39 	struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);  in crypto_poly1305_init()  local
41 	memset(dctx->h, 0, sizeof(dctx->h));  in crypto_poly1305_init()
42 	dctx->buflen = 0;  in crypto_poly1305_init()
43 	dctx->rset = false;  in crypto_poly1305_init()
44 	dctx->sset = false;  in crypto_poly1305_init()
50 static void poly1305_setrkey(struct poly1305_desc_ctx *dctx, const u8 *key)  in poly1305_setrkey()  argument
53 	dctx->r[0] = (get_unaligned_le32(key +  0) >> 0) & 0x3ffffff;  in poly1305_setrkey()
54 	dctx->r[1] = (get_unaligned_le32(key +  3) >> 2) & 0x3ffff03;  in poly1305_setrkey()
55 	dctx->r[2] = (get_unaligned_le32(key +  6) >> 4) & 0x3ffc0ff;  in poly1305_setrkey()
56 	dctx->r[3] = (get_unaligned_le32(key +  9) >> 6) & 0x3f03fff;  in poly1305_setrkey()
57 	dctx->r[4] = (get_unaligned_le32(key + 12) >> 8) & 0x00fffff;  in poly1305_setrkey()
60 static void poly1305_setskey(struct poly1305_desc_ctx *dctx, const u8 *key)  in poly1305_setskey()  argument
62 	dctx->s[0] = get_unaligned_le32(key +  0);  in poly1305_setskey()
63 	dctx->s[1] = get_unaligned_le32(key +  4);  in poly1305_setskey()
64 	dctx->s[2] = get_unaligned_le32(key +  8);  in poly1305_setskey()
65 	dctx->s[3] = get_unaligned_le32(key + 12);  in poly1305_setskey()
73 unsigned int crypto_poly1305_setdesckey(struct poly1305_desc_ctx *dctx,  in crypto_poly1305_setdesckey()  argument
76 	if (!dctx->sset) {  in crypto_poly1305_setdesckey()
77 		if (!dctx->rset && srclen >= POLY1305_BLOCK_SIZE) {  in crypto_poly1305_setdesckey()
78 			poly1305_setrkey(dctx, src);  in crypto_poly1305_setdesckey()
81 			dctx->rset = true;  in crypto_poly1305_setdesckey()
84 			poly1305_setskey(dctx, src);  in crypto_poly1305_setdesckey()
87 			dctx->sset = true;  in crypto_poly1305_setdesckey()
94 static unsigned int poly1305_blocks(struct poly1305_desc_ctx *dctx,  in poly1305_blocks()  argument
104 	if (unlikely(!dctx->sset)) {  in poly1305_blocks()
105 		datalen = crypto_poly1305_setdesckey(dctx, src, srclen);  in poly1305_blocks()
110 	r0 = dctx->r[0];  in poly1305_blocks()
111 	r1 = dctx->r[1];  in poly1305_blocks()
112 	r2 = dctx->r[2];  in poly1305_blocks()
113 	r3 = dctx->r[3];  in poly1305_blocks()
114 	r4 = dctx->r[4];  in poly1305_blocks()
121 	h0 = dctx->h[0];  in poly1305_blocks()
122 	h1 = dctx->h[1];  in poly1305_blocks()
123 	h2 = dctx->h[2];  in poly1305_blocks()
124 	h3 = dctx->h[3];  in poly1305_blocks()
125 	h4 = dctx->h[4];  in poly1305_blocks()
160 	dctx->h[0] = h0;  in poly1305_blocks()
161 	dctx->h[1] = h1;  in poly1305_blocks()
162 	dctx->h[2] = h2;  in poly1305_blocks()
163 	dctx->h[3] = h3;  in poly1305_blocks()
164 	dctx->h[4] = h4;  in poly1305_blocks()
172 	struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);  in crypto_poly1305_update()  local
175 	if (unlikely(dctx->buflen)) {  in crypto_poly1305_update()
176 		bytes = min(srclen, POLY1305_BLOCK_SIZE - dctx->buflen);  in crypto_poly1305_update()
177 		memcpy(dctx->buf + dctx->buflen, src, bytes);  in crypto_poly1305_update()
180 		dctx->buflen += bytes;  in crypto_poly1305_update()
182 		if (dctx->buflen == POLY1305_BLOCK_SIZE) {  in crypto_poly1305_update()
183 			poly1305_blocks(dctx, dctx->buf,  in crypto_poly1305_update()
185 			dctx->buflen = 0;  in crypto_poly1305_update()
190 		bytes = poly1305_blocks(dctx, src, srclen, 1 << 24);  in crypto_poly1305_update()
196 		dctx->buflen = srclen;  in crypto_poly1305_update()
197 		memcpy(dctx->buf, src, srclen);  in crypto_poly1305_update()
206 	struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);  in crypto_poly1305_final()  local
212 	if (unlikely(!dctx->sset))  in crypto_poly1305_final()
215 	if (unlikely(dctx->buflen)) {  in crypto_poly1305_final()
216 		dctx->buf[dctx->buflen++] = 1;  in crypto_poly1305_final()
217 		memset(dctx->buf + dctx->buflen, 0,  in crypto_poly1305_final()
218 		       POLY1305_BLOCK_SIZE - dctx->buflen);  in crypto_poly1305_final()
219 		poly1305_blocks(dctx, dctx->buf, POLY1305_BLOCK_SIZE, 0);  in crypto_poly1305_final()
223 	h0 = dctx->h[0];  in crypto_poly1305_final()
224 	h1 = dctx->h[1];  in crypto_poly1305_final()
225 	h2 = dctx->h[2];  in crypto_poly1305_final()
226 	h3 = dctx->h[3];  in crypto_poly1305_final()
227 	h4 = dctx->h[4];  in crypto_poly1305_final()
263 	f = (f >> 32) + h0 + dctx->s[0]; put_unaligned_le32(f, dst +  0);  in crypto_poly1305_final()
264 	f = (f >> 32) + h1 + dctx->s[1]; put_unaligned_le32(f, dst +  4);  in crypto_poly1305_final()
265 	f = (f >> 32) + h2 + dctx->s[2]; put_unaligned_le32(f, dst +  8);  in crypto_poly1305_final()
266 	f = (f >> 32) + h3 + dctx->s[3]; put_unaligned_le32(f, dst + 12);  in crypto_poly1305_final()