parent | allowedips: change from BUG_ON to WARN_ON (diff) | |
download | wireguard-monolithic-historical-b161aff379d6efcd593c75a0d17ef724e8daee63.tar.xz wireguard-monolithic-historical-b161aff379d6efcd593c75a0d17ef724e8daee63.zip |
poly1305: account for simd being toggled off midway
This is a very rare occurance, but we should account for it, so that the
calculations aren't wrong. Here we convert from base 2^26 back to base
2^64.
Diffstat (limited to '')
-rw-r--r-- | src/crypto/zinc/selftest/poly1305.h | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/crypto/zinc/selftest/poly1305.h b/src/crypto/zinc/selftest/poly1305.h index 1439c98..71bee1b 100644 --- a/src/crypto/zinc/selftest/poly1305.h +++ b/src/crypto/zinc/selftest/poly1305.h @@ -862,6 +862,23 @@ static bool __init poly1305_selftest(void) i + 1, j); success = false; } + + memset(out, 0, sizeof(out)); + memset(&poly1305, 0, sizeof(poly1305)); + poly1305_init(&poly1305, poly1305_testvecs[i].key); + poly1305_update(&poly1305, poly1305_testvecs[i].input, + j, &simd_context); + poly1305_update(&poly1305, + poly1305_testvecs[i].input + j, + poly1305_testvecs[i].ilen - j, + (simd_context_t []){ HAVE_NO_SIMD }); + poly1305_final(&poly1305, out, &simd_context); + if (memcmp(out, poly1305_testvecs[i].output, + POLY1305_MAC_SIZE)) { + pr_info("poly1305 self-test %zu (split %zu, mixed simd): FAIL\n", + i + 1, j); + success = false; + } simd_relax(&simd_context); } } |