Mercurial > dropbear
annotate ecdsa.h @ 1672:3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
* Add Chacha20-Poly1305 authenticated encryption
* Add general AEAD approach.
* Add [email protected] algo using LibTomCrypt chacha and
poly1305 routines.
Chacha20-Poly1305 is generally faster than AES256 on CPU w/o dedicated
AES instructions, having the same key size.
Compiling in will add ~5,5kB to binary size on x86-64.
function old new delta
chacha_crypt - 1397 +1397
_poly1305_block - 608 +608
poly1305_done - 595 +595
dropbear_chachapoly_crypt - 457 +457
.rodata 26976 27392 +416
poly1305_process - 290 +290
poly1305_init - 221 +221
chacha_setup - 218 +218
encrypt_packet 1068 1270 +202
dropbear_chachapoly_getlength - 147 +147
decrypt_packet 756 897 +141
chacha_ivctr64 - 137 +137
read_packet 543 637 +94
dropbear_chachapoly_start - 94 +94
read_kex_algos 792 880 +88
chacha_keystream - 69 +69
dropbear_mode_chachapoly - 48 +48
sshciphers 280 320 +40
dropbear_mode_none 24 48 +24
dropbear_mode_ctr 24 48 +24
dropbear_mode_cbc 24 48 +24
dropbear_chachapoly_mac - 24 +24
dropbear_chachapoly - 24 +24
gen_new_keys 848 854 +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 5388/0) Total: 5388 bytes
* Add AES128-GCM and AES256-GCM authenticated encryption
* Add general AES-GCM mode.
* Add [email protected] and [email protected] algo using
LibTomCrypt gcm routines.
AES-GCM is combination of AES CTR mode and GHASH, slower than AES-CTR on
CPU w/o dedicated AES/GHASH instructions therefore disabled by default.
Compiling in will add ~6kB to binary size on x86-64.
function old new delta
gcm_process - 1060 +1060
.rodata 26976 27808 +832
gcm_gf_mult - 820 +820
gcm_add_aad - 660 +660
gcm_shift_table - 512 +512
gcm_done - 471 +471
gcm_add_iv - 384 +384
gcm_init - 347 +347
dropbear_gcm_crypt - 309 +309
encrypt_packet 1068 1270 +202
decrypt_packet 756 897 +141
gcm_reset - 118 +118
read_packet 543 637 +94
read_kex_algos 792 880 +88
sshciphers 280 360 +80
gcm_mult_h - 80 +80
dropbear_gcm_start - 62 +62
dropbear_mode_gcm - 48 +48
dropbear_mode_none 24 48 +24
dropbear_mode_ctr 24 48 +24
dropbear_mode_cbc 24 48 +24
dropbear_ghash - 24 +24
dropbear_gcm_getlength - 24 +24
gen_new_keys 848 854 +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 6434/0) Total: 6434 bytes
author | Vladislav Grishenko <themiron@users.noreply.github.com> |
---|---|
date | Mon, 25 May 2020 20:50:25 +0500 |
parents | 99ca393afc56 |
children |
rev | line source |
---|---|
1036
deed0571cacc
DROPBEAR_ prefix for include guards to avoid collisions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
857
diff
changeset
|
1 #ifndef DROPBEAR_ECDSA_H_ |
deed0571cacc
DROPBEAR_ prefix for include guards to avoid collisions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
857
diff
changeset
|
2 #define DROPBEAR_ECDSA_H_ |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
3 |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
4 #include "includes.h" |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
5 #include "buffer.h" |
795 | 6 #include "signkey.h" |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
7 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1036
diff
changeset
|
8 #if DROPBEAR_ECDSA |
797
45f1bc96f357
Fix build for dropbearkey and ecdsa with certain options
Matt Johnston <matt@ucc.asn.au>
parents:
795
diff
changeset
|
9 |
1543
016b86f03e21
Change default ecdsa size to 256
Matt Johnston <matt@ucc.asn.au>
parents:
1459
diff
changeset
|
10 /* prefer 256 or 384 since those are SHOULD for |
016b86f03e21
Change default ecdsa size to 256
Matt Johnston <matt@ucc.asn.au>
parents:
1459
diff
changeset
|
11 draft-ietf-curdle-ssh-kex-sha2.txt */ |
016b86f03e21
Change default ecdsa size to 256
Matt Johnston <matt@ucc.asn.au>
parents:
1459
diff
changeset
|
12 #if DROPBEAR_ECC_256 |
016b86f03e21
Change default ecdsa size to 256
Matt Johnston <matt@ucc.asn.au>
parents:
1459
diff
changeset
|
13 #define ECDSA_DEFAULT_SIZE 256 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1036
diff
changeset
|
14 #elif DROPBEAR_ECC_384 |
840
5128e525c8fa
Default to some larger key sizes
Matt Johnston <matt@ucc.asn.au>
parents:
797
diff
changeset
|
15 #define ECDSA_DEFAULT_SIZE 384 |
1543
016b86f03e21
Change default ecdsa size to 256
Matt Johnston <matt@ucc.asn.au>
parents:
1459
diff
changeset
|
16 #elif DROPBEAR_ECC_521 |
016b86f03e21
Change default ecdsa size to 256
Matt Johnston <matt@ucc.asn.au>
parents:
1459
diff
changeset
|
17 #define ECDSA_DEFAULT_SIZE 521 |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
18 #else |
1604
99ca393afc56
It turns out you can't have a single-quote in an #error
Matt Johnston <matt@ucc.asn.au>
parents:
1602
diff
changeset
|
19 #error ECDSA cannot be enabled without enabling at least one size (256, 384, 521) |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
20 #endif |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
21 |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
22 ecc_key *gen_ecdsa_priv_key(unsigned int bit_size); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
23 ecc_key *buf_get_ecdsa_pub_key(buffer* buf); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
24 ecc_key *buf_get_ecdsa_priv_key(buffer *buf); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
25 void buf_put_ecdsa_pub_key(buffer *buf, ecc_key *key); |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
26 void buf_put_ecdsa_priv_key(buffer *buf, ecc_key *key); |
1459
06d52bcb8094
Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents:
1295
diff
changeset
|
27 enum signkey_type ecdsa_signkey_type(const ecc_key * key); |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
28 |
1459
06d52bcb8094
Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents:
1295
diff
changeset
|
29 void buf_put_ecdsa_sign(buffer *buf, const ecc_key *key, const buffer *data_buf); |
06d52bcb8094
Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents:
1295
diff
changeset
|
30 int buf_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf); |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
845
diff
changeset
|
31 /* Returns 1 on success */ |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
845
diff
changeset
|
32 int signkey_is_ecdsa(enum signkey_type type); |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
766
diff
changeset
|
33 |
797
45f1bc96f357
Fix build for dropbearkey and ecdsa with certain options
Matt Johnston <matt@ucc.asn.au>
parents:
795
diff
changeset
|
34 #endif |
45f1bc96f357
Fix build for dropbearkey and ecdsa with certain options
Matt Johnston <matt@ucc.asn.au>
parents:
795
diff
changeset
|
35 |
1036
deed0571cacc
DROPBEAR_ prefix for include guards to avoid collisions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
857
diff
changeset
|
36 #endif /* DROPBEAR_ECDSA_H_ */ |