Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | curve25519: reject deriving from NULL private keys | Jason A. Donenfeld | 2017-11-11 | 1 | -0/+7 |
| | | | | | These aren't actually valid 25519 points pre-normalization, and doing this is required to make unsetting private keys based on all zeros. | ||||
* | receive: hoist fpu outside of receive loop | Jason A. Donenfeld | 2017-11-10 | 2 | -15/+13 |
| | |||||
* | curve25519: only enable int128 if compiler support is sound | Jason A. Donenfeld | 2017-10-31 | 1 | -1/+1 |
| | |||||
* | global: style nits | Jason A. Donenfeld | 2017-10-31 | 4 | -129/+198 |
| | |||||
* | qemu: allow for cross compilation | Jason A. Donenfeld | 2017-10-31 | 1 | -3/+3 |
| | |||||
* | crypto/avx: make sure we can actually use ymm registers | Jason A. Donenfeld | 2017-10-31 | 3 | -3/+3 |
| | |||||
* | blake2: include headers for macros | Jason A. Donenfeld | 2017-10-31 | 1 | -0/+2 |
| | |||||
* | blake2s: modernize API and have faster _final | Jason A. Donenfeld | 2017-10-17 | 2 | -48/+64 |
| | |||||
* | crypto/x86_64: satisfy stack validation 2.0 | Jason A. Donenfeld | 2017-10-09 | 3 | -31/+29 |
| | | | | | We change this to look like the code gcc generates, so as to keep the objtool checker somewhat happy. | ||||
* | global: use _WG prefix for include guards | Jason A. Donenfeld | 2017-10-03 | 3 | -9/+9 |
| | | | | Suggested-by: Sultan Alsawaf <sultanxda@gmail.com> | ||||
* | global: satisfy bitshift pedantry | Jason A. Donenfeld | 2017-10-03 | 1 | -7/+7 |
| | | | | Suggested-by: Sultan Alsawaf <sultanxda@gmail.com> | ||||
* | curve25519-neon-arm: force ARM encoding, since this is unrepresentable in Thumb | Jason A. Donenfeld | 2017-10-02 | 1 | -0/+1 |
| | |||||
* | compat: ensure we can build without compat.h | Jason A. Donenfeld | 2017-09-16 | 2 | -0/+2 |
| | |||||
* | blake2s: satisfy sparse | Jason A. Donenfeld | 2017-08-02 | 1 | -2/+2 |
| | |||||
* | blake2s: fix up alignment issues | Jason A. Donenfeld | 2017-07-20 | 1 | -9/+11 |
| | | | | | When it's unclear if block is aligned, we just assume unaligned, rather than branching. | ||||
* | blake2s: move compression loop to assembly | Samuel Neves | 2017-07-20 | 3 | -72/+84 |
| | |||||
* | curve25519: keep certain sandy2x functions in C | Jason A. Donenfeld | 2017-06-25 | 2 | -232/+84 |
| | | | | We can let the compiler optimize how it sees fit. | ||||
* | curve25519: satisfy sparse and use short types | Jason A. Donenfeld | 2017-06-24 | 1 | -26/+26 |
| | |||||
* | main: annotate init/exit functions to save memory | Jason A. Donenfeld | 2017-06-24 | 3 | -6/+6 |
| | |||||
* | random: wait for random bytes when generating nonces and ephemerals | Jason A. Donenfeld | 2017-06-12 | 1 | -1/+1 |
| | | | | | | | | | | | We can let userspace configure wireguard interfaces before the RNG is fully initialized, since what we mostly care about is having good randomness for ephemerals and xchacha nonces. By deferring the wait to actually asking for the randomness, we give a lot more opportunity for gathering entropy. This won't cover entropy for hash table secrets or cookie secrets (which rotate anyway), but those have far less catastrophic failure modes, so ensuring good randomness for elliptic curve points and nonces should be sufficient. | ||||
* | curve25519: use more standard label convention in asm | Jason A. Donenfeld | 2017-06-01 | 2 | -24/+24 |
| | |||||
* | curve25519: add NEON versions for ARM | Jason A. Donenfeld | 2017-05-31 | 2 | -27/+2158 |
| | |||||
* | curve25519: align the basepoint to 32 bytes | Jason A. Donenfeld | 2017-05-31 | 1 | -2/+2 |
| | |||||
* | curve25519: actually, do some things on heap sometimes | Jason A. Donenfeld | 2017-05-31 | 1 | -0/+170 |
| | | | | This reverts commit 42dd5bd87e418275203dd6644b6b6b0cc310d4d9. | ||||
* | chacha20poly1305: add NEON versions for ARM and ARM64 | Jason A. Donenfeld | 2017-05-30 | 4 | -6/+1031 |
| | |||||
* | chacha20poly1305: move constants to rodata | Jason A. Donenfeld | 2017-05-21 | 5 | -14/+27 |
| | |||||
* | chacha20poly1305: implement vectorized hchacha20 | Jason A. Donenfeld | 2017-05-17 | 2 | -21/+157 |
| | |||||
* | chacha20poly1305: check return values of sgops | Jason A. Donenfeld | 2017-04-04 | 2 | -9/+17 |
| | |||||
* | chacha20poly1305: enforce authtag checking with compiler | Jason A. Donenfeld | 2017-03-30 | 2 | -15/+10 |
| | |||||
* | curve25519: protect against potential invalid point attacks | Jason A. Donenfeld | 2017-03-30 | 2 | -18/+30 |
| | |||||
* | curve25519: 128-bit integer != x86_64 | Jason A. Donenfeld | 2017-03-24 | 1 | -2/+8 |
| | |||||
* | curve25519: do dispatcher in C instead of asm, since shlx is haswell only | Jason A. Donenfeld | 2017-03-20 | 2 | -162/+73 |
| | |||||
* | curve25519: add AVX implementation | Jason A. Donenfeld | 2017-03-19 | 3 | -23/+3697 |
| | |||||
* | blake2s: add AVX implementation | Jason A. Donenfeld | 2017-03-19 | 5 | -7/+602 |
| | |||||
* | compat: backport siphash & dst_cache from mainline | Jason A. Donenfeld | 2017-02-13 | 2 | -296/+0 |
| | |||||
* | curve25519: do everything on the stack | Jason A. Donenfeld | 2017-01-15 | 1 | -171/+0 |
| | | | | | | With MIPS now supporting a separate IRQ stack, and with these changes being backported into OpenWRT (and likely the stable mainline releases), we no longer need to kmalloc more space for temporary variables. | ||||
* | Use __read_mostly attribute when possible | Jason A. Donenfeld | 2017-01-13 | 1 | -3/+3 |
| | |||||
* | Update copyright | Jason A. Donenfeld | 2017-01-10 | 8 | -8/+8 |
| | |||||
* | blake2s: cleanup | Jason A. Donenfeld | 2016-12-26 | 1 | -9/+4 |
| | |||||
* | cookies: use xchacha20poly1305 instead of chacha20poly1305 | Jason A. Donenfeld | 2016-12-23 | 2 | -1/+120 |
| | | | | | This allows us to precompute the blake2s calls and save cycles, since hchacha is fast. | ||||
* | siphash: preserve endian-ness for quick helper | Jason A. Donenfeld | 2016-12-16 | 1 | -5/+9 |
| | | | | This fixes errors on big endian machines. | ||||
* | siphash: update against upstream submission | Jason A. Donenfeld | 2016-12-16 | 4 | -84/+292 |
| | |||||
* | siphash: useless rice | Jason A. Donenfeld | 2016-12-12 | 1 | -3/+1 |
| | |||||
* | crypto: use kernel's bitops functions | Jason A. Donenfeld | 2016-12-11 | 2 | -18/+15 |
| | |||||
* | blake2s: move self tests to correct directory | Jason A. Donenfeld | 2016-12-11 | 1 | -554/+1 |
| | |||||
* | global: move to consistent use of uN instead of uintN_t for kernel code | Jason A. Donenfeld | 2016-12-11 | 8 | -327/+327 |
| | |||||
* | siphash: add types to header | Jason A. Donenfeld | 2016-11-29 | 1 | -0/+2 |
| | |||||
* | headers: cleanup notices | Jason A. Donenfeld | 2016-11-21 | 8 | -8/+8 |
| | |||||
* | chacha20poly1305: sse/ymm should be implicitexperimental-0.0.20161116.1 | Jason A. Donenfeld | 2016-11-16 | 1 | -1/+1 |
| | |||||
* | chacha20poly1305: rely on avx and avx2experimental-0.0.20161116 | Jason A. Donenfeld | 2016-11-16 | 1 | -1/+1 |
| | | | | | | It turns out some FrankenVMs disable AVX but keep AVX2, causing issues. The crypto code now relies on having both AVX and AVX2 and the right features. |