Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | crypto: make constant naming scheme consistent | Jason A. Donenfeld | 2018-09-25 | 15 | -148/+148 |
| | |||||
* | hchacha20: keep in native endian in words | Jason A. Donenfeld | 2018-09-25 | 8 | -42/+46 |
| | |||||
* | chacha20-arm: remove unused preambles | Jason A. Donenfeld | 2018-09-24 | 2 | -30/+1 |
| | |||||
* | chacha20-arm: updated scalar code from Andy | Jason A. Donenfeld | 2018-09-23 | 1 | -310/+273 |
| | |||||
* | poly1305-mips64: remove useless preprocessor error | Jason A. Donenfeld | 2018-09-23 | 1 | -4/+0 |
| | |||||
* | crypto-arm: rework KERNEL_MODE_NEON handling again | Jason A. Donenfeld | 2018-09-23 | 8 | -27/+16 |
| | |||||
* | crypto: flatten out makefile | Jason A. Donenfeld | 2018-09-23 | 1 | -47/+33 |
| | | | | This brings us more in line with the integration tree's style. | ||||
* | curve25519-fiat32: work around m68k compiler stack frame bug | Jason A. Donenfeld | 2018-09-23 | 1 | -6/+4 |
| | | | | | | | The m68k compiler generates a 1032 byte stack frame. Moving these variables inside the loop fixes that. It also means we're not explicitly memzeroing it any more either, but hopefully that memory is reused anyway by the multiplications. | ||||
* | chacha20-arm: use new scalar implementation | Jason A. Donenfeld | 2018-09-23 | 2 | -569/+1208 |
| | | | | | It turns out this is faster than NEON on some chips, so it's nice to have. | ||||
* | crypto-arm: rework KERNEL_MODE_NEON handling | Jason A. Donenfeld | 2018-09-23 | 2 | -9/+16 |
| | | | | It might be defined even if the compiler doesn't support it. | ||||
* | global: reduce stack frame size | Jason A. Donenfeld | 2018-09-23 | 3 | -26/+36 |
| | | | | This brings it under 1280 on 64-bit and under 1024 on 32-bit systems. | ||||
* | chacha20: add chunked selftest and test sliding alignments and hchacha20 | Jason A. Donenfeld | 2018-09-23 | 2 | -1160/+2467 |
| | | | | | This ensures we're properly updating state[12] and that we're handling all unaligned acceses (in the jump tables for MIPS). | ||||
* | chacha20-mips32r2: reduce jumptable entry size and stack usage | René van Dorst | 2018-09-22 | 1 | -39/+48 |
| | | | | Signed-off-by: René van Dorst <opensource@vdorst.com> | ||||
* | chacha20-mips32r2: use simpler calling convention | Jason A. Donenfeld | 2018-09-21 | 2 | -179/+143 |
| | | | | | | | Since we now set up the block in the generic code, we can rely on that to use fewer variables and reduce stack pressure within the MIPS code. This in turn means we have more registers and more uniformity, so we're able to rewrite quite a bit. | ||||
* | chacha20-arm: go with Ard's version to optimize for Cortex-A7 | Jason A. Donenfeld | 2018-09-21 | 6 | -732/+599 |
| | |||||
* | chacha20-mips32r2: remove reorder directives | René van Dorst | 2018-09-21 | 2 | -107/+69 |
| | | | | | | | | This requires some minimal rearranging to make work, but for the most part as does the right thing, provided we pass it an optimization flag. Suggested-by: Paul Burton <paul.burton@mips.com> Signed-off-by: René van Dorst <opensource@vdorst.com> | ||||
* | chacha20-mips32r2: fix typo to allow reorder again | René van Dorst | 2018-09-21 | 1 | -1/+1 |
| | | | | | Reported-by: Paul Burton <paul.burton@mips.com> Signed-off-by: René van Dorst <opensource@vdorst.com> | ||||
* | poly1305-mips32r2: remove all reorder directives | René van Dorst | 2018-09-21 | 2 | -32/+23 |
| | | | | | | | | This requires some minimal rearranging to make work, but for the most part as does the right thing, provided we pass it an optimization flag. Suggested-by: Paul Burton <paul.burton@mips.com> Signed-off-by: René van Dorst <opensource@vdorst.com> | ||||
* | global: put SPDX identifier on its own line | Jason A. Donenfeld | 2018-09-20 | 41 | -82/+82 |
| | | | | | The kernel has very specific rules correlating file type with comment type, and also SPDX identifiers can't be merged with other comments. | ||||
* | crypto: do not waste space on selftest items | Jason A. Donenfeld | 2018-09-20 | 3 | -9458/+10993 |
| | | | | | | This unfortunately means we have to define symbols, since we want them in __initconst, but it's better than the other two options (no initconst or wasting space for fixed size buffers). | ||||
* | crypto: explicitly dual license | Jason A. Donenfeld | 2018-09-20 | 41 | -41/+41 |
| | | | | Suggested-by: Thomas Gleixner <tglx@linutronix.de> | ||||
* | poly1305: account for simd being toggled off midway | Jason A. Donenfeld | 2018-09-20 | 3 | -26/+131 |
| | | | | | | This is a very rare occurance, but we should account for it, so that the calculations aren't wrong. Here we convert from base 2^26 back to base 2^64. | ||||
* | chacha20: prefer crypto_xor_cpy to avoid memmove | Jason A. Donenfeld | 2018-09-20 | 1 | -5/+3 |
| | | | | Suggested-by: Eric Biggers <ebiggers@kernel.org> | ||||
* | poly1305: no need to trick gcc 8.1 | Jason A. Donenfeld | 2018-09-19 | 1 | -2/+2 |
| | | | | | | | This reverts 37f114a73ba37219b00a66f0a51219a696599745, since gcc 8.2 no longer exhibits that bug. Suggested-by: Eric Biggers <ebiggers@kernel.org> | ||||
* | blake2s: simplify final function | Jason A. Donenfeld | 2018-09-19 | 2 | -40/+9 |
| | | | | Suggested-by: Eric Biggers <ebiggers@kernel.org> | ||||
* | poly1305: better module description | Jason A. Donenfeld | 2018-09-18 | 1 | -1/+1 |
| | |||||
* | chacha20: add independent self test | Jason A. Donenfeld | 2018-09-18 | 2 | -0/+1188 |
| | | | | | This was already tested from the chacha20poly1305 test, but it's useful to be able to test this in isolation too. | ||||
* | chacha20poly1305: add __init to selftest helper functions | Jason A. Donenfeld | 2018-09-18 | 1 | -3/+3 |
| | |||||
* | curve25519-arm: only compile if symbols will be used | Jason A. Donenfeld | 2018-09-18 | 1 | -1/+1 |
| | |||||
* | chacha20-x86_64: use correct cut off for avx512-vl | Jason A. Donenfeld | 2018-09-18 | 1 | -1/+1 |
| | |||||
* | poly1305-x86_64: show full struct for state | Jason A. Donenfeld | 2018-09-18 | 1 | -5/+7 |
| | |||||
* | crypto: allow for disabling simd in zinc modules | Jason A. Donenfeld | 2018-09-18 | 6 | -9/+33 |
| | |||||
* | chacha20-x86_64: more limited cascade | Jason A. Donenfeld | 2018-09-18 | 1 | -5/+4 |
| | |||||
* | chacha20poly1305: relax simd between sg chunks | Jason A. Donenfeld | 2018-09-18 | 1 | -0/+2 |
| | |||||
* | crypto: turn Zinc into individual modules | Jason A. Donenfeld | 2018-09-18 | 24 | -42/+166 |
| | |||||
* | crypto: do not use -include trick | Jason A. Donenfeld | 2018-09-17 | 14 | -51/+34 |
| | |||||
* | poly1305-x86_64: don't activate simd for small blocks | Jason A. Donenfeld | 2018-09-17 | 1 | -3/+14 |
| | |||||
* | chacha20-x86_64: don't activate simd for small blocks | Jason A. Donenfeld | 2018-09-17 | 1 | -1/+2 |
| | |||||
* | crypto: pass simd by reference | Jason A. Donenfeld | 2018-09-17 | 14 | -83/+89 |
| | |||||
* | chacha20-x86_64: cascade down implementations | Jason A. Donenfeld | 2018-09-17 | 1 | -3/+3 |
| | |||||
* | poly1305: do not require simd context for arch | Jason A. Donenfeld | 2018-09-17 | 8 | -22/+14 |
| | |||||
* | crypto: make MIT | Jason A. Donenfeld | 2018-09-16 | 39 | -39/+39 |
| | |||||
* | chacha20-arm: swap scalar and neon functions | Jason A. Donenfeld | 2018-09-13 | 1 | -697/+697 |
| | | | | This brings us closer to the original code. | ||||
* | poly1305: precompute 5*r in init instead of blocks | Jason A. Donenfeld | 2018-09-12 | 2 | -6/+18 |
| | |||||
* | curve25519-x86_64: remove useless define | Jason A. Donenfeld | 2018-09-12 | 1 | -1/+0 |
| | |||||
* | chacha20: add constant for words in block | Jason A. Donenfeld | 2018-09-12 | 2 | -2/+3 |
| | |||||
* | poly1305: rename finish to final | Jason A. Donenfeld | 2018-09-11 | 5 | -13/+13 |
| | |||||
* | crypto: make sure UML is properly disabled | Jason A. Donenfeld | 2018-09-11 | 1 | -4/+4 |
| | |||||
* | crypto: do not use compound literals in selftests | Jason A. Donenfeld | 2018-09-11 | 2 | -7704/+7710 |
| | | | | | | | gcc can't apply section attributes to compound literals, so we can't mark the actual data as __initconst. We thus waste space instead, but this shouldn't matter much, since it's cleared after init anyway, and because this is only for debugging. | ||||
* | blake2s-x86_64: fix whitespace errors | Jason A. Donenfeld | 2018-09-10 | 1 | -2/+2 |
| |