summaryrefslogtreecommitdiffstatshomepage
path: root/src/crypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
* compat: backport siphash & dst_cache from mainlineJason A. Donenfeld2017-02-132-296/+0
|
* curve25519: do everything on the stackJason A. Donenfeld2017-01-151-171/+0
| | | | | | With MIPS now supporting a separate IRQ stack, and with these changes being backported into OpenWRT (and likely the stable mainline releases), we no longer need to kmalloc more space for temporary variables.
* Use __read_mostly attribute when possibleJason A. Donenfeld2017-01-131-3/+3
|
* Update copyrightJason A. Donenfeld2017-01-108-8/+8
|
* blake2s: cleanupJason A. Donenfeld2016-12-261-9/+4
|
* cookies: use xchacha20poly1305 instead of chacha20poly1305Jason A. Donenfeld2016-12-232-1/+120
| | | | | This allows us to precompute the blake2s calls and save cycles, since hchacha is fast.
* siphash: preserve endian-ness for quick helperJason A. Donenfeld2016-12-161-5/+9
| | | | This fixes errors on big endian machines.
* siphash: update against upstream submissionJason A. Donenfeld2016-12-164-84/+292
|
* siphash: useless riceJason A. Donenfeld2016-12-121-3/+1
|
* crypto: use kernel's bitops functionsJason A. Donenfeld2016-12-112-18/+15
|
* blake2s: move self tests to correct directoryJason A. Donenfeld2016-12-111-554/+1
|
* global: move to consistent use of uN instead of uintN_t for kernel codeJason A. Donenfeld2016-12-118-327/+327
|
* siphash: add types to headerJason A. Donenfeld2016-11-291-0/+2
|
* headers: cleanup noticesJason A. Donenfeld2016-11-218-8/+8
|
* chacha20poly1305: sse/ymm should be implicitexperimental-0.0.20161116.1Jason A. Donenfeld2016-11-161-1/+1
|
* chacha20poly1305: rely on avx and avx2experimental-0.0.20161116Jason A. Donenfeld2016-11-161-1/+1
| | | | | | It turns out some FrankenVMs disable AVX but keep AVX2, causing issues. The crypto code now relies on having both AVX and AVX2 and the right features.
* curve25519: use kmalloc in order to not overflow stackexperimental-0.0.20161110Jason A. Donenfeld2016-11-101-89/+260
| | | | | | | | | | | | | | | | | On MIPS, the IRQ and SoftIRQ handlers share the stack with whatever kernel thread was interrupted. This means that Curve25519 can be interrupted by, say, an ethernet controller, that then gets handled by a SoftIRQ. If something like l2tp is being used, which uses quite a bit of stack, then by the time the SoftIRQ handler gets to WireGuard code and calls into the stack-heavy ChaPoly functions, our 8k stack is shot. In other words, since Curve25519 is such a big consumer of stack, if it's interrupted by anything else that uses a healthy amount of stack, then disaster strikes. The solution here is just to allocate using kmalloc. This is quite ugly, and if performance becomes an issue, we might consider moving to a kmem_cache allocator, or even having each peer keep its own preallocated space. But for now, we'll try this.
* chacha20poly1305: don't forget version headerJason A. Donenfeld2016-11-091-0/+1
|
* chacha20poly1305: it's just as fast to use these more simple unaligned access helpersJason A. Donenfeld2016-11-071-36/+7
|
* chacha20poly1305: cleanup magic constantsexperimental-0.0.20161105Jason A. Donenfeld2016-11-051-3/+2
|
* c89: the static keyword is okay in c99, but not in c89Jason A. Donenfeld2016-11-056-22/+22
|
* data: keep FPU on when possibleJason A. Donenfeld2016-11-042-52/+41
|
* chacha20poly1305: src is different from dst on last pieceexperimental-0.0.20161103Jason A. Donenfeld2016-11-031-1/+1
| | | | | | | This took hours of debugging. In some cases, the src and dst are different for the last piece, so the incorrect code here resulted in computing the poly1305 over the wrong data. This lead to packets being unnecessarily dropped.
* Rework headers and includesJason A. Donenfeld2016-09-295-4/+6
|
* poly1305: optimize unaligned accessRené van Dorst2016-09-291-0/+30
|
* selftest: move to subfolderJason A. Donenfeld2016-08-023-207/+3
|
* c: specify static array size in function paramsJason A. Donenfeld2016-08-026-22/+22
| | | | | | | | | | | | | | | The C standard states: A declaration of a parameter as ``array of type'' shall be adjusted to ``qualified pointer to type'', where the type qualifiers (if any) are those specified within the [ and ] of the array type derivation. If the keyword static also appears within the [ and ] of the array type derivation, then for each call to the function, the value of the corresponding actual argument shall provide access to the first element of an array with at least as many elements as specified by the size expression. By changing void func(int array[4]) to void func(int array[static 4]), we automatically get the compiler checking argument sizes for us, which is quite nice.
* curve25519: unneeded zeros variableJason A. Donenfeld2016-07-071-2/+0
|
* chacha20poly1305: use more standard way of testing FPU featuresJason A. Donenfeld2016-06-291-7/+2
|
* tests: make fatalJason A. Donenfeld2016-06-258-9/+13
|
* Initial commitJason A. Donenfeld2016-06-2512-0/+5242
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.