
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--

/* Font Definitions */

@font-face

        {font-family:Wingdings;

        panose-1:5 0 0 0 0 0 0 0 0 0;}

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:"Arial Narrow";

        panose-1:2 11 6 6 2 2 2 3 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0cm;

        margin-bottom:.0001pt;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;

        mso-fareast-language:EN-US;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:#0563C1;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:#954F72;

        text-decoration:underline;}

p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph

        {mso-style-priority:34;

        margin-top:0cm;

        margin-right:0cm;

        margin-bottom:0cm;

        margin-left:36.0pt;

        margin-bottom:.0001pt;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;

        mso-fareast-language:EN-US;}

p.msonormal0, li.msonormal0, div.msonormal0

        {mso-style-name:msonormal;

        mso-margin-top-alt:auto;

        margin-right:0cm;

        mso-margin-bottom-alt:auto;

        margin-left:0cm;

        font-size:12.0pt;

        font-family:"Times New Roman",serif;}

span.EmailStyle19

        {mso-style-type:personal;

        font-family:"Calibri",sans-serif;

        color:windowtext;}

span.EmailStyle20

        {mso-style-type:personal;

        font-family:"Calibri",sans-serif;

        color:#1F497D;}

span.EmailStyle21

        {mso-style-type:personal-reply;

        font-family:"Calibri",sans-serif;

        color:#1F497D;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-size:10.0pt;}

@page WordSection1

        {size:612.0pt 792.0pt;

        margin:2.0cm 42.5pt 2.0cm 3.0cm;}

div.WordSection1

        {page:WordSection1;}

/* List Definitions */

@list l0

        {mso-list-id:860900437;

        mso-list-type:hybrid;

        mso-list-template-ids:700076052 2086034914 68747267 68747269 68747265 68747267 68747269 68747265 68747267 68747269;}

@list l0:level1

        {mso-level-start-at:16;

        mso-level-number-format:bullet;

        mso-level-text:;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;

        font-family:Symbol;

        mso-fareast-font-family:Calibri;

        mso-bidi-font-family:"Times New Roman";}

@list l0:level2

        {mso-level-number-format:bullet;

        mso-level-text:o;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;

        font-family:"Courier New";}

@list l0:level3

        {mso-level-number-format:bullet;

        mso-level-text:;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;

        font-family:Wingdings;}

@list l0:level4

        {mso-level-number-format:bullet;

        mso-level-text:;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;

        font-family:Symbol;}

@list l0:level5

        {mso-level-number-format:bullet;

        mso-level-text:o;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;

        font-family:"Courier New";}

@list l0:level6

        {mso-level-number-format:bullet;

        mso-level-text:;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;

        font-family:Wingdings;}

@list l0:level7

        {mso-level-number-format:bullet;

        mso-level-text:;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;

        font-family:Symbol;}

@list l0:level8

        {mso-level-number-format:bullet;

        mso-level-text:o;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;

        font-family:"Courier New";}

@list l0:level9

        {mso-level-number-format:bullet;

        mso-level-text:;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;

        font-family:Wingdings;}

ol

        {margin-bottom:0cm;}

ul

        {margin-bottom:0cm;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]--></head><body lang=RU link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span lang=EN-US style='color:#1F497D'>Hello,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'>Previous patch adds regression: dbclient throws error &quot;Sorry, I won't let you use password auth unencrypted.&quot; with Chacha20-Poly1305 negotiated despite the fact encryption is here.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'>Please refer fixed version attached, <a href="https://github.com/mkj/dropbear/pull/93">https://github.com/mkj/dropbear/pull/93</a> is also updated.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p>&nbsp;</o:p></span></p><div><p class=MsoNormal><span lang=EN-US style='font-size:9.0pt;font-family:"Arial Narrow",sans-serif;color:#1F497D;mso-fareast-language:RU'>Best Regards, Vladislav Grishenko</span><span lang=EN-US style='font-size:9.0pt;color:#1F497D;mso-fareast-language:RU'><o:p></o:p></span></p></div><p class=MsoNormal><span style='color:#1F497D'><o:p>&nbsp;</o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span style='mso-fareast-language:RU'>From:</span></b><span style='mso-fareast-language:RU'> Vladislav Grishenko &lt;themiron.ru@gmail.com&gt; <br><b>Sent:</b> Sunday, April 26, 2020 5:49 AM<br><b>To:</b> dropbear@ucc.asn.au<br><b>Cc:</b> 'Matt Johnston' &lt;matt@ucc.asn.au&gt;<br><b>Subject:</b> [PATCH] Add Chacha20-Poly1305 and AES-GCM ciphers<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p>&nbsp;</o:p></p><p class=MsoNormal><span lang=EN-US>Hello,<o:p></o:p></span></p><p class=MsoNormal><o:p>&nbsp;</o:p></p><p class=MsoNormal><span lang=EN-US>Chacha20-Poly1305 an AES-GCM are authenticated encryption ciphers, widely supported by multiple ssh servers and clients.<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo2'><![if !supportLists]><span lang=EN-US style='font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span lang=EN-US>Chacha20-Poly1305 is faster than AES256 on CPU w/o dedicated AES instructions, having the same key size.<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo2'><![if !supportLists]><span lang=EN-US style='font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><![endif]><span lang=EN-US>AES-GCM is combination of AES CTR mode and GHASH, slower than AES-CTR on CPU w/o dedicated AES/GHASH instructions.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Since LibTomCrypt has no AES/GHASH acceleration support (AES-NI/ARM AES/etc), AES-GCM is disabled by default, Chacha20-Poly1305 gets the highest prio.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US>Transferring 256Gb local file with scp on x86_64:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>3des-cbc:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 16.8MB/s<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>aes128-cbc:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 57.1MB/s<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>aes256-cbc:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 52.1MB/s<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>aes128-ctr:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 56.8MB/s<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>aes256-ctr:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 51.7MB/s<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><a href="mailto:aes128-gcm@openssh.com">aes128-gcm@openssh.com</a>:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 42.1MB/s<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><a href="mailto:aes256-gcm@openssh.com">aes256-gcm@openssh.com</a>:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 39.0MB/s<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><a href="mailto:chacha20-poly1305@openssh.com">chacha20-poly1305@openssh.com</a>:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 105.2MB/s<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>As seen, Chacha20-Poly1305 is ~two times faster than aes-ctr, aes-gcm highly relies on ghash therefore slower (or maybe LibTomCrypt approach is not really optimal).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US>So far, DROPBEAR_CHACHA20POLY1305 increases dropbear binary by ~5,5Kb on X86-64, DROPBEAR_ENABLE_GCM_MODE – by ~6kB, using LibTomCrypt routines.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Related PR against current sources is here </span><a href="https://github.com/mkj/dropbear/pull/93"><span lang=EN-US style='color:windowtext'>https://github.com/mkj/dropbear/pull/93</span></a><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US>Also, current sources does not allow CBC &amp; CTR modes to be fully disabled, resulting in build errors.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Independent PR against current sources is here </span><a href="https://github.com/mkj/dropbear/pull/95"><span lang=EN-US style='color:windowtext'>https://github.com/mkj/dropbear/pull/95</span></a><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>If both patches are applied, newly introduced sysoptions.h check needs to be enhanced with DROPBEAR_AEAD_MODE as well, I can’t make PR because it makes no sense unless both things are there.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>In text form it will be just:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>-#if !(DROPBEAR_ENABLE_CBC_MODE || DROPBEAR_ENABLE_CTR_MODE)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>+#if !(DROPBEAR_ENABLE_CBC_MODE || DROPBEAR_ENABLE_CTR_MODE || DROPBEAR_AEAD_MODE)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US>Review and/or any suggestios will be highly appreciated.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:9.0pt;font-family:"Arial Narrow",sans-serif;mso-fareast-language:RU'>Thank you and<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US style='font-size:9.0pt;font-family:"Arial Narrow",sans-serif;mso-fareast-language:RU'>Best Regards, Vladislav Grishenko<span style='color:#1F497D'><o:p></o:p></span></span></p></div></body></html>