Mercurial > dropbear
comparison common-algo.c @ 1672:3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
* Add Chacha20-Poly1305 authenticated encryption
* Add general AEAD approach.
* Add [email protected] algo using LibTomCrypt chacha and
poly1305 routines.
Chacha20-Poly1305 is generally faster than AES256 on CPU w/o dedicated
AES instructions, having the same key size.
Compiling in will add ~5,5kB to binary size on x86-64.
function old new delta
chacha_crypt - 1397 +1397
_poly1305_block - 608 +608
poly1305_done - 595 +595
dropbear_chachapoly_crypt - 457 +457
.rodata 26976 27392 +416
poly1305_process - 290 +290
poly1305_init - 221 +221
chacha_setup - 218 +218
encrypt_packet 1068 1270 +202
dropbear_chachapoly_getlength - 147 +147
decrypt_packet 756 897 +141
chacha_ivctr64 - 137 +137
read_packet 543 637 +94
dropbear_chachapoly_start - 94 +94
read_kex_algos 792 880 +88
chacha_keystream - 69 +69
dropbear_mode_chachapoly - 48 +48
sshciphers 280 320 +40
dropbear_mode_none 24 48 +24
dropbear_mode_ctr 24 48 +24
dropbear_mode_cbc 24 48 +24
dropbear_chachapoly_mac - 24 +24
dropbear_chachapoly - 24 +24
gen_new_keys 848 854 +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 5388/0) Total: 5388 bytes
* Add AES128-GCM and AES256-GCM authenticated encryption
* Add general AES-GCM mode.
* Add [email protected] and [email protected] algo using
LibTomCrypt gcm routines.
AES-GCM is combination of AES CTR mode and GHASH, slower than AES-CTR on
CPU w/o dedicated AES/GHASH instructions therefore disabled by default.
Compiling in will add ~6kB to binary size on x86-64.
function old new delta
gcm_process - 1060 +1060
.rodata 26976 27808 +832
gcm_gf_mult - 820 +820
gcm_add_aad - 660 +660
gcm_shift_table - 512 +512
gcm_done - 471 +471
gcm_add_iv - 384 +384
gcm_init - 347 +347
dropbear_gcm_crypt - 309 +309
encrypt_packet 1068 1270 +202
decrypt_packet 756 897 +141
gcm_reset - 118 +118
read_packet 543 637 +94
read_kex_algos 792 880 +88
sshciphers 280 360 +80
gcm_mult_h - 80 +80
dropbear_gcm_start - 62 +62
dropbear_mode_gcm - 48 +48
dropbear_mode_none 24 48 +24
dropbear_mode_ctr 24 48 +24
dropbear_mode_cbc 24 48 +24
dropbear_ghash - 24 +24
dropbear_gcm_getlength - 24 +24
gen_new_keys 848 854 +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 6434/0) Total: 6434 bytes
| author | Vladislav Grishenko <themiron@users.noreply.github.com> |
|---|---|
| date | Mon, 25 May 2020 20:50:25 +0500 |
| parents | d32bcb5c557d |
| children | e0871128e61f |
comparison
equal
deleted
inserted
replaced
| 1671:5c8913b7464c | 1672:3a97f14c0235 |
|---|---|
| 28 #include "session.h" | 28 #include "session.h" |
| 29 #include "dbutil.h" | 29 #include "dbutil.h" |
| 30 #include "dh_groups.h" | 30 #include "dh_groups.h" |
| 31 #include "ltc_prng.h" | 31 #include "ltc_prng.h" |
| 32 #include "ecc.h" | 32 #include "ecc.h" |
| 33 #include "gcm.h" | |
| 34 #include "chachapoly.h" | |
| 33 | 35 |
| 34 /* This file (algo.c) organises the ciphers which can be used, and is used to | 36 /* This file (algo.c) organises the ciphers which can be used, and is used to |
| 35 * decide which ciphers/hashes/compression/signing to use during key exchange*/ | 37 * decide which ciphers/hashes/compression/signing to use during key exchange*/ |
| 36 | 38 |
| 37 static int void_cipher(const unsigned char* in, unsigned char* out, | 39 static int void_cipher(const unsigned char* in, unsigned char* out, |
| 84 | 86 |
| 85 /* A few void* s are required to silence warnings | 87 /* A few void* s are required to silence warnings |
| 86 * about the symmetric_CBC vs symmetric_CTR cipher_state pointer */ | 88 * about the symmetric_CBC vs symmetric_CTR cipher_state pointer */ |
| 87 #if DROPBEAR_ENABLE_CBC_MODE | 89 #if DROPBEAR_ENABLE_CBC_MODE |
| 88 const struct dropbear_cipher_mode dropbear_mode_cbc = | 90 const struct dropbear_cipher_mode dropbear_mode_cbc = |
| 89 {(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt}; | 91 {(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt, NULL, NULL, NULL}; |
| 90 #endif /* DROPBEAR_ENABLE_CBC_MODE */ | 92 #endif /* DROPBEAR_ENABLE_CBC_MODE */ |
| 91 | 93 |
| 92 const struct dropbear_cipher_mode dropbear_mode_none = | 94 const struct dropbear_cipher_mode dropbear_mode_none = |
| 93 {void_start, void_cipher, void_cipher}; | 95 {void_start, void_cipher, void_cipher, NULL, NULL, NULL}; |
| 94 | 96 |
| 95 #if DROPBEAR_ENABLE_CTR_MODE | 97 #if DROPBEAR_ENABLE_CTR_MODE |
| 96 /* a wrapper to make ctr_start and cbc_start look the same */ | 98 /* a wrapper to make ctr_start and cbc_start look the same */ |
| 97 static int dropbear_big_endian_ctr_start(int cipher, | 99 static int dropbear_big_endian_ctr_start(int cipher, |
| 98 const unsigned char *IV, | 100 const unsigned char *IV, |
| 99 const unsigned char *key, int keylen, | 101 const unsigned char *key, int keylen, |
| 100 int num_rounds, symmetric_CTR *ctr) { | 102 int num_rounds, symmetric_CTR *ctr) { |
| 101 return ctr_start(cipher, IV, key, keylen, num_rounds, CTR_COUNTER_BIG_ENDIAN, ctr); | 103 return ctr_start(cipher, IV, key, keylen, num_rounds, CTR_COUNTER_BIG_ENDIAN, ctr); |
| 102 } | 104 } |
| 103 const struct dropbear_cipher_mode dropbear_mode_ctr = | 105 const struct dropbear_cipher_mode dropbear_mode_ctr = |
| 104 {(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt}; | 106 {(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt, NULL, NULL, NULL}; |
| 105 #endif /* DROPBEAR_ENABLE_CTR_MODE */ | 107 #endif /* DROPBEAR_ENABLE_CTR_MODE */ |
| 106 | 108 |
| 107 /* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc. | 109 /* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc. |
| 108 {&hash_desc, keysize, hashsize} */ | 110 {&hash_desc, keysize, hashsize} */ |
| 109 | 111 |
| 135 /* The following map ssh names to internal values. | 137 /* The following map ssh names to internal values. |
| 136 * The ordering here is important for the client - the first mode | 138 * The ordering here is important for the client - the first mode |
| 137 * that is also supported by the server will get used. */ | 139 * that is also supported by the server will get used. */ |
| 138 | 140 |
| 139 algo_type sshciphers[] = { | 141 algo_type sshciphers[] = { |
| 142 #if DROPBEAR_CHACHA20POLY1305 | |
| 143 {"[email protected]", 0, &dropbear_chachapoly, 1, &dropbear_mode_chachapoly}, | |
| 144 #endif | |
| 145 | |
| 146 #if DROPBEAR_ENABLE_GCM_MODE | |
| 147 #if DROPBEAR_AES128 | |
| 148 {"[email protected]", 0, &dropbear_aes128, 1, &dropbear_mode_gcm}, | |
| 149 #endif | |
| 150 #if DROPBEAR_AES256 | |
| 151 {"[email protected]", 0, &dropbear_aes256, 1, &dropbear_mode_gcm}, | |
| 152 #endif | |
| 153 #endif /* DROPBEAR_ENABLE_GCM_MODE */ | |
| 154 | |
| 140 #if DROPBEAR_ENABLE_CTR_MODE | 155 #if DROPBEAR_ENABLE_CTR_MODE |
| 141 #if DROPBEAR_AES128 | 156 #if DROPBEAR_AES128 |
| 142 {"aes128-ctr", 0, &dropbear_aes128, 1, &dropbear_mode_ctr}, | 157 {"aes128-ctr", 0, &dropbear_aes128, 1, &dropbear_mode_ctr}, |
| 143 #endif | 158 #endif |
| 144 #if DROPBEAR_AES256 | 159 #if DROPBEAR_AES256 |