aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/src/crypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
* poly1305: import MIPS64 primitive from OpenSSLJason A. Donenfeld2017-11-223-9/+401
|
* chacha20poly1305: import ARM primitives from OpenSSLJason A. Donenfeld2017-11-2211-1025/+5513
| | | | ARMv4-ARMv8, with NEON for ARMv7 and ARMv8.
* chacha20poly1305: import x86_64 primitives from OpenSSLSamuel Neves2017-11-229-2455/+5236
| | | | | | x86_64 only at the moment. SSSE3, AVX, AVX2, AVX512. Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
* curve25519-neon: compile in thumb modeJason A. Donenfeld2017-11-142-6/+6
| | | | | In thumb mode, it's not possible to use sp as an operand of and, so we have to muck around with r3 as a scratch register.
* curve25519: reject deriving from NULL private keysJason A. Donenfeld2017-11-111-0/+7
| | | | | These aren't actually valid 25519 points pre-normalization, and doing this is required to make unsetting private keys based on all zeros.
* receive: hoist fpu outside of receive loopJason A. Donenfeld2017-11-102-15/+13
|
* curve25519: only enable int128 if compiler support is soundJason A. Donenfeld2017-10-311-1/+1
|
* global: style nitsJason A. Donenfeld2017-10-314-129/+198
|
* qemu: allow for cross compilationJason A. Donenfeld2017-10-311-3/+3
|
* crypto/avx: make sure we can actually use ymm registersJason A. Donenfeld2017-10-313-3/+3
|
* blake2: include headers for macrosJason A. Donenfeld2017-10-311-0/+2
|
* blake2s: modernize API and have faster _finalJason A. Donenfeld2017-10-172-48/+64
|
* crypto/x86_64: satisfy stack validation 2.0Jason A. Donenfeld2017-10-093-31/+29
| | | | | We change this to look like the code gcc generates, so as to keep the objtool checker somewhat happy.
* global: use _WG prefix for include guardsJason A. Donenfeld2017-10-033-9/+9
| | | | Suggested-by: Sultan Alsawaf <sultanxda@gmail.com>
* global: satisfy bitshift pedantryJason A. Donenfeld2017-10-031-7/+7
| | | | Suggested-by: Sultan Alsawaf <sultanxda@gmail.com>
* curve25519-neon-arm: force ARM encoding, since this is unrepresentable in ThumbJason A. Donenfeld2017-10-021-0/+1
|
* compat: ensure we can build without compat.hJason A. Donenfeld2017-09-162-0/+2
|
* blake2s: satisfy sparseJason A. Donenfeld2017-08-021-2/+2
|
* blake2s: fix up alignment issuesJason A. Donenfeld2017-07-201-9/+11
| | | | | When it's unclear if block is aligned, we just assume unaligned, rather than branching.
* blake2s: move compression loop to assemblySamuel Neves2017-07-203-72/+84
|
* curve25519: keep certain sandy2x functions in CJason A. Donenfeld2017-06-252-232/+84
| | | | We can let the compiler optimize how it sees fit.
* curve25519: satisfy sparse and use short typesJason A. Donenfeld2017-06-241-26/+26
|
* main: annotate init/exit functions to save memoryJason A. Donenfeld2017-06-243-6/+6
|
* random: wait for random bytes when generating nonces and ephemeralsJason A. Donenfeld2017-06-121-1/+1
| | | | | | | | | | | We can let userspace configure wireguard interfaces before the RNG is fully initialized, since what we mostly care about is having good randomness for ephemerals and xchacha nonces. By deferring the wait to actually asking for the randomness, we give a lot more opportunity for gathering entropy. This won't cover entropy for hash table secrets or cookie secrets (which rotate anyway), but those have far less catastrophic failure modes, so ensuring good randomness for elliptic curve points and nonces should be sufficient.
* curve25519: use more standard label convention in asmJason A. Donenfeld2017-06-012-24/+24
|
* curve25519: add NEON versions for ARMJason A. Donenfeld2017-05-312-27/+2158
|
* curve25519: align the basepoint to 32 bytesJason A. Donenfeld2017-05-311-2/+2
|
* curve25519: actually, do some things on heap sometimesJason A. Donenfeld2017-05-311-0/+170
| | | | This reverts commit 42dd5bd87e418275203dd6644b6b6b0cc310d4d9.
* chacha20poly1305: add NEON versions for ARM and ARM64Jason A. Donenfeld2017-05-304-6/+1031
|
* chacha20poly1305: move constants to rodataJason A. Donenfeld2017-05-215-14/+27
|
* chacha20poly1305: implement vectorized hchacha20Jason A. Donenfeld2017-05-172-21/+157
|
* chacha20poly1305: check return values of sgopsJason A. Donenfeld2017-04-042-9/+17
|
* chacha20poly1305: enforce authtag checking with compilerJason A. Donenfeld2017-03-302-15/+10
|
* curve25519: protect against potential invalid point attacksJason A. Donenfeld2017-03-302-18/+30
|
* curve25519: 128-bit integer != x86_64Jason A. Donenfeld2017-03-241-2/+8
|
* curve25519: do dispatcher in C instead of asm, since shlx is haswell onlyJason A. Donenfeld2017-03-202-162/+73
|
* curve25519: add AVX implementationJason A. Donenfeld2017-03-193-23/+3697
|
* blake2s: add AVX implementationJason A. Donenfeld2017-03-195-7/+602
|
* compat: backport siphash & dst_cache from mainlineJason A. Donenfeld2017-02-132-296/+0
|
* curve25519: do everything on the stackJason A. Donenfeld2017-01-151-171/+0
| | | | | | With MIPS now supporting a separate IRQ stack, and with these changes being backported into OpenWRT (and likely the stable mainline releases), we no longer need to kmalloc more space for temporary variables.
* Use __read_mostly attribute when possibleJason A. Donenfeld2017-01-131-3/+3
|
* Update copyrightJason A. Donenfeld2017-01-108-8/+8
|
* blake2s: cleanupJason A. Donenfeld2016-12-261-9/+4
|
* cookies: use xchacha20poly1305 instead of chacha20poly1305Jason A. Donenfeld2016-12-232-1/+120
| | | | | This allows us to precompute the blake2s calls and save cycles, since hchacha is fast.
* siphash: preserve endian-ness for quick helperJason A. Donenfeld2016-12-161-5/+9
| | | | This fixes errors on big endian machines.
* siphash: update against upstream submissionJason A. Donenfeld2016-12-164-84/+292
|
* siphash: useless riceJason A. Donenfeld2016-12-121-3/+1
|
* crypto: use kernel's bitops functionsJason A. Donenfeld2016-12-112-18/+15
|
* blake2s: move self tests to correct directoryJason A. Donenfeld2016-12-111-554/+1
|
* global: move to consistent use of uN instead of uintN_t for kernel codeJason A. Donenfeld2016-12-118-327/+327
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.