| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
This is not useful for WireGuard, but for the general use case we
probably want it this way, and the speed difference is mostly lost in
the noise.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
It's faster and doesn't use the FPU.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
This reverts commit da4ff396cc5d5e0ff21f9ecbc2f951c048c63fff and adds
some optimizations to hacl64.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
For now, it's faster:
hacl64: 109782 cycles per call
fiat64: 108984 cycles per call
It's quite possible this commit will be reverted with nice changes from
INRIA, though.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
We basically just don't use FPU in UML.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
It's good to have SPDX identifiers in all files as the Linux kernel
developers are working to add these identifiers to all files.
Update all files with the correct SPDX license identifier based on the license
text of the project or based on the license in the file itself. The SPDX
identifier is a legally binding shorthand, which can be used instead of the
full boiler plate text.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Modified-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
ARMv4-ARMv8, with NEON for ARMv7 and ARMv8.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
In thumb mode, it's not possible to use sp as an operand of and, so we
have to muck around with r3 as a scratch register.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
These aren't actually valid 25519 points pre-normalization, and doing
this is required to make unsetting private keys based on all zeros.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
We can let the compiler optimize how it sees fit.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
We can let userspace configure wireguard interfaces before the RNG is
fully initialized, since what we mostly care about is having good
randomness for ephemerals and xchacha nonces. By deferring the wait to
actually asking for the randomness, we give a lot more opportunity for
gathering entropy. This won't cover entropy for hash table secrets or
cookie secrets (which rotate anyway), but those have far less
catastrophic failure modes, so ensuring good randomness for elliptic
curve points and nonces should be sufficient.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
This reverts commit 42dd5bd87e418275203dd6644b6b6b0cc310d4d9.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
With MIPS now supporting a separate IRQ stack, and with these changes
being backported into OpenWRT (and likely the stable mainline releases),
we no longer need to kmalloc more space for temporary variables.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
On MIPS, the IRQ and SoftIRQ handlers share the stack with whatever
kernel thread was interrupted. This means that Curve25519 can be
interrupted by, say, an ethernet controller, that then gets handled by a
SoftIRQ. If something like l2tp is being used, which uses quite a bit of
stack, then by the time the SoftIRQ handler gets to WireGuard code and
calls into the stack-heavy ChaPoly functions, our 8k stack is shot. In
other words, since Curve25519 is such a big consumer of stack, if it's
interrupted by anything else that uses a healthy amount of stack, then
disaster strikes.
The solution here is just to allocate using kmalloc. This is quite ugly,
and if performance becomes an issue, we might consider moving to a
kmem_cache allocator, or even having each peer keep its own preallocated
space. But for now, we'll try this.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
The C standard states:
A declaration of a parameter as ``array of type'' shall be adjusted to ``qualified pointer to
type'', where the type qualifiers (if any) are those specified within the [ and ] of the
array type derivation. If the keyword static also appears within the [ and ] of the
array type derivation, then for each call to the function, the value of the corresponding
actual argument shall provide access to the first element of an array with at least as many
elements as specified by the size expression.
By changing void func(int array[4]) to void func(int array[static 4]),
we automatically get the compiler checking argument sizes for us, which
is quite nice.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
