<div dir="ltr"><div><div><div><div><div><div>Hi Matt,<br><br></div>Thanks for the prompt response.<br><br></div>Yes, mp_exptmod() call in kexdh_comb_key() is taking around 60 seconds.<br><br></div>Adding "#define MP_LOW_MEM 1" to options.h then "make clean" and rebuild does not help the situation. I am not sure about data cache type. How to check it?<br><br></div>Please share your inputs on this.<br><br></div>Thanks<br></div>Pratik<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Sep 28, 2014 at 7:21 PM, Matt Johnston <span dir="ltr"><<a href="mailto:matt@ucc.asn.au" target="_blank">matt@ucc.asn.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Pratik,<br>
<br>
Yes, mp_exptmod() the problematic part. Without performing<br>
the "verify" SSH won't have any security against network<br>
attacks - certainly not advisable.<br>
<br>
There's also a mp_exptmod() call in kexdh_comb_key() which<br>
creates the session key - is that call slow too?<br>
<br>
Does adding "#define MP_LOW_MEM 1" to options.h then "make<br>
clean" and rebuild help the situation? Do you know what kind<br>
of data cache the device has?<br>
<br>
Cheers,<br>
Matt<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
On Fri, Sep 26, 2014 at 12:50:26PM +0530, pratik singh wrote:<br>
> Hi Matt,<br>
><br>
> Thanks for the reply.<br>
><br>
> Things are working fine when I commented function "buf_dss_verify".<br>
> Actually majoriy of the time taken was in mp_exptmod() routine with each<br>
> call takes around 25 secs and because of this only openssh server is<br>
> getting timeout.<br>
> As per your suggestion one of the solution is to merge tofastmath library<br>
> but just for one function merging whole library is a hectic work though.<br>
> Based on experiments i have couple of questions:<br>
> 1) dropbear ssh client is working by commenting out the function<br>
> "buf_dss_verify". Is it ok for me to take this as workaround and continue<br>
> or this can cause any serious problem further?<br>
> 2) Is there any other solution to improve the speed of calculations in<br>
> function "mp_exptmod()" only?<br>
><br>
> Appreciate your response.<br>
><br>
> Thanks<br>
> Pratik<br>
><br>
> On Wed, Sep 24, 2014 at 8:02 PM, Matt Johnston <<a href="mailto:matt@ucc.asn.au">matt@ucc.asn.au</a>> wrote:<br>
><br>
> > Hi Pratik,<br>
> ><br>
> > I'm assuming that it is the session timeout that's causing<br>
> > the disconnection. The log on the OpenSSH server should<br>
> > confirm that.<br>
> ><br>
> > I think the only real solution would be to improve the speed<br>
> > of libtommath on that device. Running a profiler to<br>
> > determine the slowest parts would be the first step. I don't<br>
> > know much about the device itself though it seems libtommath<br>
> > performs quite badly - OpenSSL is generally faster. Looking<br>
> > at the difference in its maths operations might help. It's<br>
> > non-trivial work though.<br>
> ><br>
> > Cheers,<br>
> > Matt<br>
> ><br>
> ><br>
> > On Wed, Sep 24, 2014 at 02:12:41PM +0530, pratik singh wrote:<br>
> > > Hi,<br>
> > ><br>
> > > I am using Dropbear 0.48 with uClinux-dist. Currently dropbear server is<br>
> > > working fine but while trying to run dbclient it throws write error. Some<br>
> > > of the traces are:<br>
> > ><br>
> > > TRACE: leave process_packet<br>
> > > TRACE: enter cli_sessionloop<br>
> > > TRACE: enter send_msg_service_request: servicename='ssh-userauth'<br>
> > > TRACE: enter encrypt_packet()<br>
> > > TRACE: encrypt_packet type is 5<br>
> > ><br>
> > > TRACE: enter writemac<br>
> > > TRACE: leave writemac<br>
> > > TRACE: enter enqueue<br>
> > > TRACE: leave enqueue<br>
> > > TRACE: leave encrypt_packet()<br>
> > > TRACE: leave send_msg_service_request<br>
> > > TRACE: leave cli_sessionloop: sent userauth service req<br>
> > > TRACE: enter write_packet<br>
> > ><br>
> > > TRACE: enter cli_tty_cleanup<br>
> > > TRACE: leave cli_tty_cleanup: not in raw mode<br>
> > > TRACE: enter session_cleanup<br>
> > > TRACE: enter chancleanup<br>
> > > TRACE: leave chancleanup<br>
> > > TRACE: leave session_cleanup<br>
> > > dbclient: connection to <a href="http://pratik@10.10.10.1:22" target="_blank">pratik@10.10.10.1:22</a> exited: error writing<br>
> > ><br>
> > --------------------------------------------------------------------------------------------------------------<br>
> > ><br>
> > > I have tried the following:<br>
> > > 1) Run dbclient with -K option but still getting the same write error<br>
> > > 2) Run dbclient with -y option but still getting the same write error<br>
> > ><br>
> > > On further debugging I have found that this write comes because server<br>
> > (in<br>
> > > this case Openssh) is getting timeout.<br>
> > ><br>
> > > I am running microblaze processor at about 60mhz with hardware<br>
> > > multiplier, divider enabled.<br>
> > ><br>
> > ><br>
> > > From the wireshark capture i have seen that server is sending "FIN"<br>
> > > packet. also server is sending the 2 ssh packets in one reply packet.<br>
> > > Do not know the reason of this behavior.<br>
> > ><br>
> > ><br>
> > > I am facing this problem for connection between dbclient <----> Openssh.<br>
> > ><br>
> > ><br>
> > > Please help as m stuck to this problem since very long. Appreciate your<br>
> > reply.<br>
> > ><br>
> > ><br>
> > > Attached the pcap file for your reference. apply<br>
> > "ip.addr==10.216.114.137"<br>
> > > filter in pcap file. IP address is client having dbclient and other is<br>
> > > server having openssh.<br>
> > ><br>
> > ><br>
> > > --<br>
> > > Thanks & Regards<br>
> > > Pratik Singh<br>
> ><br>
> ><br>
> ><br>
><br>
><br>
> --<br>
> Thanks & Regards<br>
> Pratik Singh<br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Thanks & Regards<br>Pratik Singh<br>
</div>