Mercurial > dropbear
view debian/rules @ 1672:3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
* Add Chacha20-Poly1305 authenticated encryption
* Add general AEAD approach.
* Add [email protected] algo using LibTomCrypt chacha and
poly1305 routines.
Chacha20-Poly1305 is generally faster than AES256 on CPU w/o dedicated
AES instructions, having the same key size.
Compiling in will add ~5,5kB to binary size on x86-64.
function old new delta
chacha_crypt - 1397 +1397
_poly1305_block - 608 +608
poly1305_done - 595 +595
dropbear_chachapoly_crypt - 457 +457
.rodata 26976 27392 +416
poly1305_process - 290 +290
poly1305_init - 221 +221
chacha_setup - 218 +218
encrypt_packet 1068 1270 +202
dropbear_chachapoly_getlength - 147 +147
decrypt_packet 756 897 +141
chacha_ivctr64 - 137 +137
read_packet 543 637 +94
dropbear_chachapoly_start - 94 +94
read_kex_algos 792 880 +88
chacha_keystream - 69 +69
dropbear_mode_chachapoly - 48 +48
sshciphers 280 320 +40
dropbear_mode_none 24 48 +24
dropbear_mode_ctr 24 48 +24
dropbear_mode_cbc 24 48 +24
dropbear_chachapoly_mac - 24 +24
dropbear_chachapoly - 24 +24
gen_new_keys 848 854 +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 5388/0) Total: 5388 bytes
* Add AES128-GCM and AES256-GCM authenticated encryption
* Add general AES-GCM mode.
* Add [email protected] and [email protected] algo using
LibTomCrypt gcm routines.
AES-GCM is combination of AES CTR mode and GHASH, slower than AES-CTR on
CPU w/o dedicated AES/GHASH instructions therefore disabled by default.
Compiling in will add ~6kB to binary size on x86-64.
function old new delta
gcm_process - 1060 +1060
.rodata 26976 27808 +832
gcm_gf_mult - 820 +820
gcm_add_aad - 660 +660
gcm_shift_table - 512 +512
gcm_done - 471 +471
gcm_add_iv - 384 +384
gcm_init - 347 +347
dropbear_gcm_crypt - 309 +309
encrypt_packet 1068 1270 +202
decrypt_packet 756 897 +141
gcm_reset - 118 +118
read_packet 543 637 +94
read_kex_algos 792 880 +88
sshciphers 280 360 +80
gcm_mult_h - 80 +80
dropbear_gcm_start - 62 +62
dropbear_mode_gcm - 48 +48
dropbear_mode_none 24 48 +24
dropbear_mode_ctr 24 48 +24
dropbear_mode_cbc 24 48 +24
dropbear_ghash - 24 +24
dropbear_gcm_getlength - 24 +24
gen_new_keys 848 854 +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 6434/0) Total: 6434 bytes
| author | Vladislav Grishenko <themiron@users.noreply.github.com> |
|---|---|
| date | Mon, 25 May 2020 20:50:25 +0500 |
| parents | 7b68e581985f |
| children |
line wrap: on
line source
#!/usr/bin/make -f export DEB_BUILD_MAINT_OPTIONS = hardening=+all DPKG_EXPORT_BUILDFLAGS = 1 include /usr/share/dpkg/buildflags.mk #export DH_OPTIONS DEB_HOST_GNU_TYPE ?=$(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) DEB_BUILD_GNU_TYPE ?=$(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) STRIP =strip ifneq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) STRIP =: nostrip endif CONFFLAGS = CC =gcc ifneq (,$(findstring diet,$(DEB_BUILD_OPTIONS))) CONFFLAGS =--disable-zlib CC =diet -v -Os gcc -nostdinc endif DIR =$(shell pwd)/debian/dropbear patch: deb-checkdir patch-stamp patch-stamp: for i in `ls -1 debian/diff/*.diff || :`; do \ patch -p1 <$$i || exit 1; \ done touch patch-stamp config.status: patch-stamp configure CC='$(CC)' \ CFLAGS='$(CFLAGS)'' -DSFTPSERVER_PATH="\"/usr/lib/sftp-server\""' \ ./configure --host='$(DEB_HOST_GNU_TYPE)' \ --build='$(DEB_BUILD_GNU_TYPE)' --prefix=/usr \ --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info \ $(CONFFLAGS) build: deb-checkdir build-stamp build-stamp: config.status $(MAKE) CC='$(CC)' LD='$(CC)' touch build-stamp clean: deb-checkdir deb-checkuid test ! -r Makefile || $(MAKE) distclean rm -f libtomcrypt/Makefile libtommath/Makefile test ! -e patch-stamp || \ for i in `ls -1r debian/diff/*.diff || :`; do \ patch -p1 -R <$$i; \ done rm -f patch-stamp build-stamp config.log config.status rm -rf '$(DIR)' rm -f debian/files debian/substvars debian/copyright changelog install: deb-checkdir deb-checkuid build-stamp rm -rf '$(DIR)' install -d -m0755 '$(DIR)'/etc/dropbear # programs install -d -m0755 '$(DIR)'/usr/sbin install -m0755 dropbear '$(DIR)'/usr/sbin/dropbear install -d -m0755 '$(DIR)'/usr/bin install -m0755 dbclient '$(DIR)'/usr/bin/dbclient install -m0755 dropbearkey '$(DIR)'/usr/bin/dropbearkey install -d -m0755 '$(DIR)'/usr/lib/dropbear install -m0755 dropbearconvert \ '$(DIR)'/usr/lib/dropbear/dropbearconvert $(STRIP) -R .comment -R .note '$(DIR)'/usr/sbin/* \ '$(DIR)'/usr/bin/* '$(DIR)'/usr/lib/dropbear/* # init and run scripts install -d -m0755 '$(DIR)'/etc/init.d install -m0755 debian/dropbear.init '$(DIR)'/etc/init.d/dropbear install -m0755 debian/service/run '$(DIR)'/etc/dropbear/run install -d -m0755 '$(DIR)'/etc/dropbear/log install -m0755 debian/service/log '$(DIR)'/etc/dropbear/log/run ln -s /var/log/dropbear '$(DIR)'/etc/dropbear/log/main # man pages install -d -m0755 '$(DIR)'/usr/share/man/man8 install -d -m0755 '$(DIR)'/usr/share/man/man1 install -m644 dropbear.8 '$(DIR)'/usr/share/man/man8/ for i in dbclient.1 dropbearkey.1 dropbearconvert.1; do \ install -m644 $$i '$(DIR)'/usr/share/man/man1/ || exit 1; \ done gzip -9 '$(DIR)'/usr/share/man/man8/*.8 gzip -9 '$(DIR)'/usr/share/man/man1/*.1 # copyright, changelog cat debian/copyright.in LICENSE >debian/copyright test -r changelog || ln -s CHANGES changelog binary-indep: binary-arch: install dropbear.deb test '$(CC)' != 'gcc' || \ dpkg-shlibdeps '$(DIR)'/usr/sbin/* '$(DIR)'/usr/bin/* \ '$(DIR)'/usr/lib/dropbear/* dpkg-gencontrol -isp -pdropbear -P'$(DIR)' dpkg -b '$(DIR)' .. binary: binary-arch binary-indep .PHONY: patch build clean install binary-indep binary-arch binary include debian/implicit