secure_seq: use SipHash in place of MD5 - wireguard-linux

diff options

author	Jason A. Donenfeld <Jason@zx2c4.com>	2017-01-08 13:54:02 +0100
committer	David S. Miller <davem@davemloft.net>	2017-01-09 13:58:57 -0500
commit	7cd23e5300c1b95903859a8bdc084e79be66ce16 (patch)
tree	d13c33609d8cb1a9629a72cb10633ef6dadcf660 /net/ipv6/syncookies.c
parent	siphash: implement HalfSipHash1-3 for hash tables (diff)
download	wireguard-linux-7cd23e5300c1b95903859a8bdc084e79be66ce16.tar.xz wireguard-linux-7cd23e5300c1b95903859a8bdc084e79be66ce16.zip

secure_seq: use SipHash in place of MD5

This gives a clear speed and security improvement. Siphash is both faster and is more solid crypto than the aging MD5. Rather than manually filling MD5 buffers, for IPv6, we simply create a layout by a simple anonymous struct, for which gcc generates rather efficient code. For IPv4, we pass the values directly to the short input convenience functions. 64-bit x86_64: [ 1.683628] secure_tcpv6_sequence_number_md5# cycles: 99563527 [ 1.717350] secure_tcp_sequence_number_md5# cycles: 92890502 [ 1.741968] secure_tcpv6_sequence_number_siphash# cycles: 67825362 [ 1.762048] secure_tcp_sequence_number_siphash# cycles: 67485526 32-bit x86: [ 1.600012] secure_tcpv6_sequence_number_md5# cycles: 103227892 [ 1.634219] secure_tcp_sequence_number_md5# cycles: 94732544 [ 1.669102] secure_tcpv6_sequence_number_siphash# cycles: 96299384 [ 1.700165] secure_tcp_sequence_number_siphash# cycles: 86015473 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Cc: Andi Kleen <ak@linux.intel.com> Cc: David Miller <davem@davemloft.net> Cc: David Laight <David.Laight@aculab.com> Cc: Tom Herbert <tom@herbertland.com> Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> Cc: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to 'net/ipv6/syncookies.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: