aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/src/crypto/zinc
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2018-09-21 01:50:11 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2018-09-23 17:05:23 +0200
commit77b07d98cef822daad6a6e5e735a66db6cc18a3e (patch)
tree81afd78f8f55ece441b7b6ad0df1b7f7e5c8a424 /src/crypto/zinc
parentchacha20: add chunked selftest and test sliding alignments and hchacha20 (diff)
downloadwireguard-monolithic-historical-77b07d98cef822daad6a6e5e735a66db6cc18a3e.tar.xz
wireguard-monolithic-historical-77b07d98cef822daad6a6e5e735a66db6cc18a3e.zip
global: reduce stack frame size
This brings it under 1280 on 64-bit and under 1024 on 32-bit systems.
Diffstat (limited to 'src/crypto/zinc')
-rw-r--r--src/crypto/zinc/curve25519/curve25519-hacl64.h2
-rw-r--r--src/crypto/zinc/selftest/chacha20.h25
-rw-r--r--src/crypto/zinc/selftest/chacha20poly1305.h35
3 files changed, 36 insertions, 26 deletions
diff --git a/src/crypto/zinc/curve25519/curve25519-hacl64.h b/src/crypto/zinc/curve25519/curve25519-hacl64.h
index 3e34de7..547deac 100644
--- a/src/crypto/zinc/curve25519/curve25519-hacl64.h
+++ b/src/crypto/zinc/curve25519/curve25519-hacl64.h
@@ -584,7 +584,7 @@ static __always_inline void ladder_bigloop_cmult_big_loop(u8 *n1, u64 *nq,
}
}
-static __always_inline void ladder_cmult(u64 *result, u8 *n1, u64 *q)
+static void ladder_cmult(u64 *result, u8 *n1, u64 *q)
{
u64 point_buf[40] = { 0 };
u64 *nq = point_buf;
diff --git a/src/crypto/zinc/selftest/chacha20.h b/src/crypto/zinc/selftest/chacha20.h
index 8ee242d..b20fd31 100644
--- a/src/crypto/zinc/selftest/chacha20.h
+++ b/src/crypto/zinc/selftest/chacha20.h
@@ -2518,20 +2518,25 @@ static bool __init chacha20_selftest(void)
{
enum { MAXIMUM_TEST_BUFFER_LEN = 1UL << 10 };
size_t i, j;
- u8 offset_input[MAXIMUM_TEST_BUFFER_LEN + 1]
- __aligned(__alignof__(unsigned long));
+ u8 *offset_input = NULL, *computed_output = NULL;
u8 offset_key[CHACHA20_KEY_SIZE + 1]
__aligned(__alignof__(unsigned long));
- u8 computed_output[MAXIMUM_TEST_BUFFER_LEN + 1]
- __aligned(__alignof__(unsigned long));
struct chacha20_ctx state;
bool success = true;
simd_context_t simd_context;
+ offset_input = kmalloc(MAXIMUM_TEST_BUFFER_LEN + 1, GFP_KERNEL);
+ computed_output = kmalloc(MAXIMUM_TEST_BUFFER_LEN + 1, GFP_KERNEL);
+ if (!computed_output || !offset_input) {
+ pr_info("chacha20 self-test malloc: FAIL\n");
+ success = false;
+ goto out;
+ }
+
simd_get(&simd_context);
for (i = 0; i < ARRAY_SIZE(chacha20_testvecs); ++i) {
/* Boring case */
- memset(computed_output, 0, sizeof(computed_output));
+ memset(computed_output, 0, MAXIMUM_TEST_BUFFER_LEN + 1);
memset(&state, 0, sizeof(state));
chacha20_init(&state, chacha20_testvecs[i].key,
chacha20_testvecs[i].nonce);
@@ -2544,7 +2549,7 @@ static bool __init chacha20_selftest(void)
}
/* Unaligned case */
- memset(computed_output, 0, sizeof(computed_output));
+ memset(computed_output, 0, MAXIMUM_TEST_BUFFER_LEN + 1);
memset(&state, 0, sizeof(state));
memcpy(offset_input + 1, chacha20_testvecs[i].input,
chacha20_testvecs[i].ilen);
@@ -2563,7 +2568,7 @@ static bool __init chacha20_selftest(void)
/* Chunked case */
if (chacha20_testvecs[i].ilen <= CHACHA20_BLOCK_SIZE)
goto next_test;
- memset(computed_output, 0, sizeof(computed_output));
+ memset(computed_output, 0, MAXIMUM_TEST_BUFFER_LEN + 1);
memset(&state, 0, sizeof(state));
chacha20_init(&state, chacha20_testvecs[i].key,
chacha20_testvecs[i].nonce);
@@ -2586,7 +2591,7 @@ next_test:
!chacha20_testvecs[i].ilen)
continue;
for (j = 1; j < CHACHA20_BLOCK_SIZE; ++j) {
- memset(computed_output, 0, sizeof(computed_output));
+ memset(computed_output, 0, MAXIMUM_TEST_BUFFER_LEN + 1);
memset(&state, 0, sizeof(state));
memcpy(offset_input + j, chacha20_testvecs[i].input,
chacha20_testvecs[i].ilen);
@@ -2616,6 +2621,10 @@ next_test:
simd_put(&simd_context);
if (success)
pr_info("chacha20 self-tests: pass\n");
+
+out:
+ kfree(offset_input);
+ kfree(computed_output);
return success;
}
#endif
diff --git a/src/crypto/zinc/selftest/chacha20poly1305.h b/src/crypto/zinc/selftest/chacha20poly1305.h
index 5133231..2a75dfa 100644
--- a/src/crypto/zinc/selftest/chacha20poly1305.h
+++ b/src/crypto/zinc/selftest/chacha20poly1305.h
@@ -8881,22 +8881,21 @@ static bool __init chacha20poly1305_selftest(void)
{
enum { MAXIMUM_TEST_BUFFER_LEN = 1UL << 12 };
size_t i;
- u8 computed_output[MAXIMUM_TEST_BUFFER_LEN], *heap_src, *heap_dst;
+ u8 *computed_output = NULL, *heap_src = NULL;
bool success = true, ret;
simd_context_t simd_context;
struct scatterlist sg_src, sg_dst;
heap_src = kmalloc(MAXIMUM_TEST_BUFFER_LEN, GFP_KERNEL);
- heap_dst = kmalloc(MAXIMUM_TEST_BUFFER_LEN, GFP_KERNEL);
- if (!heap_src || !heap_dst) {
- kfree(heap_src);
- kfree(heap_dst);
+ computed_output = kmalloc(MAXIMUM_TEST_BUFFER_LEN, GFP_KERNEL);
+ if (!heap_src || !computed_output) {
pr_info("chacha20poly1305 self-test malloc: FAIL\n");
- return false;
+ success = false;
+ goto out;
}
for (i = 0; i < ARRAY_SIZE(chacha20poly1305_enc_vectors); ++i) {
- memset(computed_output, 0, sizeof(computed_output));
+ memset(computed_output, 0, MAXIMUM_TEST_BUFFER_LEN);
chacha20poly1305_selftest_encrypt(computed_output,
chacha20poly1305_enc_vectors[i].input,
chacha20poly1305_enc_vectors[i].ilen,
@@ -8918,12 +8917,12 @@ static bool __init chacha20poly1305_selftest(void)
for (i = 0; i < ARRAY_SIZE(chacha20poly1305_enc_vectors); ++i) {
if (chacha20poly1305_enc_vectors[i].nlen != 8)
continue;
- memset(heap_dst, 0, MAXIMUM_TEST_BUFFER_LEN);
+ memset(computed_output, 0, MAXIMUM_TEST_BUFFER_LEN);
memcpy(heap_src, chacha20poly1305_enc_vectors[i].input,
chacha20poly1305_enc_vectors[i].ilen);
sg_init_one(&sg_src, heap_src,
chacha20poly1305_enc_vectors[i].ilen);
- sg_init_one(&sg_dst, heap_dst,
+ sg_init_one(&sg_dst, computed_output,
chacha20poly1305_enc_vectors[i].ilen +
POLY1305_MAC_SIZE);
ret = chacha20poly1305_encrypt_sg(&sg_dst, &sg_src,
@@ -8933,7 +8932,7 @@ static bool __init chacha20poly1305_selftest(void)
get_unaligned_le64(chacha20poly1305_enc_vectors[i].nonce),
chacha20poly1305_enc_vectors[i].key,
&simd_context);
- if (!ret || memcmp(heap_dst,
+ if (!ret || memcmp(computed_output,
chacha20poly1305_enc_vectors[i].output,
chacha20poly1305_enc_vectors[i].ilen +
POLY1305_MAC_SIZE)) {
@@ -8944,7 +8943,7 @@ static bool __init chacha20poly1305_selftest(void)
}
simd_put(&simd_context);
for (i = 0; i < ARRAY_SIZE(chacha20poly1305_dec_vectors); ++i) {
- memset(computed_output, 0, sizeof(computed_output));
+ memset(computed_output, 0, MAXIMUM_TEST_BUFFER_LEN);
ret = chacha20poly1305_decrypt(computed_output,
chacha20poly1305_dec_vectors[i].input,
chacha20poly1305_dec_vectors[i].ilen,
@@ -8965,12 +8964,12 @@ static bool __init chacha20poly1305_selftest(void)
}
simd_get(&simd_context);
for (i = 0; i < ARRAY_SIZE(chacha20poly1305_dec_vectors); ++i) {
- memset(heap_dst, 0, MAXIMUM_TEST_BUFFER_LEN);
+ memset(computed_output, 0, MAXIMUM_TEST_BUFFER_LEN);
memcpy(heap_src, chacha20poly1305_dec_vectors[i].input,
chacha20poly1305_dec_vectors[i].ilen);
sg_init_one(&sg_src, heap_src,
chacha20poly1305_dec_vectors[i].ilen);
- sg_init_one(&sg_dst, heap_dst,
+ sg_init_one(&sg_dst, computed_output,
chacha20poly1305_dec_vectors[i].ilen -
POLY1305_MAC_SIZE);
ret = chacha20poly1305_decrypt_sg(&sg_dst, &sg_src,
@@ -8981,7 +8980,7 @@ static bool __init chacha20poly1305_selftest(void)
chacha20poly1305_dec_vectors[i].key, &simd_context);
if (!decryption_success(ret,
chacha20poly1305_dec_vectors[i].failure,
- memcmp(heap_dst, chacha20poly1305_dec_vectors[i].output,
+ memcmp(computed_output, chacha20poly1305_dec_vectors[i].output,
chacha20poly1305_dec_vectors[i].ilen -
POLY1305_MAC_SIZE))) {
pr_info("chacha20poly1305 sg decryption self-test %zu: FAIL\n",
@@ -8991,7 +8990,7 @@ static bool __init chacha20poly1305_selftest(void)
}
simd_put(&simd_context);
for (i = 0; i < ARRAY_SIZE(xchacha20poly1305_enc_vectors); ++i) {
- memset(computed_output, 0, sizeof(computed_output));
+ memset(computed_output, 0, MAXIMUM_TEST_BUFFER_LEN);
xchacha20poly1305_encrypt(computed_output,
xchacha20poly1305_enc_vectors[i].input,
xchacha20poly1305_enc_vectors[i].ilen,
@@ -9009,7 +9008,7 @@ static bool __init chacha20poly1305_selftest(void)
}
}
for (i = 0; i < ARRAY_SIZE(xchacha20poly1305_dec_vectors); ++i) {
- memset(computed_output, 0, sizeof(computed_output));
+ memset(computed_output, 0, MAXIMUM_TEST_BUFFER_LEN);
ret = xchacha20poly1305_decrypt(computed_output,
xchacha20poly1305_dec_vectors[i].input,
xchacha20poly1305_dec_vectors[i].ilen,
@@ -9030,8 +9029,10 @@ static bool __init chacha20poly1305_selftest(void)
}
if (success)
pr_info("chacha20poly1305 self-tests: pass\n");
+
+out:
kfree(heap_src);
- kfree(heap_dst);
+ kfree(computed_output);
return success;
}
#endif