summaryrefslogtreecommitdiffhomepage
path: root/src
AgeCommit message (Collapse)Author
2018-04-05chacha20poly1305: put magic constant behind macroJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-04-05chacha20poly1305: add self tests from wycheproofJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-04-04curve25519: add self tests from wycheproofJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-03-09curve25519: precomp const correctnessJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-03-09curve25519: memzero in batchesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-03-09curve25519: use cmov instead of xor for cswapJason A. Donenfeld
Also add cselect optimization. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-03-09curve25519: use precomp implementation instead of sandy2xJason A. Donenfeld
It's faster and doesn't use the FPU. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-03-09compat: support OpenSUSE 15Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-03-09compat: silence warning on frankenkernelsJason A. Donenfeld
Some Android 3.18 devices backport this macro. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-03-07compat: stable kernels are now receiving b87b619Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-03-04version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-03-02noise: align static_identity keysJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-03-02compat: use correct -include pathJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-03-02noise: fix function prototypeJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-03-02global: in gnu code, use un-underscored asmJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-03-02messages: MESSAGE_TOTAL is unusedJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-03-02crypto: read only after initJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-03-02Kconfig: require DST_CACHE explicitlyJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-03-02compat: workaround netlink refcount bugJason A. Donenfeld
For now it looks like only 4.16 has this, but we'll keep track in case others add it too. Upstream-fix: b87b6194be63 ("netlink: put module reference if dump start fails") Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-21allowedips: fix comment styleJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-20queueing: skb_reset: mark as xnetJason A. Donenfeld
This was avoided for a long time, because I wanted the packet to be charged to the original socket for as long as possible. However, this broke net_cls, which looks at skb->sk for additional late-stage routing decisions. So we had no choice but to ensure that skb->sk is NULL by the time of xmit, and this means calling the skb destructor. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-18version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-14blake2s: use union instead of castingJason A. Donenfeld
This deals with alignment more easily and also helps squelch a clang-analyzer warning. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-14allowedips: indicate to clang-analyzer that trie is non-nullJason A. Donenfeld
We check it in the block just above the only call to node_placement, so we're certain this is the case. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-12socket: free skb if there isn't an endpointJason A. Donenfeld
Because the packet transmission interface in Linux, in general, has the characteristic of "consuming" skbs, our own socket_send family too must always consume skbs. This means that when a caller passes an skb to a socket_send function, he looses ownership and expects for the skb to be freed by the socket_send function, not by himself. Therefore, it's important that we actually carry out this contract under all circumstances, even when there's no endpoint available. This condition could be hit by setting up a peer with a persistent keepalive but no endpoint, or by removing an endpoint once packets were queued up to be sent already. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-12qemu: more granular memleak detectionJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-12netns: replace n0 ip with ip0, per customJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-08poly1305: fix up selftest counterJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-07qemu: add support for powerpcJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-02version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-02qemu: update base versionsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-01curve25519: break more things with more test casesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-01curve25519: replace fiat64 with faster hacl64Jason A. Donenfeld
This reverts commit da4ff396cc5d5e0ff21f9ecbc2f951c048c63fff and adds some optimizations to hacl64. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-01curve25519: replace hacl64 with fiat64Jason A. Donenfeld
For now, it's faster: hacl64: 109782 cycles per call fiat64: 108984 cycles per call It's quite possible this commit will be reverted with nice changes from INRIA, though. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-01curve25519: verify that specialized basepoint implementations are correctJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-30chacha20poly1305: better buffer alignmentJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-30chacha20poly1305: use existing rol32 functionJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-30device: let udev know what kind of device we areJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-23qemu: disable AVX-512 in userlandJason A. Donenfeld
We're trying to test kernel code, so the userland tools we use for doing that testing don't really matter to us. We turn off AVX512, because WireGuard supports kernels that do not support AVX512 userlands. It's easier to just blanket-disable it all, since it doesn't matter anyway. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-23qemu: disable PIE for compilationJason A. Donenfeld
Some old kernels never backported this fix to the build system, and it's required if we want to build those old kernels with PIE-by-default compilers. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-23tools: share curve25519 implementations with kernelJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-19poly1305: add poly-specific self-testsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-18curve25519-fiat32: uninline certain functionsJason A. Donenfeld
While this has a negative performance impact on x86_64, it has a positive performance impact on smaller machines, which is where we're actually using this code. For example, an A53: Before: fiat32: 228605 cycles per call After: fiat32: 188307 cycles per call Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-18version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-18curve25519: wire up new impls and remove donnaJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-18curve25519: resolve symbol clash between fe typesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-18curve25519: import 64-bit hacl-star implementationJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-18curve25519: import 32-bit fiat-crypto implementationJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-18curve25519: modularize implementationJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-18poly1305: remove indirect callsSamuel Neves
Signed-off-by: Samuel Neves <sneves@dei.uc.pt> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>