Mercurial > dropbear
view libtommath/bn_mp_rand.c @ 1672:3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
* Add Chacha20-Poly1305 authenticated encryption
* Add general AEAD approach.
* Add [email protected] algo using LibTomCrypt chacha and
poly1305 routines.
Chacha20-Poly1305 is generally faster than AES256 on CPU w/o dedicated
AES instructions, having the same key size.
Compiling in will add ~5,5kB to binary size on x86-64.
function old new delta
chacha_crypt - 1397 +1397
_poly1305_block - 608 +608
poly1305_done - 595 +595
dropbear_chachapoly_crypt - 457 +457
.rodata 26976 27392 +416
poly1305_process - 290 +290
poly1305_init - 221 +221
chacha_setup - 218 +218
encrypt_packet 1068 1270 +202
dropbear_chachapoly_getlength - 147 +147
decrypt_packet 756 897 +141
chacha_ivctr64 - 137 +137
read_packet 543 637 +94
dropbear_chachapoly_start - 94 +94
read_kex_algos 792 880 +88
chacha_keystream - 69 +69
dropbear_mode_chachapoly - 48 +48
sshciphers 280 320 +40
dropbear_mode_none 24 48 +24
dropbear_mode_ctr 24 48 +24
dropbear_mode_cbc 24 48 +24
dropbear_chachapoly_mac - 24 +24
dropbear_chachapoly - 24 +24
gen_new_keys 848 854 +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 5388/0) Total: 5388 bytes
* Add AES128-GCM and AES256-GCM authenticated encryption
* Add general AES-GCM mode.
* Add [email protected] and [email protected] algo using
LibTomCrypt gcm routines.
AES-GCM is combination of AES CTR mode and GHASH, slower than AES-CTR on
CPU w/o dedicated AES/GHASH instructions therefore disabled by default.
Compiling in will add ~6kB to binary size on x86-64.
function old new delta
gcm_process - 1060 +1060
.rodata 26976 27808 +832
gcm_gf_mult - 820 +820
gcm_add_aad - 660 +660
gcm_shift_table - 512 +512
gcm_done - 471 +471
gcm_add_iv - 384 +384
gcm_init - 347 +347
dropbear_gcm_crypt - 309 +309
encrypt_packet 1068 1270 +202
decrypt_packet 756 897 +141
gcm_reset - 118 +118
read_packet 543 637 +94
read_kex_algos 792 880 +88
sshciphers 280 360 +80
gcm_mult_h - 80 +80
dropbear_gcm_start - 62 +62
dropbear_mode_gcm - 48 +48
dropbear_mode_none 24 48 +24
dropbear_mode_ctr 24 48 +24
dropbear_mode_cbc 24 48 +24
dropbear_ghash - 24 +24
dropbear_gcm_getlength - 24 +24
gen_new_keys 848 854 +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 6434/0) Total: 6434 bytes
author | Vladislav Grishenko <themiron@users.noreply.github.com> |
---|---|
date | Mon, 25 May 2020 20:50:25 +0500 |
parents | f52919ffd3b1 |
children | 1051e4eea25a |
line wrap: on
line source
#include "tommath_private.h" #ifdef BN_MP_RAND_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision * integer arithmetic as well as number theoretic functionality. * * The library was designed directly after the MPI library by * Michael Fromberger but has been written from scratch with * additional optimizations in place. * * SPDX-License-Identifier: Unlicense */ /* First the OS-specific special cases * - *BSD * - Windows */ #if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || defined(__DragonFly__) #define MP_ARC4RANDOM #define MP_GEN_RANDOM_MAX 0xffffffffu #define MP_GEN_RANDOM_SHIFT 32 static int s_read_arc4random(mp_digit *p) { mp_digit d = 0, msk = 0; do { d <<= MP_GEN_RANDOM_SHIFT; d |= ((mp_digit) arc4random()); msk <<= MP_GEN_RANDOM_SHIFT; msk |= (MP_MASK & MP_GEN_RANDOM_MAX); } while ((MP_MASK & msk) != MP_MASK); *p = d; return MP_OKAY; } #endif #if defined(_WIN32) || defined(_WIN32_WCE) #define MP_WIN_CSP #ifndef _WIN32_WINNT #define _WIN32_WINNT 0x0400 #endif #ifdef _WIN32_WCE #define UNDER_CE #define ARM #endif #define WIN32_LEAN_AND_MEAN #include <windows.h> #include <wincrypt.h> static HCRYPTPROV hProv = 0; static void s_cleanup_win_csp(void) { CryptReleaseContext(hProv, 0); hProv = 0; } static int s_read_win_csp(mp_digit *p) { int ret = -1; if (hProv == 0) { if (!CryptAcquireContext(&hProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, (CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET)) && !CryptAcquireContext(&hProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET | CRYPT_NEWKEYSET)) { hProv = 0; return ret; } atexit(s_cleanup_win_csp); } if (CryptGenRandom(hProv, sizeof(*p), (void *)p) == TRUE) { ret = MP_OKAY; } return ret; } #endif /* WIN32 */ #if !defined(MP_WIN_CSP) && defined(__linux__) && defined(__GLIBC_PREREQ) #if __GLIBC_PREREQ(2, 25) #define MP_GETRANDOM #include <sys/random.h> #include <errno.h> static int s_read_getrandom(mp_digit *p) { int ret; do { ret = getrandom(p, sizeof(*p), 0); } while ((ret == -1) && (errno == EINTR)); if (ret == sizeof(*p)) return MP_OKAY; return -1; } #endif #endif /* We assume all platforms besides windows provide "/dev/urandom". * In case yours doesn't, define MP_NO_DEV_URANDOM at compile-time. */ #if !defined(MP_WIN_CSP) && !defined(MP_NO_DEV_URANDOM) #ifndef MP_DEV_URANDOM #define MP_DEV_URANDOM "/dev/urandom" #endif #include <fcntl.h> #include <errno.h> #include <unistd.h> static int s_read_dev_urandom(mp_digit *p) { ssize_t r; int fd; do { fd = open(MP_DEV_URANDOM, O_RDONLY); } while ((fd == -1) && (errno == EINTR)); if (fd == -1) return -1; do { r = read(fd, p, sizeof(*p)); } while ((r == -1) && (errno == EINTR)); close(fd); if (r != sizeof(*p)) return -1; return MP_OKAY; } #endif #if defined(MP_PRNG_ENABLE_LTM_RNG) unsigned long (*ltm_rng)(unsigned char *out, unsigned long outlen, void (*callback)(void)); void (*ltm_rng_callback)(void); static int s_read_ltm_rng(mp_digit *p) { unsigned long ret; if (ltm_rng == NULL) return -1; ret = ltm_rng((void *)p, sizeof(*p), ltm_rng_callback); if (ret != sizeof(*p)) return -1; return MP_OKAY; } #endif static int s_rand_digit(mp_digit *p) { int ret = -1; #if defined(MP_ARC4RANDOM) ret = s_read_arc4random(p); if (ret == MP_OKAY) return ret; #endif #if defined(MP_WIN_CSP) ret = s_read_win_csp(p); if (ret == MP_OKAY) return ret; #else #if defined(MP_GETRANDOM) ret = s_read_getrandom(p); if (ret == MP_OKAY) return ret; #endif #if defined(MP_DEV_URANDOM) ret = s_read_dev_urandom(p); if (ret == MP_OKAY) return ret; #endif #endif /* MP_WIN_CSP */ #if defined(MP_PRNG_ENABLE_LTM_RNG) ret = s_read_ltm_rng(p); if (ret == MP_OKAY) return ret; #endif return ret; } /* makes a pseudo-random int of a given size */ int mp_rand_digit(mp_digit *r) { int ret = s_rand_digit(r); *r &= MP_MASK; return ret; } int mp_rand(mp_int *a, int digits) { int res; mp_digit d; mp_zero(a); if (digits <= 0) { return MP_OKAY; } /* first place a random non-zero digit */ do { if (mp_rand_digit(&d) != MP_OKAY) { return MP_VAL; } } while (d == 0u); if ((res = mp_add_d(a, d, a)) != MP_OKAY) { return res; } while (--digits > 0) { if ((res = mp_lshd(a, 1)) != MP_OKAY) { return res; } if (mp_rand_digit(&d) != MP_OKAY) { return MP_VAL; } if ((res = mp_add_d(a, d, a)) != MP_OKAY) { return res; } } return MP_OKAY; } #endif /* ref: HEAD -> master, tag: v1.1.0 */ /* git commit: 08549ad6bc8b0cede0b357a9c341c5c6473a9c55 */ /* commit time: 2019-01-28 20:32:32 +0100 */