summaryrefslogtreecommitdiffhomepage
path: root/packet.c
AgeCommit message (Collapse)Author
2020-05-25Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)Vladislav Grishenko
* Add Chacha20-Poly1305 authenticated encryption * Add general AEAD approach. * Add chacha20-poly1305@openssh.com algo using LibTomCrypt chacha and poly1305 routines. Chacha20-Poly1305 is generally faster than AES256 on CPU w/o dedicated AES instructions, having the same key size. Compiling in will add ~5,5kB to binary size on x86-64. function old new delta chacha_crypt - 1397 +1397 _poly1305_block - 608 +608 poly1305_done - 595 +595 dropbear_chachapoly_crypt - 457 +457 .rodata 26976 27392 +416 poly1305_process - 290 +290 poly1305_init - 221 +221 chacha_setup - 218 +218 encrypt_packet 1068 1270 +202 dropbear_chachapoly_getlength - 147 +147 decrypt_packet 756 897 +141 chacha_ivctr64 - 137 +137 read_packet 543 637 +94 dropbear_chachapoly_start - 94 +94 read_kex_algos 792 880 +88 chacha_keystream - 69 +69 dropbear_mode_chachapoly - 48 +48 sshciphers 280 320 +40 dropbear_mode_none 24 48 +24 dropbear_mode_ctr 24 48 +24 dropbear_mode_cbc 24 48 +24 dropbear_chachapoly_mac - 24 +24 dropbear_chachapoly - 24 +24 gen_new_keys 848 854 +6 ------------------------------------------------------------------------------ (add/remove: 14/0 grow/shrink: 10/0 up/down: 5388/0) Total: 5388 bytes * Add AES128-GCM and AES256-GCM authenticated encryption * Add general AES-GCM mode. * Add aes128-gcm@openssh.com and aes256-gcm@openssh.com algo using LibTomCrypt gcm routines. AES-GCM is combination of AES CTR mode and GHASH, slower than AES-CTR on CPU w/o dedicated AES/GHASH instructions therefore disabled by default. Compiling in will add ~6kB to binary size on x86-64. function old new delta gcm_process - 1060 +1060 .rodata 26976 27808 +832 gcm_gf_mult - 820 +820 gcm_add_aad - 660 +660 gcm_shift_table - 512 +512 gcm_done - 471 +471 gcm_add_iv - 384 +384 gcm_init - 347 +347 dropbear_gcm_crypt - 309 +309 encrypt_packet 1068 1270 +202 decrypt_packet 756 897 +141 gcm_reset - 118 +118 read_packet 543 637 +94 read_kex_algos 792 880 +88 sshciphers 280 360 +80 gcm_mult_h - 80 +80 dropbear_gcm_start - 62 +62 dropbear_mode_gcm - 48 +48 dropbear_mode_none 24 48 +24 dropbear_mode_ctr 24 48 +24 dropbear_mode_cbc 24 48 +24 dropbear_ghash - 24 +24 dropbear_gcm_getlength - 24 +24 gen_new_keys 848 854 +6 ------------------------------------------------------------------------------ (add/remove: 14/0 grow/shrink: 10/0 up/down: 6434/0) Total: 6434 bytes
2019-03-20packet: remove stale comment about "packet_type" (#63)Konstantin Demin
clean up after 7f15910541 Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2018-08-26Merge writev #include fixMatt Johnston
2018-08-23make writev #include consistent for variable declarations tooMatt Johnston
2018-03-06fix uninitialised memory in fuzzer codepathMatt Johnston
2018-03-04get rid of unused packet_type in encrypted write queueMatt Johnston
2018-02-28Fix to be able to compile normal(ish) binaries with --enable-fuzzMatt Johnston
--HG-- branch : fuzz
2018-02-28- #if not #ifdef for DROPBEAR_FUZZMatt Johnston
- fix some unused variables --HG-- branch : fuzz
2018-02-17merge from mainMatt Johnston
--HG-- branch : fuzz
2018-02-11Removed commented out codeMatt Johnston
2017-08-19Pointer parameter could be declared as pointing to constFrancois Perrad
2017-06-11fix checkmac always failing pre-kexMatt Johnston
--HG-- branch : fuzz
2017-05-20closer to workingMatt Johnston
--HG-- branch : fuzz
2017-05-13fuzz harnessMatt Johnston
--HG-- branch : fuzz
2017-05-12copy over some fuzzing code from AFL branchMatt Johnston
--HG-- branch : fuzz
2016-03-16fix empty C prototypesFrancois Perrad
2016-01-01more hard tabFrancois Perrad
2015-12-31refactor indentation with hard tabFrancois Perrad
2015-05-02Fix no-writev fallbackMatt Johnston
2015-03-20Make main socket nonblocking. Limit writequeue size.Matt Johnston
2015-03-20avoid malloc for iovecMatt Johnston
2015-03-01allocate buffer and data in a single allocationMatt Johnston
--HG-- branch : nocircbuffer
2015-03-01A bit of a bodge to avoid memcpy if zlib is disabledMatt Johnston
--HG-- branch : nocircbuffer
2015-02-20Move generic network routines to netio.cMatt Johnston
--HG-- branch : fastopen
2015-02-19In theory TFO should work. Needs platform cleanup and testingMatt Johnston
--HG-- branch : fastopen
2015-02-18generalise write iovec handlingMatt Johnston
--HG-- branch : fastopen
2015-02-18async connections workingMatt Johnston
--HG-- branch : fastopen
2015-02-18work in progress for async connectMatt Johnston
--HG-- branch : fastopen
2015-01-23 Integrity error (bad packet size %u) negative lengthFedor Brunner
When corrupted packet is received negative length of packet is displayed. (re-apply of pull request #8)
2014-08-06Test for EAGAIN tooMatt Johnston
2014-07-09Make -K keepalive behave like OpenSSH's ServerAliveIntervalMatt Johnston
2014-05-20Be more careful in case a platform doesn't define UIO_MAXIOV nor IOV_MAXMatt Johnston
2014-05-20Limit size of the iovect passed to writev in packet.cRonny Meeus
2014-05-20Print errno information in write_packetRonny Meeus
2014-03-13Add new monotonic_now() wrapper so that timeouts are unaffected byMatt Johnston
system clock changes
2014-03-13Use AUTH_TIMEOUT only before authdone != 1.Yousong Zhou
While at it, fix a few indentations and typo.
2014-02-22A few fixes for cases where compression increases payload sizes, andMatt Johnston
be more precise about maximum channel sizes
2013-11-14rename random.h to dbrandom.h since some OSes have a system random.hMatt Johnston
--HG-- rename : random.c => dbrandom.c rename : random.h => dbrandom.h
2013-11-14use oldstyle commentsMatt Johnston
2013-10-03Constant time memcmp for the hmac and password cryptMatt Johnston
2013-05-08Limit decompressed sizeMatt Johnston
2013-04-04Take transmit and receive keys into use separatelyMatt Johnston
2013-04-03Fix MAC bug which would prevent asymmetric hashesMatt Johnston
2013-04-01Move the more verbose TRACE() statements into TRACE2()Matt Johnston
2013-03-31Try using writev() for writing packets out to tcpMatt Johnston
2013-03-20Fix "-m none" case where an entire packet fits in a block and can beMatt Johnston
read by read_packet_init()
2011-06-07Fix case where "-K 1" would cause a SSH_MSG_IGNORE packet to be sentMatt Johnston
with the wrong encryption key ("bad packet length" symptom) while key exchange was happening. --HG-- extra : convert_revision : f7d27ec094c4aba2a4289c523c722fcb3c3f58ca
2011-02-28- Don't allow setting memLevel since that doesn't work properlyMatt Johnston
- Better handling of the case where compressing makes the data larger (possibly only happens when memLevel is adjusted, but better to be safe) --HG-- extra : convert_revision : b31879a384d3bf8cbcbe2ed731d7d79d49799b1d
2011-02-23Improve capitalisation for all logged stringsMatt Johnston
--HG-- extra : convert_revision : 997e53cec7a9efb7413ac6e17b6be60a5597bd2e
2011-02-23Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packetsMatt Johnston
(from keepalives) --HG-- extra : convert_revision : a46ca9204de0df58d8701df0d79b6b8ec601b9ce