Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | compat: backport siphash & dst_cache from mainline | Jason A. Donenfeld | 2017-02-13 | 2 | -296/+0 |
| | |||||
* | curve25519: do everything on the stack | Jason A. Donenfeld | 2017-01-15 | 1 | -171/+0 |
| | | | | | | With MIPS now supporting a separate IRQ stack, and with these changes being backported into OpenWRT (and likely the stable mainline releases), we no longer need to kmalloc more space for temporary variables. | ||||
* | Use __read_mostly attribute when possible | Jason A. Donenfeld | 2017-01-13 | 1 | -3/+3 |
| | |||||
* | Update copyright | Jason A. Donenfeld | 2017-01-10 | 8 | -8/+8 |
| | |||||
* | blake2s: cleanup | Jason A. Donenfeld | 2016-12-26 | 1 | -9/+4 |
| | |||||
* | cookies: use xchacha20poly1305 instead of chacha20poly1305 | Jason A. Donenfeld | 2016-12-23 | 2 | -1/+120 |
| | | | | | This allows us to precompute the blake2s calls and save cycles, since hchacha is fast. | ||||
* | siphash: preserve endian-ness for quick helper | Jason A. Donenfeld | 2016-12-16 | 1 | -5/+9 |
| | | | | This fixes errors on big endian machines. | ||||
* | siphash: update against upstream submission | Jason A. Donenfeld | 2016-12-16 | 4 | -84/+292 |
| | |||||
* | siphash: useless rice | Jason A. Donenfeld | 2016-12-12 | 1 | -3/+1 |
| | |||||
* | crypto: use kernel's bitops functions | Jason A. Donenfeld | 2016-12-11 | 2 | -18/+15 |
| | |||||
* | blake2s: move self tests to correct directory | Jason A. Donenfeld | 2016-12-11 | 1 | -554/+1 |
| | |||||
* | global: move to consistent use of uN instead of uintN_t for kernel code | Jason A. Donenfeld | 2016-12-11 | 8 | -327/+327 |
| | |||||
* | siphash: add types to header | Jason A. Donenfeld | 2016-11-29 | 1 | -0/+2 |
| | |||||
* | headers: cleanup notices | Jason A. Donenfeld | 2016-11-21 | 8 | -8/+8 |
| | |||||
* | chacha20poly1305: sse/ymm should be implicitexperimental-0.0.20161116.1 | Jason A. Donenfeld | 2016-11-16 | 1 | -1/+1 |
| | |||||
* | chacha20poly1305: rely on avx and avx2experimental-0.0.20161116 | Jason A. Donenfeld | 2016-11-16 | 1 | -1/+1 |
| | | | | | | It turns out some FrankenVMs disable AVX but keep AVX2, causing issues. The crypto code now relies on having both AVX and AVX2 and the right features. | ||||
* | curve25519: use kmalloc in order to not overflow stackexperimental-0.0.20161110 | Jason A. Donenfeld | 2016-11-10 | 1 | -89/+260 |
| | | | | | | | | | | | | | | | | | On MIPS, the IRQ and SoftIRQ handlers share the stack with whatever kernel thread was interrupted. This means that Curve25519 can be interrupted by, say, an ethernet controller, that then gets handled by a SoftIRQ. If something like l2tp is being used, which uses quite a bit of stack, then by the time the SoftIRQ handler gets to WireGuard code and calls into the stack-heavy ChaPoly functions, our 8k stack is shot. In other words, since Curve25519 is such a big consumer of stack, if it's interrupted by anything else that uses a healthy amount of stack, then disaster strikes. The solution here is just to allocate using kmalloc. This is quite ugly, and if performance becomes an issue, we might consider moving to a kmem_cache allocator, or even having each peer keep its own preallocated space. But for now, we'll try this. | ||||
* | chacha20poly1305: don't forget version header | Jason A. Donenfeld | 2016-11-09 | 1 | -0/+1 |
| | |||||
* | chacha20poly1305: it's just as fast to use these more simple unaligned access helpers | Jason A. Donenfeld | 2016-11-07 | 1 | -36/+7 |
| | |||||
* | chacha20poly1305: cleanup magic constantsexperimental-0.0.20161105 | Jason A. Donenfeld | 2016-11-05 | 1 | -3/+2 |
| | |||||
* | c89: the static keyword is okay in c99, but not in c89 | Jason A. Donenfeld | 2016-11-05 | 6 | -22/+22 |
| | |||||
* | data: keep FPU on when possible | Jason A. Donenfeld | 2016-11-04 | 2 | -52/+41 |
| | |||||
* | chacha20poly1305: src is different from dst on last pieceexperimental-0.0.20161103 | Jason A. Donenfeld | 2016-11-03 | 1 | -1/+1 |
| | | | | | | | This took hours of debugging. In some cases, the src and dst are different for the last piece, so the incorrect code here resulted in computing the poly1305 over the wrong data. This lead to packets being unnecessarily dropped. | ||||
* | Rework headers and includes | Jason A. Donenfeld | 2016-09-29 | 5 | -4/+6 |
| | |||||
* | poly1305: optimize unaligned access | René van Dorst | 2016-09-29 | 1 | -0/+30 |
| | |||||
* | selftest: move to subfolder | Jason A. Donenfeld | 2016-08-02 | 3 | -207/+3 |
| | |||||
* | c: specify static array size in function params | Jason A. Donenfeld | 2016-08-02 | 6 | -22/+22 |
| | | | | | | | | | | | | | | | The C standard states: A declaration of a parameter as ``array of type'' shall be adjusted to ``qualified pointer to type'', where the type qualifiers (if any) are those specified within the [ and ] of the array type derivation. If the keyword static also appears within the [ and ] of the array type derivation, then for each call to the function, the value of the corresponding actual argument shall provide access to the first element of an array with at least as many elements as specified by the size expression. By changing void func(int array[4]) to void func(int array[static 4]), we automatically get the compiler checking argument sizes for us, which is quite nice. | ||||
* | curve25519: unneeded zeros variable | Jason A. Donenfeld | 2016-07-07 | 1 | -2/+0 |
| | |||||
* | chacha20poly1305: use more standard way of testing FPU features | Jason A. Donenfeld | 2016-06-29 | 1 | -7/+2 |
| | |||||
* | tests: make fatal | Jason A. Donenfeld | 2016-06-25 | 8 | -9/+13 |
| | |||||
* | Initial commit | Jason A. Donenfeld | 2016-06-25 | 12 | -0/+5242 |