From: Martin Willi Subject: Re: [PATCH 3/9] crypto: Add a generic Poly1305 authenticator implementation Date: Thu, 04 Jun 2015 21:42:31 +0200 Message-ID: <1433446951.2945.6.camel@martin> References: <1433159044-30753-1-git-send-email-martin@strongswan.org> <1433159044-30753-4-git-send-email-martin@strongswan.org> <20150604095910.GA24246@gondor.apana.org.au> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Cc: Steffen Klassert , linux-crypto@vger.kernel.org To: Herbert Xu Return-path: Received: from sitav-80046.hsr.ch ([152.96.80.46]:57567 "EHLO mail.strongswan.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752184AbbFDTwD (ORCPT ); Thu, 4 Jun 2015 15:52:03 -0400 In-Reply-To: <20150604095910.GA24246@gondor.apana.org.au> Sender: linux-crypto-owner@vger.kernel.org List-ID: Herbert, > I just realised that this doesn't quite work. The key is shared > by all users of the tfm, yet in your case you need it to be local I agree, as Poly1305 uses a different key for each tag the current approach doesn't work. > I think the simplest solution is to make the key the beginning > of the hashed text instead. So the first two blocks that you > process get used as the key. Yes, that makes sense. I'll prepare a fix, might require some days, though. Thanks! Martin