Hello,
Chacha20-Poly1305 an AES-GCM are authenticated encryption ciphers, widely supported by multiple ssh servers and clients. · Chacha20-Poly1305 is faster than AES256 on CPU w/o dedicated AES instructions, having the same key size. · AES-GCM is combination of AES CTR mode and GHASH, slower than AES-CTR on CPU w/o dedicated AES/GHASH instructions. Since LibTomCrypt has no AES/GHASH acceleration support (AES-NI/ARM AES/etc), AES-GCM is disabled by default, Chacha20-Poly1305 gets the highest prio. Transferring 256Gb local file with scp on x86_64: 3des-cbc: 16.8MB/s aes128-cbc: 57.1MB/s aes256-cbc: 52.1MB/s aes128-ctr: 56.8MB/s aes256-ctr: 51.7MB/s aes128-...@openssh.com: 42.1MB/s aes256-...@openssh.com: 39.0MB/s chacha20-poly1...@openssh.com: 105.2MB/s As seen, Chacha20-Poly1305 is ~two times faster than aes-ctr, aes-gcm highly relies on ghash therefore slower (or maybe LibTomCrypt approach is not really optimal). So far, DROPBEAR_CHACHA20POLY1305 increases dropbear binary by ~5,5Kb on X86-64, DROPBEAR_ENABLE_GCM_MODE – by ~6kB, using LibTomCrypt routines. Related PR against current sources is here <https://github.com/mkj/dropbear/pull/93> https://github.com/mkj/dropbear/pull/93 Also, current sources does not allow CBC & CTR modes to be fully disabled, resulting in build errors. Independent PR against current sources is here <https://github.com/mkj/dropbear/pull/95> https://github.com/mkj/dropbear/pull/95 If both patches are applied, newly introduced sysoptions.h check needs to be enhanced with DROPBEAR_AEAD_MODE as well, I can’t make PR because it makes no sense unless both things are there. In text form it will be just: -#if !(DROPBEAR_ENABLE_CBC_MODE || DROPBEAR_ENABLE_CTR_MODE) +#if !(DROPBEAR_ENABLE_CBC_MODE || DROPBEAR_ENABLE_CTR_MODE || DROPBEAR_AEAD_MODE) Review and/or any suggestios will be highly appreciated. Thank you and Best Regards, Vladislav Grishenko
0001-Add-Chacha20-Poly1305-authenticated-encryption.patch
Description: Binary data
0002-Add-AES128-GCM-and-AES256-GCM-authenticated-encrypti.patch
Description: Binary data
0003-Fix-CBC-mode-can-t-be-fully-disabled.patch
Description: Binary data
0004-Fix-CBC-mode-can-t-be-the-only-mode.patch
Description: Binary data