Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | global: year bump | Jason A. Donenfeld | 2018-01-03 | 16 | -16/+16 |
| | |||||
* | crypto: compile on UML | Jason A. Donenfeld | 2017-12-13 | 4 | -2/+8 |
| | | | | We basically just don't use FPU in UML. | ||||
* | chacha20poly1305: wire up avx512vl for skylake-x | Jason A. Donenfeld | 2017-12-11 | 2 | -4/+17 |
| | |||||
* | chacha20: avx512vl implementation | Samuel Neves | 2017-12-11 | 2 | -0/+571 |
| | | | | Signed-off-by: Samuel Neves <sneves@dei.uc.pt> | ||||
* | poly1305: fix avx512f alignment bug | Samuel Neves | 2017-12-11 | 1 | -1/+1 |
| | | | | Signed-off-by: Samuel Neves <sneves@dei.uc.pt> | ||||
* | chacha20poly1305: cleaner generic code | Jason A. Donenfeld | 2017-12-11 | 1 | -90/+49 |
| | |||||
* | blake2s-x86_64: fix spacing | Jason A. Donenfeld | 2017-12-09 | 1 | -70/+70 |
| | |||||
* | global: add SPDX tags to all files | Greg Kroah-Hartman | 2017-12-09 | 16 | -247/+57 |
| | | | | | | | | | | | | | It's good to have SPDX identifiers in all files as the Linux kernel developers are working to add these identifiers to all files. Update all files with the correct SPDX license identifier based on the license text of the project or based on the license in the file itself. The SPDX identifier is a legally binding shorthand, which can be used instead of the full boiler plate text. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Modified-by: Jason A. Donenfeld <Jason@zx2c4.com> | ||||
* | chacha20-arm: fix with clang -fno-integrated-as. | David Benjamin | 2017-12-03 | 1 | -1/+3 |
| | | | | | | | | | The __clang__-guarded #defines cause gas to complain if clang is passed -fno-integrated-as. Emitting .syntax unified when those are used fixes this. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> | ||||
* | poly1305: update x86-64 kernel to AVX512F only | Samuel Neves | 2017-12-03 | 2 | -138/+132 |
| | | | | Signed-off-by: Samuel Neves <sneves@dei.uc.pt> | ||||
* | curve25519: explictly depend on AS_AVX | Jason A. Donenfeld | 2017-11-28 | 1 | -3/+3 |
| | |||||
* | curve25519: modularize dispatch | Jason A. Donenfeld | 2017-11-28 | 1 | -91/+82 |
| | |||||
* | blake2s: tweak avx512 code | Samuel Neves | 2017-11-26 | 1 | -64/+47 |
| | | | | | | | | This is not as ideal as using zmm, but zmm downclocks. And it's not as fast single-threaded as using the gathers. But it is faster when multithreaded, which is what WireGuard is doing. Signed-off-by: Samuel Neves <sneves@dei.uc.pt> | ||||
* | chacha20: directly assign constant and initial state | Jason A. Donenfeld | 2017-11-23 | 1 | -59/+20 |
| | |||||
* | blake2s: hmac space optimization | Samuel Neves | 2017-11-22 | 1 | -16/+12 |
| | | | | Signed-off-by: Samuel Neves <sneves@dei.uc.pt> | ||||
* | blake2s: AVX512F+VL implementation | Samuel Neves | 2017-11-22 | 2 | -0/+132 |
| | | | | Signed-off-by: Samuel Neves <sneves@dei.uc.pt> | ||||
* | poly1305-avx512: requires AVX512F+VL+BW | Samuel Neves | 2017-11-22 | 1 | -1/+6 |
| | | | | Signed-off-by: Samuel Neves <sneves@dei.uc.pt> | ||||
* | chacha20poly1305: poly cleans up its own state | Jason A. Donenfeld | 2017-11-22 | 1 | -5/+1 |
| | |||||
* | poly1305-x86_64: unclobber %rbp | Samuel Neves | 2017-11-22 | 1 | -131/+145 |
| | | | | | | | | | | | | | | OpenSSL's Poly1305 kernels use %rbp as a scratch register. However, the kernel expects rbp to be a valid frame pointer at any given time in order to do proper unwinding. Thus we need to alter the code in order to preserve it. The most straightforward manner in which this was accomplished was by replacing $d3 in poly1305-x86_64.pl -- formerly %r10 -- by %rdi, and replace %rbp by %r10. Because %rdi, a pointer to the context structure, does not change and is not used by poly1305_iteration, it is safe to use it here, and the overhead of saving and restoring it should be minimal. Signed-off-by: Samuel Neves <sneves@dei.uc.pt> | ||||
* | poly1305: import MIPS64 primitive from OpenSSL | Jason A. Donenfeld | 2017-11-22 | 3 | -9/+401 |
| | |||||
* | chacha20poly1305: import ARM primitives from OpenSSL | Jason A. Donenfeld | 2017-11-22 | 11 | -1025/+5513 |
| | | | | ARMv4-ARMv8, with NEON for ARMv7 and ARMv8. | ||||
* | chacha20poly1305: import x86_64 primitives from OpenSSL | Samuel Neves | 2017-11-22 | 9 | -2455/+5236 |
| | | | | | | x86_64 only at the moment. SSSE3, AVX, AVX2, AVX512. Signed-off-by: Samuel Neves <sneves@dei.uc.pt> | ||||
* | curve25519-neon: compile in thumb mode | Jason A. Donenfeld | 2017-11-14 | 2 | -6/+6 |
| | | | | | In thumb mode, it's not possible to use sp as an operand of and, so we have to muck around with r3 as a scratch register. | ||||
* | curve25519: reject deriving from NULL private keys | Jason A. Donenfeld | 2017-11-11 | 1 | -0/+7 |
| | | | | | These aren't actually valid 25519 points pre-normalization, and doing this is required to make unsetting private keys based on all zeros. | ||||
* | receive: hoist fpu outside of receive loop | Jason A. Donenfeld | 2017-11-10 | 2 | -15/+13 |
| | |||||
* | curve25519: only enable int128 if compiler support is sound | Jason A. Donenfeld | 2017-10-31 | 1 | -1/+1 |
| | |||||
* | global: style nits | Jason A. Donenfeld | 2017-10-31 | 4 | -129/+198 |
| | |||||
* | qemu: allow for cross compilation | Jason A. Donenfeld | 2017-10-31 | 1 | -3/+3 |
| | |||||
* | crypto/avx: make sure we can actually use ymm registers | Jason A. Donenfeld | 2017-10-31 | 3 | -3/+3 |
| | |||||
* | blake2: include headers for macros | Jason A. Donenfeld | 2017-10-31 | 1 | -0/+2 |
| | |||||
* | blake2s: modernize API and have faster _final | Jason A. Donenfeld | 2017-10-17 | 2 | -48/+64 |
| | |||||
* | crypto/x86_64: satisfy stack validation 2.0 | Jason A. Donenfeld | 2017-10-09 | 3 | -31/+29 |
| | | | | | We change this to look like the code gcc generates, so as to keep the objtool checker somewhat happy. | ||||
* | global: use _WG prefix for include guards | Jason A. Donenfeld | 2017-10-03 | 3 | -9/+9 |
| | | | | Suggested-by: Sultan Alsawaf <sultanxda@gmail.com> | ||||
* | global: satisfy bitshift pedantry | Jason A. Donenfeld | 2017-10-03 | 1 | -7/+7 |
| | | | | Suggested-by: Sultan Alsawaf <sultanxda@gmail.com> | ||||
* | curve25519-neon-arm: force ARM encoding, since this is unrepresentable in Thumb | Jason A. Donenfeld | 2017-10-02 | 1 | -0/+1 |
| | |||||
* | compat: ensure we can build without compat.h | Jason A. Donenfeld | 2017-09-16 | 2 | -0/+2 |
| | |||||
* | blake2s: satisfy sparse | Jason A. Donenfeld | 2017-08-02 | 1 | -2/+2 |
| | |||||
* | blake2s: fix up alignment issues | Jason A. Donenfeld | 2017-07-20 | 1 | -9/+11 |
| | | | | | When it's unclear if block is aligned, we just assume unaligned, rather than branching. | ||||
* | blake2s: move compression loop to assembly | Samuel Neves | 2017-07-20 | 3 | -72/+84 |
| | |||||
* | curve25519: keep certain sandy2x functions in C | Jason A. Donenfeld | 2017-06-25 | 2 | -232/+84 |
| | | | | We can let the compiler optimize how it sees fit. | ||||
* | curve25519: satisfy sparse and use short types | Jason A. Donenfeld | 2017-06-24 | 1 | -26/+26 |
| | |||||
* | main: annotate init/exit functions to save memory | Jason A. Donenfeld | 2017-06-24 | 3 | -6/+6 |
| | |||||
* | random: wait for random bytes when generating nonces and ephemerals | Jason A. Donenfeld | 2017-06-12 | 1 | -1/+1 |
| | | | | | | | | | | | We can let userspace configure wireguard interfaces before the RNG is fully initialized, since what we mostly care about is having good randomness for ephemerals and xchacha nonces. By deferring the wait to actually asking for the randomness, we give a lot more opportunity for gathering entropy. This won't cover entropy for hash table secrets or cookie secrets (which rotate anyway), but those have far less catastrophic failure modes, so ensuring good randomness for elliptic curve points and nonces should be sufficient. | ||||
* | curve25519: use more standard label convention in asm | Jason A. Donenfeld | 2017-06-01 | 2 | -24/+24 |
| | |||||
* | curve25519: add NEON versions for ARM | Jason A. Donenfeld | 2017-05-31 | 2 | -27/+2158 |
| | |||||
* | curve25519: align the basepoint to 32 bytes | Jason A. Donenfeld | 2017-05-31 | 1 | -2/+2 |
| | |||||
* | curve25519: actually, do some things on heap sometimes | Jason A. Donenfeld | 2017-05-31 | 1 | -0/+170 |
| | | | | This reverts commit 42dd5bd87e418275203dd6644b6b6b0cc310d4d9. | ||||
* | chacha20poly1305: add NEON versions for ARM and ARM64 | Jason A. Donenfeld | 2017-05-30 | 4 | -6/+1031 |
| | |||||
* | chacha20poly1305: move constants to rodata | Jason A. Donenfeld | 2017-05-21 | 5 | -14/+27 |
| | |||||
* | chacha20poly1305: implement vectorized hchacha20 | Jason A. Donenfeld | 2017-05-17 | 2 | -21/+157 |
| |