summaryrefslogtreecommitdiffhomepage
path: root/src
AgeCommit message (Collapse)Author
2018-09-17chacha20-x86_64: don't activate simd for small blocksJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-17crypto: pass simd by referenceJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-17chacha20-x86_64: cascade down implementationsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-17poly1305: do not require simd context for archJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-16crypto: make MITJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-16qemu: always pull and reset against integration treeJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-16global: remove non-essential inline annotationsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-16send/receive: reduce number of sg entriesJason A. Donenfeld
This reduces stack usage to quell warnings on powerpc. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-15simd: add __must_check annotationJason A. Donenfeld
Suggested-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-13chacha20-arm: swap scalar and neon functionsJason A. Donenfeld
This brings us closer to the original code. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-12poly1305: precompute 5*r in init instead of blocksJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-12curve25519-x86_64: remove useless defineJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-12chacha20: add constant for words in blockJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-11poly1305: rename finish to finalJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-11kconfig: make NEON depend on CPU_V7Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-11crypto: make sure UML is properly disabledJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-11crypto: do not use compound literals in selftestsJason A. Donenfeld
gcc can't apply section attributes to compound literals, so we can't mark the actual data as __initconst. We thus waste space instead, but this shouldn't matter much, since it's cleared after init anyway, and because this is only for debugging. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-10blake2s-x86_64: fix whitespace errorsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-10version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-10poly1305: switch to donnaJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-08poly1305: rewrite self tests from scratchJason A. Donenfeld
This removes the old cruft and makes things a bit more idiomatic. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-06compat: move simd.h from crypto to compat since it's going upstreamJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-06compat: arch-namespace certain includesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-06compat: support neon.h on old kernelsJason A. Donenfeld
Reported-by: Philipp Richter <richterphilipp.pops@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-06crypto: use CRYPTOGAMS licenseJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-06curve25519: arm: do not modify sp directlyJason A. Donenfeld
Thumb doesn't like this. Reported-by: Roman Mamedov <rm@romanrm.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-04version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-04global: always find OOM unlikelyJason A. Donenfeld
Suggested-by: Sultan Alsawaf <sultanxda@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-04global: prefer sizeof(*pointer) when possibleJason A. Donenfeld
Suggested-by: Sultan Alsawaf <sultanxda@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-03global: satisfy check_patch.pl errorsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-03crypto: import zincJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-02uapi: reformatJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-02netlink: insert peer version placeholderJason A. Donenfeld
While we don't want people to ever use old protocols, people will complain if the API "changes", so explicitly make the unset protocol mean the latest, and add a dummy mechanism of specifying the protocol on a per-peer basis, which we hope nobody actually ever uses. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-28curve25519-arm: prefix immediates with #Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-28curve25519-arm: do not waste 32 bytes of stackJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-28curve25519-arm: use ordinary prolog and epilogueSamuel Neves
Signed-off-by: Samuel Neves <sneves@dei.uc.pt> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-28curve25519-arm: add spaces after commasJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-28curve25519-arm: cleanups from lkmlJason A. Donenfeld
Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-28curve25519-arm: reformatJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-28curve25519-x86_64: let the compiler decide when/how to load constantsSamuel Neves
Signed-off-by: Samuel Neves <sneves@dei.uc.pt> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-28curve25519-hacl64: use formally verified C for comparisonsJason A. Donenfeld
The previous code had been proved in Z3, but this new code from upstream KreMLin is directly generated from the F*, which is preferable. The assembly generated is identical. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-28crypto: use unaligned helpersJason A. Donenfeld
This is not useful for WireGuard, but for the general use case we probably want it this way, and the speed difference is mostly lost in the noise. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-28Kconfig: use new-style help markerJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-28compat: rng_is_initialized made it into 4.19Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-28global: run through clang-formatJason A. Donenfeld
This is the worst commit in the whole repo, making the code much less readable, but so it goes with upstream maintainers. We are now woefully wrapped at 80 columns. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-09version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-09netlink: don't start over iteration on multipart non-first allowedipsJason A. Donenfeld
Reported-by: Matt Layher <mdlayher@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-09timers: include header in right fileJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-07curve25519-hacl64: correct u64_gte_maskSamuel Neves
Remove signed right shifts. Previously u64_gte_mask was only correct for x < 2^63. Z3 script proving correctness: >>> from z3 import * >>> >>> x = BitVec("x", 64) >>> y = BitVec("y", 64) >>> >>> t = LShR(x^((x^y)|((x-y)^y)), 63) - 1 >>> >>> prove(If(UGE(x, y), BitVecVal(-1, 64), BitVecVal(0, 64)) == t) proved Signed-off-by: Samuel Neves <sneves@dei.uc.pt> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-07curve25519-hacl64: simplify u64_eq_maskSamuel Neves
Avoid signed right shift. Z3 script showing equivalence: >>> from z3 import * >>> >>> x = BitVec("x", 64) >>> y = BitVec("y", 64) >>> >>> # Before ... x_ = ~(x ^ y) >>> x_ &= x_ << 32 >>> x_ &= x_ << 16 >>> x_ &= x_ << 8 >>> x_ &= x_ << 4 >>> x_ &= x_ << 2 >>> x_ &= x_ << 1 >>> x_ >>= 63 >>> >>> # After ... y_ = x ^ y >>> y_ = y_ | -y_ >>> y_ = LShR(y_, 63) - 1 >>> >>> prove(x_ == y_) proved Signed-off-by: Samuel Neves <sneves@dei.uc.pt> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>