Age | Commit message (Collapse) | Author |
|
* Add Chacha20-Poly1305 authenticated encryption
* Add general AEAD approach.
* Add chacha20-poly1305@openssh.com algo using LibTomCrypt chacha and
poly1305 routines.
Chacha20-Poly1305 is generally faster than AES256 on CPU w/o dedicated
AES instructions, having the same key size.
Compiling in will add ~5,5kB to binary size on x86-64.
function old new delta
chacha_crypt - 1397 +1397
_poly1305_block - 608 +608
poly1305_done - 595 +595
dropbear_chachapoly_crypt - 457 +457
.rodata 26976 27392 +416
poly1305_process - 290 +290
poly1305_init - 221 +221
chacha_setup - 218 +218
encrypt_packet 1068 1270 +202
dropbear_chachapoly_getlength - 147 +147
decrypt_packet 756 897 +141
chacha_ivctr64 - 137 +137
read_packet 543 637 +94
dropbear_chachapoly_start - 94 +94
read_kex_algos 792 880 +88
chacha_keystream - 69 +69
dropbear_mode_chachapoly - 48 +48
sshciphers 280 320 +40
dropbear_mode_none 24 48 +24
dropbear_mode_ctr 24 48 +24
dropbear_mode_cbc 24 48 +24
dropbear_chachapoly_mac - 24 +24
dropbear_chachapoly - 24 +24
gen_new_keys 848 854 +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 5388/0) Total: 5388 bytes
* Add AES128-GCM and AES256-GCM authenticated encryption
* Add general AES-GCM mode.
* Add aes128-gcm@openssh.com and aes256-gcm@openssh.com algo using
LibTomCrypt gcm routines.
AES-GCM is combination of AES CTR mode and GHASH, slower than AES-CTR on
CPU w/o dedicated AES/GHASH instructions therefore disabled by default.
Compiling in will add ~6kB to binary size on x86-64.
function old new delta
gcm_process - 1060 +1060
.rodata 26976 27808 +832
gcm_gf_mult - 820 +820
gcm_add_aad - 660 +660
gcm_shift_table - 512 +512
gcm_done - 471 +471
gcm_add_iv - 384 +384
gcm_init - 347 +347
dropbear_gcm_crypt - 309 +309
encrypt_packet 1068 1270 +202
decrypt_packet 756 897 +141
gcm_reset - 118 +118
read_packet 543 637 +94
read_kex_algos 792 880 +88
sshciphers 280 360 +80
gcm_mult_h - 80 +80
dropbear_gcm_start - 62 +62
dropbear_mode_gcm - 48 +48
dropbear_mode_none 24 48 +24
dropbear_mode_ctr 24 48 +24
dropbear_mode_cbc 24 48 +24
dropbear_ghash - 24 +24
dropbear_gcm_getlength - 24 +24
gen_new_keys 848 854 +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 6434/0) Total: 6434 bytes
|
|
clean up after 7f15910541
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
|
|
|
|
|
|
|
|
|
--HG--
branch : fuzz
|
|
- fix some unused variables
--HG--
branch : fuzz
|
|
--HG--
branch : fuzz
|
|
|
|
|
|
--HG--
branch : fuzz
|
|
--HG--
branch : fuzz
|
|
--HG--
branch : fuzz
|
|
--HG--
branch : fuzz
|
|
|
|
|
|
|
|
|
|
|
|
|
|
--HG--
branch : nocircbuffer
|
|
--HG--
branch : nocircbuffer
|
|
--HG--
branch : fastopen
|
|
--HG--
branch : fastopen
|
|
--HG--
branch : fastopen
|
|
--HG--
branch : fastopen
|
|
--HG--
branch : fastopen
|
|
When corrupted packet is received negative length of packet is
displayed.
(re-apply of pull request #8)
|
|
|
|
|
|
|
|
|
|
|
|
system clock changes
|
|
While at it, fix a few indentations and typo.
|
|
be more precise about maximum channel sizes
|
|
--HG--
rename : random.c => dbrandom.c
rename : random.h => dbrandom.h
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
read by read_packet_init()
|
|
with the wrong encryption key ("bad packet length" symptom) while
key exchange was happening.
--HG--
extra : convert_revision : f7d27ec094c4aba2a4289c523c722fcb3c3f58ca
|
|
- Better handling of the case where compressing makes the data
larger (possibly only happens when memLevel is adjusted, but better
to be safe)
--HG--
extra : convert_revision : b31879a384d3bf8cbcbe2ed731d7d79d49799b1d
|
|
--HG--
extra : convert_revision : 997e53cec7a9efb7413ac6e17b6be60a5597bd2e
|
|
(from keepalives)
--HG--
extra : convert_revision : a46ca9204de0df58d8701df0d79b6b8ec601b9ce
|