aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/src/crypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* crypto-arm: rework KERNEL_MODE_NEON handlingJason A. Donenfeld2018-09-232-9/+16
| | | | It might be defined even if the compiler doesn't support it.
* global: reduce stack frame sizeJason A. Donenfeld2018-09-233-26/+36
| | | | This brings it under 1280 on 64-bit and under 1024 on 32-bit systems.
* chacha20: add chunked selftest and test sliding alignments and hchacha20Jason A. Donenfeld2018-09-232-1160/+2467
| | | | | This ensures we're properly updating state[12] and that we're handling all unaligned acceses (in the jump tables for MIPS).
* chacha20-mips32r2: reduce jumptable entry size and stack usageRené van Dorst2018-09-221-39/+48
| | | | Signed-off-by: René van Dorst <opensource@vdorst.com>
* chacha20-mips32r2: use simpler calling conventionJason A. Donenfeld2018-09-212-179/+143
| | | | | | | Since we now set up the block in the generic code, we can rely on that to use fewer variables and reduce stack pressure within the MIPS code. This in turn means we have more registers and more uniformity, so we're able to rewrite quite a bit.
* chacha20-arm: go with Ard's version to optimize for Cortex-A7Jason A. Donenfeld2018-09-216-732/+599
|
* chacha20-mips32r2: remove reorder directivesRené van Dorst2018-09-212-107/+69
| | | | | | | | This requires some minimal rearranging to make work, but for the most part as does the right thing, provided we pass it an optimization flag. Suggested-by: Paul Burton <paul.burton@mips.com> Signed-off-by: René van Dorst <opensource@vdorst.com>
* chacha20-mips32r2: fix typo to allow reorder againRené van Dorst2018-09-211-1/+1
| | | | | Reported-by: Paul Burton <paul.burton@mips.com> Signed-off-by: René van Dorst <opensource@vdorst.com>
* poly1305-mips32r2: remove all reorder directivesRené van Dorst2018-09-212-32/+23
| | | | | | | | This requires some minimal rearranging to make work, but for the most part as does the right thing, provided we pass it an optimization flag. Suggested-by: Paul Burton <paul.burton@mips.com> Signed-off-by: René van Dorst <opensource@vdorst.com>
* global: put SPDX identifier on its own lineJason A. Donenfeld2018-09-2041-82/+82
| | | | | The kernel has very specific rules correlating file type with comment type, and also SPDX identifiers can't be merged with other comments.
* crypto: do not waste space on selftest itemsJason A. Donenfeld2018-09-203-9458/+10993
| | | | | | This unfortunately means we have to define symbols, since we want them in __initconst, but it's better than the other two options (no initconst or wasting space for fixed size buffers).
* crypto: explicitly dual licenseJason A. Donenfeld2018-09-2041-41/+41
| | | | Suggested-by: Thomas Gleixner <tglx@linutronix.de>
* poly1305: account for simd being toggled off midwayJason A. Donenfeld2018-09-203-26/+131
| | | | | | This is a very rare occurance, but we should account for it, so that the calculations aren't wrong. Here we convert from base 2^26 back to base 2^64.
* chacha20: prefer crypto_xor_cpy to avoid memmoveJason A. Donenfeld2018-09-201-5/+3
| | | | Suggested-by: Eric Biggers <ebiggers@kernel.org>
* poly1305: no need to trick gcc 8.1Jason A. Donenfeld2018-09-191-2/+2
| | | | | | | This reverts 37f114a73ba37219b00a66f0a51219a696599745, since gcc 8.2 no longer exhibits that bug. Suggested-by: Eric Biggers <ebiggers@kernel.org>
* blake2s: simplify final functionJason A. Donenfeld2018-09-192-40/+9
| | | | Suggested-by: Eric Biggers <ebiggers@kernel.org>
* poly1305: better module descriptionJason A. Donenfeld2018-09-181-1/+1
|
* chacha20: add independent self testJason A. Donenfeld2018-09-182-0/+1188
| | | | | This was already tested from the chacha20poly1305 test, but it's useful to be able to test this in isolation too.
* chacha20poly1305: add __init to selftest helper functionsJason A. Donenfeld2018-09-181-3/+3
|
* curve25519-arm: only compile if symbols will be usedJason A. Donenfeld2018-09-181-1/+1
|
* chacha20-x86_64: use correct cut off for avx512-vlJason A. Donenfeld2018-09-181-1/+1
|
* poly1305-x86_64: show full struct for stateJason A. Donenfeld2018-09-181-5/+7
|
* crypto: allow for disabling simd in zinc modulesJason A. Donenfeld2018-09-186-9/+33
|
* chacha20-x86_64: more limited cascadeJason A. Donenfeld2018-09-181-5/+4
|
* chacha20poly1305: relax simd between sg chunksJason A. Donenfeld2018-09-181-0/+2
|
* crypto: turn Zinc into individual modulesJason A. Donenfeld2018-09-1824-42/+166
|
* crypto: do not use -include trickJason A. Donenfeld2018-09-1714-51/+34
|
* poly1305-x86_64: don't activate simd for small blocksJason A. Donenfeld2018-09-171-3/+14
|
* chacha20-x86_64: don't activate simd for small blocksJason A. Donenfeld2018-09-171-1/+2
|
* crypto: pass simd by referenceJason A. Donenfeld2018-09-1714-83/+89
|
* chacha20-x86_64: cascade down implementationsJason A. Donenfeld2018-09-171-3/+3
|
* poly1305: do not require simd context for archJason A. Donenfeld2018-09-178-22/+14
|
* crypto: make MITJason A. Donenfeld2018-09-1639-39/+39
|
* chacha20-arm: swap scalar and neon functionsJason A. Donenfeld2018-09-131-697/+697
| | | | This brings us closer to the original code.
* poly1305: precompute 5*r in init instead of blocksJason A. Donenfeld2018-09-122-6/+18
|
* curve25519-x86_64: remove useless defineJason A. Donenfeld2018-09-121-1/+0
|
* chacha20: add constant for words in blockJason A. Donenfeld2018-09-122-2/+3
|
* poly1305: rename finish to finalJason A. Donenfeld2018-09-115-13/+13
|
* crypto: make sure UML is properly disabledJason A. Donenfeld2018-09-111-4/+4
|
* crypto: do not use compound literals in selftestsJason A. Donenfeld2018-09-112-7704/+7710
| | | | | | | gcc can't apply section attributes to compound literals, so we can't mark the actual data as __initconst. We thus waste space instead, but this shouldn't matter much, since it's cleared after init anyway, and because this is only for debugging.
* blake2s-x86_64: fix whitespace errorsJason A. Donenfeld2018-09-101-2/+2
|
* poly1305: switch to donnaJason A. Donenfeld2018-09-103-183/+398
|
* poly1305: rewrite self tests from scratchJason A. Donenfeld2018-09-081-1529/+831
| | | | This removes the old cruft and makes things a bit more idiomatic.
* compat: move simd.h from crypto to compat since it's going upstreamJason A. Donenfeld2018-09-061-65/+0
|
* crypto: use CRYPTOGAMS licenseJason A. Donenfeld2018-09-069-23/+27
|
* curve25519: arm: do not modify sp directlyJason A. Donenfeld2018-09-061-3/+3
| | | | | | Thumb doesn't like this. Reported-by: Roman Mamedov <rm@romanrm.net>
* global: prefer sizeof(*pointer) when possibleJason A. Donenfeld2018-09-042-2/+2
| | | | Suggested-by: Sultan Alsawaf <sultanxda@gmail.com>
* crypto: import zincJason A. Donenfeld2018-09-0342-984/+14670
|
* curve25519-arm: prefix immediates with #Jason A. Donenfeld2018-08-281-18/+18
|
* curve25519-arm: do not waste 32 bytes of stackJason A. Donenfeld2018-08-281-88/+88
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.