summaryrefslogtreecommitdiffhomepage
path: root/src/crypto/zinc/chacha20
AgeCommit message (Collapse)Author
2020-04-14crypto: do not export symbolsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-05crypto: use new assembler macros for 5.5Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-29zinc: update copyrightJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-29blake2s,chacha: latency tweakSamuel Neves
In every odd-numbered round, instead of operating over the state x00 x01 x02 x03 x05 x06 x07 x04 x10 x11 x08 x09 x15 x12 x13 x14 we operate over the rotated state x03 x00 x01 x02 x04 x05 x06 x07 x09 x10 x11 x08 x14 x15 x12 x13 The advantage here is that this requires no changes to the 'x04 x05 x06 x07' row, which is in the critical path. This results in a noticeable latency improvement of roughly R cycles, for R diagonal rounds in the primitive. In the case of BLAKE2s, which I also moved from requiring AVX to only requiring SSSE3, we save approximately 30 cycles per compression function call on Haswell and Skylake. In other words, this is an improvement of ~0.6 cpb. This idea was pointed out to me by Shunsuke Shimizu, though it appears to have been around for longer. Signed-off-by: Samuel Neves <sneves@dei.uc.pt> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-29zinc: arm64: use cpu_get_elf_hwcap accessor for 5.2Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-07global: update copyrightJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-07chacha20: do not define unused asm functionJason A. Donenfeld
This causes RAP to be unhappy, and we're not using it anyway. Reported-by: Ivan J. <parazyd@dyne.org> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-12-07chacha20,poly1305: simplify perlasm fancinessJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-19chacha20,poly1305: do not use xlateJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-15chacha20,poly1305: don't do compiler testing in generator and remove xor helperJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-15chacha20,poly1305: fix up for win64Samuel Neves
These don't help us, but it is important to keep this working for when it's re-added to cryptogams. Signed-off-by: Samuel Neves <sneves@dei.uc.pt> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-15chacha20: specialize to wireguardJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-14chacha20: cleaner function declarationsSamuel Neves
Signed-off-by: Samuel Neves <sneves@dei.uc.pt> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-14chacha20: normalize namesSamuel Neves
Signed-off-by: Samuel Neves <sneves@dei.uc.pt> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-14chacha20: fixup win64 stack offsetsSamuel Neves
We don't need to do this for kernel purposes, but it's polite to leave things unbroken. Signed-off-by: Samuel Neves <sneves@dei.uc.pt> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-14chacha20: simplify stack unwinding on ChaCha20_ctr32Samuel Neves
objtool did not quite understand the stack arithmetic employed here. Signed-off-by: Samuel Neves <sneves@dei.uc.pt> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-14chacha20: use DRAP idiomSamuel Neves
This effectively means swapping the usage of %r9 and %r10 globally. Signed-off-by: Samuel Neves <sneves@dei.uc.pt> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-14chacha20: add hchacha_ssse3Samuel Neves
Signed-off-by: Samuel Neves <sneves@dei.uc.pt> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-14chacha20: begin adapting to kernel settingSamuel Neves
Signed-off-by: Samuel Neves <sneves@dei.uc.pt> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-14chacha20,poly1305: switch to perlasm originals on x86_64Samuel Neves
Signed-off-by: Samuel Neves <sneves@dei.uc.pt> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-14chacha20,poly1305: use CONFIG_KERNEL_MODE_NEON in .pl on armJason A. Donenfeld
While Andy is right to desire a separation between compiler defines and project defines, there are simply too many odd kernel configurations and we require testing for CONFIG_KERNEL_MODE_NEON. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-14chacha20,poly1305: switch to perlasm originals on mips and armJason A. Donenfeld
We also separate out Eric Biggers' Cortex A7 implementation into its own file. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-11-13global: various formatting tweeksJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-06crypto: test all SIMD combinationsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-06global: rename include'd C files to be .cJason A. Donenfeld
This is done by 259 other files in the kernel tree: linux $ rg '#include.*\.c' -l | wc -l 259 Suggested-by: Sultan Alsawaf <sultanxda@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-02chacha20-arm: use proper reteq macro instead of bxeqJason A. Donenfeld
Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-02crypto: use ZINC_ARCH macrosJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-02chacha20: split chacha20_ctx into unionJason A. Donenfeld
This avoids casts and makes counter increments obvious. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-02crypto: add missing static keyword to fpu init functionsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-02crypto: document what's used from <crypto/ beside #includeJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-02crypto: WARN_ON in module_init if selftest failsJason A. Donenfeld
If it's a built-in and initcall fails, it won't be fatal. So we should at least be loud. Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-02chacha20: feed fpu functions PAGE_SIZE at a timeJason A. Donenfeld
Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-02chacha20: test multiple page span in selftestJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-10-02crypto: prefer IS_ENABLED to ifdefsJason A. Donenfeld
Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-25crypto: rename DEBUG to SELFTESTJason A. Donenfeld
Also we make selftest errors of type err, so that they're obvious in dmesg. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-25chacha20-arm,poly1305-arm: fix big-endian aarch64Jason A. Donenfeld
Suggested-by: Andy Polyakov <appro@openssl.org> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-25chacha20-mips32r2: reduce stack and branches in loop, refactor jumptable ↵René van Dorst
handling Signed-off-by: René van Dorst <opensource@vdorst.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-25hchacha20: keep in native endian in wordsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-24chacha20-arm: remove unused preamblesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-23chacha20-arm: updated scalar code from AndyJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-23crypto-arm: rework KERNEL_MODE_NEON handling againJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-23chacha20-arm: use new scalar implementationJason A. Donenfeld
It turns out this is faster than NEON on some chips, so it's nice to have. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-22chacha20-mips32r2: reduce jumptable entry size and stack usageRené van Dorst
Signed-off-by: René van Dorst <opensource@vdorst.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-21chacha20-mips32r2: use simpler calling conventionJason A. Donenfeld
Since we now set up the block in the generic code, we can rely on that to use fewer variables and reduce stack pressure within the MIPS code. This in turn means we have more registers and more uniformity, so we're able to rewrite quite a bit. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-21chacha20-arm: go with Ard's version to optimize for Cortex-A7Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-21chacha20-mips32r2: remove reorder directivesRené van Dorst
This requires some minimal rearranging to make work, but for the most part as does the right thing, provided we pass it an optimization flag. Suggested-by: Paul Burton <paul.burton@mips.com> Signed-off-by: René van Dorst <opensource@vdorst.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-21chacha20-mips32r2: fix typo to allow reorder againRené van Dorst
Reported-by: Paul Burton <paul.burton@mips.com> Signed-off-by: René van Dorst <opensource@vdorst.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-20global: put SPDX identifier on its own lineJason A. Donenfeld
The kernel has very specific rules correlating file type with comment type, and also SPDX identifiers can't be merged with other comments. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-20crypto: explicitly dual licenseJason A. Donenfeld
Suggested-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-20chacha20: prefer crypto_xor_cpy to avoid memmoveJason A. Donenfeld
Suggested-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>