[PATCH] Add Chacha20-Poly1305 and AES-GCM ciphers
Vladislav Grishenko
themiron.ru at gmail.com
Sat May 9 19:38:16 AWST 2020
Hello,
Previous patch adds regression: dbclient throws error "Sorry, I won't let you use password auth unencrypted." with Chacha20-Poly1305 negotiated despite the fact encryption is here.
Please refer fixed version attached, https://github.com/mkj/dropbear/pull/93 is also updated.
Best Regards, Vladislav Grishenko
From: Vladislav Grishenko <themiron.ru at gmail.com>
Sent: Sunday, April 26, 2020 5:49 AM
To: dropbear at ucc.asn.au
Cc: 'Matt Johnston' <matt at ucc.asn.au>
Subject: [PATCH] Add Chacha20-Poly1305 and AES-GCM ciphers
Hello,
Chacha20-Poly1305 an AES-GCM are authenticated encryption ciphers, widely supported by multiple ssh servers and clients.
· Chacha20-Poly1305 is faster than AES256 on CPU w/o dedicated AES instructions, having the same key size.
· AES-GCM is combination of AES CTR mode and GHASH, slower than AES-CTR on CPU w/o dedicated AES/GHASH instructions.
Since LibTomCrypt has no AES/GHASH acceleration support (AES-NI/ARM AES/etc), AES-GCM is disabled by default, Chacha20-Poly1305 gets the highest prio.
Transferring 256Gb local file with scp on x86_64:
3des-cbc: 16.8MB/s
aes128-cbc: 57.1MB/s
aes256-cbc: 52.1MB/s
aes128-ctr: 56.8MB/s
aes256-ctr: 51.7MB/s
aes128-gcm at openssh.com <mailto:aes128-gcm at openssh.com> : 42.1MB/s
aes256-gcm at openssh.com <mailto:aes256-gcm at openssh.com> : 39.0MB/s
chacha20-poly1305 at openssh.com <mailto:chacha20-poly1305 at openssh.com> : 105.2MB/s
As seen, Chacha20-Poly1305 is ~two times faster than aes-ctr, aes-gcm highly relies on ghash therefore slower (or maybe LibTomCrypt approach is not really optimal).
So far, DROPBEAR_CHACHA20POLY1305 increases dropbear binary by ~5,5Kb on X86-64, DROPBEAR_ENABLE_GCM_MODE – by ~6kB, using LibTomCrypt routines.
Related PR against current sources is here <https://github.com/mkj/dropbear/pull/93> https://github.com/mkj/dropbear/pull/93
Also, current sources does not allow CBC & CTR modes to be fully disabled, resulting in build errors.
Independent PR against current sources is here <https://github.com/mkj/dropbear/pull/95> https://github.com/mkj/dropbear/pull/95
If both patches are applied, newly introduced sysoptions.h check needs to be enhanced with DROPBEAR_AEAD_MODE as well, I can’t make PR because it makes no sense unless both things are there.
In text form it will be just:
-#if !(DROPBEAR_ENABLE_CBC_MODE || DROPBEAR_ENABLE_CTR_MODE)
+#if !(DROPBEAR_ENABLE_CBC_MODE || DROPBEAR_ENABLE_CTR_MODE || DROPBEAR_AEAD_MODE)
Review and/or any suggestios will be highly appreciated.
Thank you and
Best Regards, Vladislav Grishenko
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20200509/503bef9d/attachment-0001.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-Chacha20-Poly1305-authenticated-encryption.patch
Type: application/octet-stream
Size: 23776 bytes
Desc: not available
Url : https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20200509/503bef9d/attachment-0001.obj
More information about the Dropbear
mailing list