Received: by 2002:a25:824b:0:0:0:0:0 with SMTP id d11csp2589611ybn; Thu, 26 Sep 2019 14:23:26 -0700 (PDT) X-Google-Smtp-Source: APXvYqzZlTniAK0/izTNkAQknJTSvifwbE4StMygWJlKGVKWkSVGmXoYKfiH6PnuC1negr1zKz1g X-Received: by 2002:a17:906:cf82:: with SMTP id um2mr5103075ejb.254.1569533006693; Thu, 26 Sep 2019 14:23:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569533006; cv=none; d=google.com; s=arc-20160816; b=cgBegiln7QtgjgFg7qi7ctZfQ+4I4IkpXpFcT/WrSk0HxBBcFFyArvmqUL/onp2sBS v3r18pKTG6YV4Tc01u0tXcohQrBtWdvPc7+vRaV4IvsWP70Ph2YuLdbvs/iWtS1UwCB9 U8ZplhuQTdsVnbG6aWmIk6ImGz9wgEodD93L2eVhYAfV8qc8s3o3xDKIORng/t9t0FUO Co3HKMIfLO3loK/u/Fw4niSTVTJ9GRowhkNWQ8eT+Mr4VorK48H7zC5iFODnZShPg+GB f6V3hhEJ/bpepC03eolC2KnrDIxBHpI4CqEbjvk9KzlOps9YUA1sFcxz3z1DY0DZAkuT LfJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=q4R7UfVYGZJoQlextE7kd33omghSb6abX3Sbjx+dlt8=; b=fvdOHJkOqyRUVoBONCrNULtjjlHGhJxmACpiZLhiKs/XjT23Tzf/CjGQhMPf73Yvk0 n60wNNgxYZRQIRH3jyX1s4q5D1eyTaFWvP9giiSQ3Q2cIMXMV7YBMkJlCFEn9M5Bc6ds zJweUoPhydF7ftOx6dthnS46DxdgObKkqZ7pi8zuQYb/nSfI0X8uBNHFpvNWGJILpIzU 6QMWMrYBqx+D7SooIL/e2USVUkXjkvK5CXXE9VcwhP5JEq9bKiAL7d+EadxaEsnegOgP ZxyQDVm1RC8eK6DFHIj4N7uYNHEeX/HXaN/mT/Jddn+ZxmNGBAbvi/2LYUq4qO5MgyLv viSQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@lunn.ch header.s=20171124 header.b=42+OolRy; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n3si344492edc.151.2019.09.26.14.22.50; Thu, 26 Sep 2019 14:23:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@lunn.ch header.s=20171124 header.b=42+OolRy; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726027AbfIZVWt (ORCPT + 99 others); Thu, 26 Sep 2019 17:22:49 -0400 Received: from vps0.lunn.ch ([185.16.172.187]:39990 "EHLO vps0.lunn.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725905AbfIZVWs (ORCPT ); Thu, 26 Sep 2019 17:22:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lunn.ch; s=20171124; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=q4R7UfVYGZJoQlextE7kd33omghSb6abX3Sbjx+dlt8=; b=42+OolRyRFsJNrJkDhAyOC+tPy AqkOt4KkLTNAp18uAMOXj2lM164RvjVgcORYj0iPgpFD/sQmL/++7HR9BDAO5KegsqBVudiVwlSZj wWisCGXC8NQwMuBnoEkOR3scspTcXSW0pJHT2LB4D0kzjmZq0FXnPlLKUaQ2DhnPPrmE=; Received: from andrew by vps0.lunn.ch with local (Exim 4.89) (envelope-from ) id 1iDbDX-00065C-VN; Thu, 26 Sep 2019 23:22:27 +0200 Date: Thu, 26 Sep 2019 23:22:27 +0200 From: Andrew Lunn To: "Jason A. Donenfeld" Cc: Ard Biesheuvel , Catalin Marinas , Herbert Xu , Arnd Bergmann , Eric Biggers , Greg KH , Samuel Neves , Will Deacon , Linux Crypto Mailing List , Andy Lutomirski , Marc Zyngier , Dan Carpenter , Linus Torvalds , David Miller , linux-arm-kernel Subject: Re: [RFC PATCH 00/18] crypto: wireguard using the existing crypto API Message-ID: <20190926212227.GG20927@lunn.ch> References: <20190925161255.1871-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org > > So are you saying that the handshake timing constraints in the > > WireGuard protocol are so stringent that we can't run it securely on, > > e.g., an ARM CPU that lacks a NEON unit? Or given that you are not > > providing accelerated implementations of blake2s or Curve25519 for > > arm64, we can't run it securely on arm64 at all? > > Deployed at scale, the handshake must have a certain performance to > not be DoS'd. I've spent a long time benching these and attacking my > own code. I won't be comfortable with this going in without the fast > implementations for the handshake. As a networking guy, the relation between fast crypto for handshake and DoS is not obvious. Could you explain this a bit? It seems like a lot of people would like an OpenWRT box to be their VPN gateway. And most of them are small ARM or MIPs processors. Are you saying WireGuard will not be usable on such devices? Thanks Andrew